Jean-Pierre GARNIER
@codeyourweb
Adversary Hunter && Threat Researcher - ♥infosec, code and mojitos - Opinions are mine
You might like
#Fastfinder v2.0.0 just released! cross-platform #DFIR #IOC / #YARA file finder. Now with triage mode, logger, enhanced UI and linux/windows builder to deploy this awesome scanner on every host (even with ciphered rules and config file) github.com/codeyourweb/fa…
New blog post: Tear Down The Castle - Part 2 dfir.ch/posts/tear_dow… I analyzed 250 PingCastle Reports, grouping the findings along the categories I used for my 10 AD Commandments series. The number of affected domains is stated within each finding, i.e., in how many domains we…
Many missed this on #BadSuccessor: it’s also a credential dumper. I wrote a simple PowerShell script that uses Rubeus to dump Kerberos keys and NTLM hashes for every principal-krbtgt, users, machines. no DCSync required, no code execution on DC.
And here's a little project to monitor network traffic and logging directly over endpoints interfaces. First proof-of-concept with local pcap and HTTP API forwarder (fully tested on #SEKOIA plaftform). github.com/codeyourweb/lp… #soc #cybersecurity #networksecurity
Microsoft has released its own document parser for LLM use! . . Introducing MarkItDown, a 100% open-source, one-stop solution for effortlessly converting any file to Markdown—perfect for text analysis, indexing, and more! Here’s what makes it special: ↳ Converts PDF, Word,…
Reviews are MOSTLY NEGATIVE - Gray Zone Warfare vid is up on yt #GZW #GrayZoneWarfare
![codeyourweb's tweet card. Commandement de la Cyberdéfense (COMCYBER) recrute un(e) Developpeur d’applications spécifiques CYBER-LID [Statut militaire] H/F à Rennes !](https://pbs.twimg.com/card_img/1999223683873923072/Clhy0Btt?format=jpg&name=orig)
Kudos to @DragosInc for sharing details of a recent event. The adversary compromised a new employee's personal email address and impersonated them to get access. How would you protect against that?
It's time to destigmatize security events. Yes it happens at security companies and here's why we need to talk about it. #cybersecurity #icscybersecurity #otcybersecurity #industrialcybersecurity #criticalinfrastructureprotection hubs.la/Q01Pj-S60
I remember a time when people here in Europe still had issues storing their corporate emails on US mail servers - nowadays you store the master keys to your company on their servers 🎵 … for the times they are a-changin'
Did you know that Microsoft recommends creating your Global Admin accounts in the cloud to protect Microsoft 365 from on-premises attacks? See aka.ms/protectm365 for all the details.
[Android] Une trentaine de "Privacy Friendly Apps" proposées par @SECUSOResearch qui : - are Open Source (GPLv3) and their source code can be viewed an Github by anybody - used minimal permissions - do not neither tracking mechanisms nor advertisement secuso.aifb.kit.edu/english/105.php
![framaka's tweet image. [Android] Une trentaine de "Privacy Friendly Apps" proposées par @SECUSOResearch qui :
- are Open Source (GPLv3) and their source code can be viewed an Github by anybody
- used minimal permissions
- do not neither tracking mechanisms nor advertisement
secuso.aifb.kit.edu/english/105.php](https://pbs.twimg.com/media/FRm-Q6qXEAksAF4.jpg)
Unable to extract credentials via DPAPI or Mimikatz? Don't worry. Microsoft got your back. Just use 'rundll32 keymgr.dll, KRShowKeyMgr' to extract all the stored passwords on the host, be it a target server, FTP or chrome's HTTP creds, microsoft has you covered. #redteam
Possibly #Lazarus related #maldoc: "LMCO_Senior Systems Engineer_BR09.doc" virustotal.com/gui/file/8e2fb… CnCs: https://monitorr.jamdown[.]co[.]nz/assets/data/css/custom.php http://13.88.245[.]250/admin/install/custom.php http://mantis.binarysemantics[.]com/extra/map/map.php
GitHub - claroty/arya: Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA. github.com/claroty/arya
New: North Korea has taken a page out of China's cyber playbook to reorganize and consolidate its threat groups within the government - making them “extremely mobile now that they’ve consolidated.” Here's a first look at their new org structure 👇 mandiant.com/resources/mapp…
The 2022 Threat Detection Report is out! Join us in counting down the most prevalent threats we encountered in our customers' environments last year. We'll reveal a new threat every hour in this thread (Or just download the report & see them all now) redcanary.com/resources/guid…
#Lazarus #APT #maldoc: JD.docx 854903e0b284ef78322082de46dcd160 Remote template: https://pvacek[.]cz/wp-content/plugins/akismet/control/en/en.jpg
![h2jazi's tweet image. #Lazarus #APT #maldoc:
JD.docx
854903e0b284ef78322082de46dcd160
Remote template:
https://pvacek[.]cz/wp-content/plugins/akismet/control/en/en.jpg](https://pbs.twimg.com/media/FOZC8PwXIAEIrBN.jpg)
Our statement in regard to the warning of German Federal Office for Information Security (BSI) Unser Statement zur Warnung des Bundesministeriums für Sicherheit in der Informationstechnik (BSI)
[détournement d'IA] Pour le choix de la photo d'avatar, il suffit d'aller sur ce genre de sites : this-person-does-not-exist.com/fr
![framaka's tweet image. [détournement d'IA] Pour le choix de la photo d'avatar, il suffit d'aller sur ce genre de sites :
this-person-does-not-exist.com/fr](https://pbs.twimg.com/media/FOEf3UUWYAU3Veo.png)
United States Trends
- 1. The Plasma 32.2K posts
- 2. #FanCashDropPromotion 1,281 posts
- 3. FINALLY DID IT 510K posts
- 4. #TSTheEndOfAnEra 3,895 posts
- 5. Good Friday 61.6K posts
- 6. The WET 99.7K posts
- 7. Jarry 1,829 posts
- 8. The HYPE 304K posts
- 9. Smear the Queer 2,358 posts
- 10. #FridayVibes 4,719 posts
- 11. Our Lady of Guadalupe 15.3K posts
- 12. #FursuitFriday 12.7K posts
- 13. #FridayMotivation 4,689 posts
- 14. Lanterns 11.9K posts
- 15. Skinner 3,286 posts
- 16. Pooh 17.2K posts
- 17. Happy Friyay 1,333 posts
- 18. Tina Peters 99.9K posts
- 19. DJ Premier 3,077 posts
- 20. Bijan 10.2K posts
You might like
-
[email protected] / EDRmetry / PurpleLabs
@cr0nym -
The Banshee Queen👑
@cyberoverdrive -
French
@notareverser -
Nicko
@Disrupt_Degrade -
Antonio Pirozzi
@_antoniopirozzi -
Keith KorbenD Wingo
@KorbenD_Intel -
Jared Wilson
@JWilsonSecurity -
Kyle Eaton
@0xkyle -
Brian Kime
@BrianPKime -
bc1qwr30ddc04zqp878c0evdrqfx564mmf0dy2w39l
@idontkn85445458 -
Aragorn Tseng
@Aragorntseng -
karttoon
@noottrak -
Andreas Klopsch
@hackingump1 -
Boik
@boik_su -
𝕯𝖍𝖆𝖎𝖜𝖆𝖙 ✪
@0xDha
Something went wrong.
Something went wrong.