You might like
Long-awaited parallel (threaded) queries arrive in MSTICPy! 🏃♀️🏃♀️🏃♀️ Split big queries into separately executing chunks or across multiple workspaces and clusters.
MSTICPy 2.6.0 released - Parallel queries for multiple instances of MS Sentinel workspaces and Kusto clusters - Parallel split queries (large time-range queries divided by smaller time periods) - Velociraptor data provider for querying exported data sets github.com/microsoft/msti…
🚨Small update for TokenTacticsV2 ▫️Two new device platforms ▫️Linux, since it's now supported by Conditional Access ▫️OS/2, because it's not 😁 github.com/f-bader/TokenT…
Official confirmation from Microsoft that there is no supported way to rotate nor change DPAPI backup keys! Compromised keys? ➡️ Burn the domain and rebuild a new one 💥
MSTICPy 2.6.0 released - Parallel queries for multiple instances of MS Sentinel workspaces and Kusto clusters - Parallel split queries (large time-range queries divided by smaller time periods) - Velociraptor data provider for querying exported data sets github.com/microsoft/msti…
I know a lot of excellent people are looking for jobs right now. We have several openings at @redcanary, including my peer, Senior Director of Detection Engineering, and a Threat Hunter on a team I lead. I hope you'll consider applying or sharing. redcanary.com/job-openings/
Small update to roadtx, with thanks to @Flangvik for the idea: you can now do the interactive authentication with a "borrowed" ESTSAUTHPERSISTENT cookie from a browser, to get tokens or have an authenticated browser session.
New blog is out! OneDrive to Enum Them All trustedsec.com/blog/onedrive-… Major updates: • database storage • logging of previous runs • easily append digits or strings to usernames • stale job detection • skip tried usernames Special thanks to @DrAzureAD and @thetechr0mancer!
@DrAzureAD brings some valid points. MemberLevel user can read CA Policies. This has not always been understood, since the GUI and MS Graph requires roles for this, but not Azure AD Graph API. Also means, that if you have gaps in CA, those can be read by normal user
@Secureworks' latest Threat Analysis report "Tampering with Conditional Access Policies Using Azure AD Graph API" out now! 1️⃣ Regular users can read Conditional Access Policies (CAPs) 🤔 2️⃣ Administrators can modify CAPs without proper logging 😲 secureworks.com/research/tampe……
@Secureworks' latest Threat Analysis report "Tampering with Conditional Access Policies Using Azure AD Graph API" out now! 1️⃣ Regular users can read Conditional Access Policies (CAPs) 🤔 2️⃣ Administrators can modify CAPs without proper logging 😲 secureworks.com/research/tampe……
This Friday I'll be running an #AzureAD token workshop in @NorthSec_io conference, Montreal, Canada. Here are some teasers 😋 nsec.io/schedule-works…
🎉 @SantasaloJoosua, Principal Security Researcher @Secureworks , will be joining us next week (2nd May) to talk about "Detecting gaps in Azure and Azure AD Security". 🤖 He's a talented hacker & NodeJS dev wt a focus on Azure, Azure AD, and M365. RSVP - lnkd.in/et5YmHvM
Next version of #AADInternals will be published during the @BlackHatEvents #BHAsia on May 11th at #BHArsenal! Some teasers: ◾ Exploitation tooling for findings covered in our Briefings talk with @SravanAkkaram 😈 ◾ Totally re-written token handling 🤞 ◾ Automatic FOCI client…
Into Windows security / forensics? I just released a post I started writing 3 years ago: blog.christophetd.fr/dll-unlinking/
I've long been interested in how EDRs work under the hood and how we can apply a more evidence-based approach to evasion. I'm happy to announce that I've written a book covering these topics with @nostarch which is now available for preorder 🎉 nostarch.com/book-edr
This quarter @Secureworks had two researchers in the @msftsecresponse researcher leaderboard🔥 Congratulations to all other researchers who made it, great job everyone! My colleague @SantasaloJoosua have had a fantastic streak this year keeping us all safe - so proud of working…
New chapter of #AzureAD Attack & Defense Playbook: Are you looking for a way to track and verify your identity security posture? @samilamppu, @PitkarantaM and I have worked on a solution which includes also comparison to recommendations and #MITRE mapping. github.com/Cloud-Architek…
I'll deliver a workshop, "Tokens, everywhere!" at @NorthSec_io, Montreal 🇨🇦 in May! In this hands-on deep-dive, I'll cover #AzureAD #OAuth implementation, different token types, #FOCI, and various attack scenarios. Check out details and get tickets at nsec.io
Check out this new doc that lists all the 🍪 cookies involved in an Azure AD authentication. 😀 learn.microsoft.com/azure/active-d…
Our latest full-length episode is available! @olafhartong was kind enough to join us again after a few years and catch up - catch the episode wherever you consume podcasts, or at the YouTube link below! youtu.be/47pwrsMucSg
youtube.com
YouTube
Episode 29: Olaf Hartong
If you are a user of Microsoft Defender for Endpoint or are considering it you might find this series useful. A 🧵 The first edition covers the differences between #MDE and #Sysmon and telemetry acquisition 1 - Sysmon vs Microsoft Defender for Endpoint medium.com/falconforce/sy…
⚡️MSTICpy is a powerful python library for threat intelligence and threat investigation! I created a new security artwork for a brief overview. Learn more with @ianhellen & @PeteABryan at BlueHat for an in-depth look. 🤓@msticpy #ThreatIntel #infosec #python @MsftSecIntel
United States Trends
- 1. Sesko 42K posts
- 2. Ugarte 14.7K posts
- 3. Richarlison 19.9K posts
- 4. Amorim 65.6K posts
- 5. Good Saturday 31.4K posts
- 6. De Ligt 23.9K posts
- 7. #SaturdayVibes 4,399 posts
- 8. Gameday 31.5K posts
- 9. Cunha 25.3K posts
- 10. #Caturday 4,495 posts
- 11. Casemiro 22.1K posts
- 12. Tottenham 78.5K posts
- 13. #TOTMUN 16.9K posts
- 14. Vicario 1,950 posts
- 15. #MUFC 24.1K posts
- 16. Lando 40.6K posts
- 17. Dalot 12.3K posts
- 18. Manchester United 85.3K posts
- 19. Man United 36.8K posts
- 20. #BrazilGP 69.1K posts
You might like
-
Dr. Nestori Syynimaa
@DrAzureAD -
Olaf Hartong
@olafhartong -
Kinnaird McQuade 💻☁️💥
@kmcquade3 -
Wietze
@Wietze -
Ryan
@Haus3c -
Jonny Johnson
@JonnyJohnson_ -
Bert-Jan 🛡️
@BertJanCyber -
clem
@clavoillotte -
Emilien Socchi
@emiliensocchi -
Fabian Bader
@fabian_bader -
Karl
@kfosaaen -
Cody Burkard
@CodyBurkard -
Andrew Oliveau
@AndrewOliveau -
Mauricio Velazco
@mvelazco -
DANΞ
@cryps1s
Something went wrong.
Something went wrong.