John Jiang
@SecurityThunder
Followers
66
Following
39
Media
1
Statuses
19
Researcher/UCCU Hacker Co-founder/HackerPeanutJohn
Taiwan
Joined October 2017
I just started a new blog, and this is my first post. I took a bit of PTO, so this is a little record of some fun I had playing around with Intune during that time. It's about enrollment restriction bypass😄 https://t.co/o9CcXHN4b8
temp43487580.github.io
Ways of device ownership spoofing and more for persistent access to Intune
15
68
244
#TROOPERS25 AD & Entra ID Security track resources, on the @ERNW_ITSec blog @Insinuator Featuring @Jonas_B_K @martinhaller_IT @TEMP43487580 @JsQForKnowledge @fabian_bader @_dirkjan @ShitSecure @DrAzureAD @kazma_tw @subat0mik @unsigned_sh0rt @ericonidentity
https://t.co/dmbl9iZSPj
1
34
87
Just wrapped up our talk at DEF CON 33 ! Wandering around after my talk, and people are still coming up to recommend listening to our research! It's the greatest affirmation for a researcher. #DEFCON
0
0
1
Our talks in DEF CON! Saturday at 11:30 in LVCC - L1 - Exhibit Hall West 3 - Track 4
0
0
2
First international talk — at @WEareTROOPERS ! Saw views from my history textbook, and met legends I used to only see on the internet.🫡 Big thanks to my best research partner, my mentor @SecurityThunder , and everyone who showed up to hype me up 🔥
0
1
4
Today at #Troopers24 we released Certiception – the ADCS honeypot we always wanted to have. Blog: https://t.co/2NCzLTtItc Source code: https://t.co/WLSMq2Bl8m Slide deck, including our guide to deception strategy:
github.com
An ADCS honeypot to catch attackers in your internal network. - srlabs/Certiception
2
163
401
I am honored that our submission was accepted for TROOPERS. Looking forward to Heidelberg next month!
We just published an almost complete list of talks that have been accepted for #TROOPERS24. Thanks to all of you who participated in the CFP! So many excellent submissions. We really had a hard time to decide which will fit best for this year! https://t.co/QBb2cx6hdq
0
3
12
1
118
426
I'll be presenting at #HITB2023HKT, discussing how we leverage LLM as active directory security assistant.
#HITB2023HKT GPTHound – Your Active Directory Security Assistant - John Jiang -
0
5
5
See you at Blue Team Summit!
👏@SANSDefense #BlueTeamSummit 2022 is almost here! Learn how to accurately diagnose #PrivilegeEscalation through your #ActiveDirectory with CyCraft cybersecurity researchers John Jiang and Gary Sun. 🚨Join us LIVE Online for free: https://t.co/V8EWOCPdNX
1
2
11
We observed an attacker #VPN directly into an internal network to bypass preventive security & then create a digital skeleton key to gain admin access across the entire network. Is your #remotework force secure? Read our full analysis >>
0
2
6
[Blog] Lateral Movement Using Outlook’s CreateObject Method and DotNetToJScript
7
373
508
This is exactly why recovery from APT is difficult: they have multiple vantage points to get inside your network once they're in, lateral mouvement is deadly https://t.co/7v51fgSFkP by @FrodeHommedal
3
100
168