EDR-Redir can successfully run with ESET. I will soon upgrade it to V2 with the ability to "redir" more types of EDRs. 💪 GitHub: TwoSevenOneT/EDR-Redir #antimalware #CyberSecurity

This tool is going to improve my AD workflow! https://t.co/UYyUtcGgjn

Hundreds of leaked EDR credentials are circulating. Because EDRs have deep device access, this is like handing over your C2. This issue doesn’t stem from vulnerabilities in the EDR products themselves, but rather from end users who inadvertently download and execute malware.

🇰🇵 Meet "Mateo" and "Alfredo", two young #Lazarus agents who thought it was a good idea to steal someone else's ID and resume to try to get a job with us. 🪶 We recorded them and found interesting data on how they operate. ⬇️ Read our article on the #QuetzalTeam Blog below!

New Blog 👀 This blog discusses the topic of cybercrime counterintelligence to highlight the growing threat toward the cyber threat intelligence (CTI) and law enforcement (LE) communities ⚠️ 🔗 https://t.co/e7XVviZHMm

Part two and three of the leaked Charming Kitten(APT35) files reveal operations across five continents https://t.co/JvlEbmoXS9

1/ My latest for The Diplomat: A China-based hack penetrated deep into S. Korea's government backbone. White hat hackers accidentally discovered it and exposed the breach. But was it really North Korea?

Hunting Conti’s Shadow How I found what the FBI, the NSA and an army of researchers couldn't Imagine you’re hunting the most disciplined cybercriminal group in the world — Conti. These guys wrote the textbooks on OPSEC. Impeccable digital hygiene. In 2022, all their internal

My DEFCON talk about cryptomoney laundering techniques is out! At minute 20:30, I demonstrate how I use an AI agent to assist my investigation in money tracking and laundering pattern identification. Then I discuss the limits and possibilities 🤓 https://t.co/oSSOvPi2xB

From my talk at @WWHackinFest, presenting ClickForClickOnce: An easy-to-deploy web based application that allows you to create customisable ClickOnce applications which can run shellcode, drop files or run OS commands Repo: https://t.co/tcAJvneHgz Slides: https://t.co/F0vxFSVsEW

‼️ Iranian nation-state APT CharmingKitten exposed on GitHub. Exposure includes: - Official APT internal network documents - Employee photos - Attack reports - Translation documents - Internal chat files

New blog post and call for collaboration and sharing around "Using NetBIOS names for pivoting and threat clustering" I'm already tracking more than 40 clusters and growing... https://t.co/V7fhoabgAP

You got access to vsphere and want to compromise the Windows hosts running on that ESX? 💡 1) Create a clone into a new template of the target VM 2) Download the VMDK file of the template from the storage 3) Parse it with Volumiser, extract SAM/SYSTEM/SECURITY (1/3)

Happy to release SAMLSmith together with @ericonidentity - Generate forged SAML responses - Simulate Silver SAML & Golden SAML attacks - Extract usable certificate files from AD FS encrypted materials. The tool is written in C# Check it out here - https://t.co/ZI7h4HhvPK

For those of you at home, here's your reminder that the conference is being live streamed! ;) Track 1: https://t.co/6s0Az6dDdV Track 2: https://t.co/izc7donS7r

Interesting tool if you are looking for a complement to strings, stringsifter and floss. StrangerStrings uses a trigram-based scoring model to calculate probabilities of character sequences. 👇 https://t.co/62WH2iOzSD

🤓 I just published my @AusCERT talk titled “Generative AI Breaches: Threats, Investigations, and Response.” In this presentation, I explain how to protect and investigate AI breaches. Small thread 🧵👇

My first @SpecterOps blog! Ever wanted to collect Active Directory information from LDAP for a Red Team? Using LDAP's more OPSEC-considerate cousin: ADWS can be used to improve upon the already present advantages of using smaller-scaling LDAP queries. https://t.co/6SFxGDpQkL

Dumping the NTDS.dit from disk - A new NetExec module💾 Isn't it super annoying when AV blocks your access to the SAM/SYSTEM hives? The new "ntds_dump_raw" module made by @0xcc00 parses the disk image directly, allowing you to extract the NTDS.dit or SAM database🚀

Interesting hands-on-keyboard case today @HuntressLabs -> Suspected VPN initial access -> TA used this to RDP to DC & RDS -> TA created a hidden accounts for persistence -> TA attempted to clear logs for defence evasion -> Huntress evicted TA 😎