#HuntingTipOfTheDay InstallUtil is a popular living-off-the-land binary for running payloads (🙏 @subtee). Have a hunt for unusual parent processes and low prevalence /u param locations. 📎 https://t.co/YqlWKXqK7N 👉 https://t.co/6QBan4Admh 🙏 by @fullmetalcache (@BHinfoSecurity)

There are still some seats open for this training. Come join me in a couple weeks for some cloud hacking. This is a fully remote 4 day (16 hours total) class for $395. Also, each day is recorded so you can view it at your leisure.

The Ghidra Book is now available in Early Access! Get eight chapters now when you pre-order from https://t.co/kWVSHRa0gB. Sign up for our newsletter to get a special discount on this and future pre-orders! https://t.co/m8v1d578vC

Happy to introduce everyone to our Initial Access Operations course! We’re looking at different ways bad guys try to break into networks and the phishing malware they develop. It’s a hands on class, be ready to code! Come join us at @BSidesCHS!

Increase your chances of a successful C2 channel by relaying your traffic through CloudFront. No need for a categorized domain, some companies whitelist it, looks like CDN traffic, and hides the origin of your C2 server! @BHinfoSecurity

Notice to vendors: Next week if your sales dweebs tell me you use deep learning, AI, or machine learning at #RSAC but won't explain how, I'm live tweeting all the fail with hashtag #VendorWordVomit. Naming and shaming. You've been warned.

Fixed an issue with the Password Filter deployment in CredDefense so it /should/ be good now if you run CredDefense.exe that's in the "Builds" folder. Next up is cleaning up the whole build process. https://t.co/GUv1BaYh1G. @BHinfoSecurity

Added quick fix so that PowerLine can now be built on Win10 w/o .NET 2.0/3.5. Now it /should/ build on any Win7 or Win10 system. https://t.co/x1y6TYoMr2 @BHinfoSecurity

Our next webcast will be covering many of the lesser known, but amazing, tools we use all the time at BHIS. Yea, they are all free tools. Because freedom is awesome. December 11th, 1ET. https://t.co/LhFufRV5Zk

If you aren't looking for Lync servers, you should be! All of the benefits of attacking OWA portals (user enum, password spray, domain info,etc.). There's a good chance one is present and an even better chance that it's been forgotten. Check out this post: https://t.co/gjWUKLkn2V

Straight from the office of @fullmetalcache we have "PowerShell w/o PowerShell Simplified" on the #BHISblog today: https://t.co/j3x2BN2vxR

Having trouble remotely running commands as another user? Check out this simple tool I put together. https://t.co/o65Hy5EyrZ @BHinfoSecurity

Finally pushed a change for CredDefense. It should hopefully fix the issue where DCs wouldn't show up in the Password Filter module but would show in the Password Audit module. @BHinfoSecurity #creddefense

An entire book on PCB reverse engineering! Includes work by @joegrand, @johndmcmaster, and Sergei Skorobogatov among others :) https://t.co/mSgOWuGAtC

Verifying myself: I am fullmetalcache on Keybase.io. tnCkS7s-SwGliVv3mh7Sar3tF8Vu6BLNjMx4 /

Anyone understand how push to start car key spoofing works? Surprised I didn’t see it demonstrated at @defcon 🤖🧐

ordered edible arrangement for wife. scammers called store and scammed order info. scammers then used order info to call me to try for cc info. nice try...

Thanks to @0xderuke , @dafthack and @fullmetalcache and @BHinfoSecurity for Cred Defense toolkit. Works great with big cracked lists.

Brian & Rick did an amazing job on the hardware hacking labs @WWHackinFest I dumped firmware and found hard coded passwords! #WWHackinFest

Extra thanks to @fullmetalcache and @strandjs and family for the extras that really made the trip special