I’ve spoken in front of large groups, small groups, technical groups, and executives. I’ve spoken all over the world. But I’m about to have my biggest test. I’m reading Fox in Socks to twenty 4-6 year olds. I’m nervous for the first time in years.
#TweetleBeetleBattleBeginsNow
Ok folks, you have failed me for not telling me I can move a process to a screen session
1. Suspend: Ctrl+z
2. Resume: bg
3. Disown: disown %1
4. Launch screen
5. Find pid: prep BLAH
6. Reparent process: reptyr ###
My team at Red Siege has written, instructed and developed some awesome training over the last year with zero involvement from me. Unfortunately, even though they don't work for SANS and I have had zero input or part in their courses, SANS has told me that unless they stop
Microsoft will no longer require users to enter a password to access their accounts. Instead, they'll have to use an app, a verification code or facial recognition. Check it out ⬇️
Some dude is all panties in a bundle because I didn’t use “basic OPSEC principles” during a presentation and revealed my city.
Look, if you can’t figure out the street address of the only Tim Medin on the planet, you need another gig.
> Our vendor risk management has decided you are high risk because you don't have an IPS on your network or a physical security program!
Homeboy, we work from home. There is no office. There is no network infrastructure. None of this makes sense.
> But we have these
🐚 Did you know? Posix shell input/output redirection doesn't need to be at the end of the command. You can put it at the start or in the middle of the command too:
$ echo >file hello world
✨
This CrowdStrike outage is a thing of nightmares. Imagine having to have to walk to each of the downed systems and manually fix it. Even worse with FDE.
I have flashbacks of Nimda and the reboot loop, but this is worse.
I once set my wifi password to “uppercase with no spaces”.
I thought it would be funny to tell people, “the password is ‘uppercase with no spaces’ but in lowercase and with spaces.”
It was funny for about 10 seconds.
If you hate the term “purple team” or “fusion team” remember why they exist. They exist because the offensive people have been crap communicators. They exist because red has shamed or humiliated blue.
Red only exists to improve blue. Anything else is a waste of time & money.
What a brilliant idea!
Phishious provides the ability to see how various Secure Email Gateway technologies behave when presented with phishing material.
Looking at individuals' .bash_history and usage of “rm” has taught me things about the users.
1. Well adjusted (as well adjust as a *nix person can be):
rm -rf blah
2. A cry for help:
rm -fr blah
3. Serial killer
rm -Rf blah
Me: I setup a new Wi-Fi network with additional filtering and protections. It’s called “Wu-Tang LAN”.
Wife: huh?
Me: Wu-Tang LAN is for the children
Wife: 😐
What is the simplest hack you’ve pulled of or witnessed?
We’ve had a DA account with Winter2019
MFA bypass by just skipping the login page
What else? I finishing up my talk on Hacking Dumberly and how simple stuff item works.
This CrowdStrike outage is a thing of nightmares. Imagine having to have to walk to each of the downed systems and manually fix it. Even worse with FDE.
I have flashbacks of Nimda and the reboot loop, but this is worse.
Anyone else planning on spending all day on December 31st binge watching all the content before Flash dies?
“Gotta checka checka da email, hope it’s from a ... female”
Want more AV/EDR hooking and bypasses? This article has some solid depth to it (and it is quite readable too).
Thank you to Matthew Eidelberg at
@optiv
for the article.
TIL: You can tunnel through RDP (much like SSH) using proxychains.🤔🤔🤔
"Dynamic Virtual Channels ... enable the tunneling of arbitrary packets inside the RDP connection by tagging packets according to the desired source/destination"
Congratulations to Tim Medin (
@TimMedin
) for his promotion to SANS Senior Instructor! Well-deserved recognition for his contributions to our community, industry, & his countless students. Thank you, Tim!
Learn more about Tim:
A lot of orgs incorrectly defend against password spray attacks but blocking the source IP. This is largely a waste of energy since changing source IPs is trivial.
You need to identify the successful auth within the failed ones. Good info from Microsoft.
A man tried to take my son (he’s fine). He didn’t lure him with candy, he didn’t do it by force. He yelled at him and said he had to come with him. I’ve never heard of this tactic. He scared him into coming with him. He wasn’t that far from us. He’s 10 and smart. Be aware!
Wow! Holy Smokes! This blows my mind!
"For those who might not see what this is:
Fully working SMB protocol implementation is webassembly, it runs in your browser"
I waited 2 years for this, rewrote impacket for this, asked cryptographers to remake algos in python for this, spent enormous time of my life to make this happen. and it's finally here this finally works and I can't find the words to express my satisfaction.
This post from CrowdStrike is spot on.
#2
Network Shares is an issue we see in 100% of
@RedSiege
tests. That is not hyperbole. Remember, attackers don't need all the data. How much would it take to make a breach notification or put you in the news?
Deescalate
This is the seemingly most ironic lesson I learned from a Ranger and a Martial Arts instructor.
The two people I know who are most able to kill people talked about descalation and avoiding violence.
You can learn a LOT looking at someone’s .bash_history. It’s like looking into someone’s tech soul.
“This dude is a regex black belt”
“Wow, this guy needs a typing lesson”
“Why does this fella put `sudo` before every.. singe.. command (ssh)"
If a potential employer asks you for a writing sample, do NOT attempt to redact a work report and send it!
99% chance you miss something
100% chance you demonstrated you can't protect client info
I'd fire on the spot if I heard of this
I experienced German healthcare today (eye infection)
I walked in and filled out a 1/4 page of paper (unlike 4-5 pages in US)
Waited 4 minutes (3-10x in US)
Dr was efficient and gave Rx in 3m
I paid in cash 25€ and I got change
Pharmacy was faster than McD
Dang efficient!
Given the age of the Uvalde shooter, the shooter had likely been through more active school shooter drills than the cops.
All new school shooters will have gone through the drills.
The shooters know what they are stepping into.
Think about that for a sec.
To the person in Croatia who ordered Pizza Hut using the company card, I hope you enjoyed it. Also, the limit on that sucker meant you could have purchased a house. Should have been faster.
.
@RedSiege
is now more offensive than ever with the acquisition of
@FortyNorthSec
! I'm really excited to have them part of the team for all their contributions to infosec, including EyeWitness! Details on the acquisition are below.