Twitter | Search | |
Ryan Duff
The CIA leaker conducted a privilege escalation on the computer he used to access the data he stole, erased all the logs of his activity, and then locked other users out. A lot more tradecraft here than your average leaker…
Reply Retweet Like More
Ryan Duff Jun 18
Replying to @munin
LMAO
Reply Retweet Like
SummerOfSYN Jun 18
Replying to @munin @flyryan
yeah. not everyone is a retard with wget -m.
Reply Retweet Like
Ryan Duff Jun 18
Replying to @munin
He still got caught so he isn’t that competent. They also got into his child porn stash because of password reuse.
Reply Retweet Like
Ryan Duff Jun 18
Replying to @munin
Yeah for sure.
Reply Retweet Like
🦎 Curious Reptile 🦎 Jun 18
Replying to @flyryan
Why would he lock out other users if he didn’t want to be found out? That seems like very poor tradecraft unless I’m missing something here
Reply Retweet Like
Ryan Duff Jun 18
Replying to @livebeef
It’s really hard to say without knowing the details. There could have been a reason. However, while there is tradecraft here, that doesn’t necessarily mean it’s GOOD tradecraft.
Reply Retweet Like
crispin Jun 19
Replying to @flyryan @riskybusiness
Doesn't say a lot for their monitoring capability if he can make all those permission changes without something going even a wee bit red in their SOC......
Reply Retweet Like
Cian Jun 19
Replying to @flyryan @livebeef
Denying others access to the system could mean changing passwords on specific accounts perhaps, very vague.
Reply Retweet Like
Alexander Riccio Jun 19
Replying to @flyryan
I really wanna know what privesc method he used to get into a classified system. How TF are they not locking down & monitoring their tool stash??!?
Reply Retweet Like
Ryan Duff Jun 19
How would a SOC see a local attack? It's not over the network. Maybe an endpoint solution but I would imagine there are a ton of security barriers to having one of those on the system.
Reply Retweet Like
Ryan Duff Jun 19
Replying to @ariccio
I think it would extremely interesting if he used their own tools to gain access.
Reply Retweet Like
Toking Points, Infrastructure Week 🏆 Winner Jun 19
Legacy systems... hard protective candy shell on the outside, soft chocolate part is on the inside.
Reply Retweet Like
Toking Points, Infrastructure Week 🏆 Winner Jun 19
Replying to @flyryan @ariccio
That's what I actually thought you wrote when I clicked this tweet in my feed. It does seem plausible.
Reply Retweet Like
ETERNALBLUE Jun 19
Replying to @flyryan @thegrugq
So he was smart enough to use a PE bug, erase the logs and lock others out yet he googled CP? Something sounds off.
Reply Retweet Like
Ryan Duff Jun 19
Replying to @jaywalkn @thegrugq
Good tradecraft does not always mean good OPSEC.
Reply Retweet Like
Alexander Riccio Jun 19
Replying to @flyryan
But also: would that count as an own-goal?
Reply Retweet Like