Twitter | Search | |
Chris Nickerson
My opinion is my opinion. It is also the opinion of what I do and wherever I do it. Thanks..
15,107
Tweets
4,122
Following
13,476
Followers
 
View more photos
Tweets
Chris Nickerson retweeted
♘ Josh Corman 5h
And is “dead” / coded. Swap in surgical dummy for chest compressions #
View photo · Reply Retweet Like
Chris Nickerson retweeted
RAVENii Apr 18
Headed to this weekend? Swing by the RAVENii and booth to say hi! See you there!
View details · Reply Retweet Like
Chris Nickerson retweeted
sysopfb 18h
Stealing NTLM hashes with C:\windows\system32\nltest.exe on Windows 10
View photo · Reply Retweet Like
Chris Nickerson retweeted
Oddvar Moe [MVP] Apr 18
Another with the name of Expand.exe can be used to copy files, but it also supports adding file to Alternate Data Streams. My ADS list is updated: Awesome find by
View photo · Reply Retweet Like
Chris Nickerson retweeted
Maite Apr 17
Volatility, my own cheatsheet 1.Image Identification 2.Processes and DLLs 3.Process Memory 4.Kernel Memory and Objects 5.Networking [1/2]
View summary · Reply Retweet Like
Chris Nickerson retweeted
zǝɹosum0x0🦉 Apr 17
Just pushed experimental (from and ) stager for
View photo · Reply Retweet Like
Chris Nickerson retweeted
Skorov Apr 17
I did a thing to get domain usernames without knowing any creds. Uses NTLM Relay + lsarpc + RID cycling. (Thx to for inspiration)
View summary · Reply Retweet Like
Chris Nickerson Apr 18
This is the best booth at RSA
View photo · Reply Retweet Like
Chris Nickerson Apr 18
Go to this booth at RSA. Only legit story here south expo booth 2442
View photo · Reply Retweet Like
Chris Nickerson Apr 17
Awesome to see at RSA. More people need to take note of what they are doing.
View details · Reply Retweet Like
Chris Nickerson retweeted
Matt Graeber Apr 17
A note re. building naive cmd line detections for this iexplore.exe path Win32_Bios Get BIOSVersion /format:test is a valid invocation - test.xsl resides in the current dir - wmic.exe renamed to iexplore.exe /format is the only consistent cmd line arg
View details · Reply Retweet Like
Chris Nickerson retweeted
ATT&CK @ RSAC Apr 16
If you're planning your week at , be sure to add our ATT&CK meetup on Wednesday to your calendar. Stop by to chat with the team and grab some swag!
View photo · Reply Retweet Like
Chris Nickerson retweeted
Casey Smith Apr 15
Thanks for the contribution to our Atomic Red team repo. We love help and hope others can help us with the test harness and Pester Unit tests.
View summary · Reply Retweet Like
Chris Nickerson retweeted
Endgame Apr 16
Today, Endgame is releasing ember to address the lack of datasets in the domain of static malware detection. Here’s a closer look at the model:
View photo · Reply Retweet Like
Chris Nickerson retweeted
ATT&CK @ RSAC Apr 16
We're so excited (so scared?) to be here at . Send us a message if you want to meet up today, or stop by our visiting hours Tuesday through Thursday, 1-3 p.m. in Moscone West WES 28.
View photo · Reply Retweet Like
Chris Nickerson Apr 16
Replying to @Lee_Holmes @MITREattack
So awesome to see this work take off. You rock!!
View conversation · Reply Retweet Like
Chris Nickerson retweeted
Casey Smith Apr 16
Awesome to meetup with some of the team be sure to chat with them while here at RSA
View photo · Reply Retweet Like
Chris Nickerson retweeted
Lee Holmes Apr 16
Atomic Red Team now has automation and unit testing of the framework, all written in simple PowerShell from the Markdown-based tactic and technique descriptions. Super easy to contribute to!
View photo · Reply Retweet Like
Chris Nickerson retweeted
DirectoryRanger Apr 15
CredNinja. A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB, plus now with a user hunter
View summary · Reply Retweet Like
Chris Nickerson retweeted
DirectoryRanger Apr 15
Jumping Network Segregation with RDP
View summary · Reply Retweet Like
Load older Tweets