![]() |
Chris Nickerson
@
indi303
Denver, CO
|
My opinion is my opinion. It is also the opinion of what I do and wherever I do it. Thanks..
|
15,107
Tweets
|
4,122
Following
|
13,476
Followers
|
Tweets |
Chris Nickerson retweeted | ||
![]() |
♘ Josh Corman
@joshcorman
|
5h |
And @beauwoods is “dead” / coded. Swap in surgical dummy for chest compressions @CDameffMD @jefftullymd @joshcorman ##RSAC2018 pic.twitter.com/9AhYEo3gSV
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
RAVENii
@RAVENiiSecurity
|
Apr 18 |
Headed to @_BSidesKC this weekend? Swing by the RAVENii and @Packetsled booth to say hi! See you there!
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
sysopfb
@sysopfb
|
18h |
Stealing NTLM hashes with C:\windows\system32\nltest.exe on Windows 10 pic.twitter.com/JBd2YtCASj
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
Oddvar Moe [MVP]
@Oddvarmoe
|
Apr 18 |
Another #LOLBin with the name of Expand.exe can be used to copy files, but it also supports adding file to Alternate Data Streams.
My ADS list is updated: gist.github.com/api0cradle/cdd…
Awesome find by @infosecn1nja twitter.com/infosecn1nja/s…
#LOLBins pic.twitter.com/gmtpMBMfGU
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
Maite
@mmorenog
|
Apr 17 |
Volatility, my own cheatsheet
1.Image Identification
andreafortuna.org/cybersecurity/…
2.Processes and DLLs
andreafortuna.org/cybersecurity/…
3.Process Memory
andreafortuna.org/cybersecurity/…
4.Kernel Memory and Objects andreafortuna.org/cybersecurity/…
5.Networking
andreafortuna.org/cybersecurity/…
[1/2]
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
zǝɹosum0x0🦉
@zerosum0x0
|
Apr 17 |
Just pushed experimental #SquiblyTwo (from @subTee and @mattifestation) stager for #Koadic github.com/zerosum0x0/koa… pic.twitter.com/suLozkMtzO
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
Skorov
@skorov8
|
Apr 17 |
I did a thing to get domain usernames without knowing any creds. Uses NTLM Relay + lsarpc + RID cycling. github.com/skorov/ridrelay
(Thx to @ropnop for inspiration)
|
||
![]() ![]() ![]() |
![]() |
Chris Nickerson
@indi303
|
Apr 18 |
This is the best booth at RSA #fakesecurity pic.twitter.com/S9tiduirxw
|
||
![]() ![]() ![]() |
![]() |
Chris Nickerson
@indi303
|
Apr 18 |
Go to this booth at RSA. Only legit story here #fakesecuriry #respect south expo booth 2442 pic.twitter.com/nMgOBhh0Bw
|
||
![]() ![]() ![]() |
![]() |
Chris Nickerson
@indi303
|
Apr 17 |
Awesome to see @redcanaryco at RSA. More people need to take note of what they are doing.
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
Matt Graeber
@mattifestation
|
Apr 17 |
A note re. building naive cmd line detections for this
iexplore.exe path Win32_Bios Get BIOSVersion /format:test
is a valid invocation
- test.xsl resides in the current dir
- wmic.exe renamed to iexplore.exe
/format is the only consistent cmd line arg
twitter.com/subTee/status/…
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
ATT&CK @ RSAC
@MITREattack
|
Apr 16 |
If you're planning your week at #RSAC, be sure to add our ATT&CK meetup on Wednesday to your calendar. Stop by to chat with the team and grab some swag! pic.twitter.com/E4N8PKAjfN
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
Casey Smith
@subTee
|
Apr 15 |
Thanks @Lee_Holmes for the contribution to our Atomic Red team repo.
github.com/redcanaryco/at…
We love help and hope others can help us with the test harness and Pester Unit tests.
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
Endgame
@EndgameInc
|
Apr 16 |
Today, Endgame is releasing ember to address the lack of #opensource datasets in the domain of static malware detection. Here’s a closer look at the model: ow.ly/gMwi30jvRrw pic.twitter.com/tyq3qponMu
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
ATT&CK @ RSAC
@MITREattack
|
Apr 16 |
We're so excited (so scared?) to be here at #RSAC. Send us a message if you want to meet up today, or stop by our visiting hours Tuesday through Thursday, 1-3 p.m. in Moscone West WES 28. pic.twitter.com/LZIlv6AyFi
|
||
![]() ![]() ![]() |
![]() |
Chris Nickerson
@indi303
|
Apr 16 |
So awesome to see this work take off. You rock!!
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
Casey Smith
@subTee
|
Apr 16 |
Awesome to meetup with some of the @MITREattack team be sure to chat with them while here at RSA pic.twitter.com/DOLeHQJ4YU
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
Lee Holmes
@Lee_Holmes
|
Apr 16 |
Atomic Red Team now has automation and unit testing of the @MITREattack framework, all written in simple PowerShell from the Markdown-based tactic and technique descriptions. Super easy to contribute to! github.com/redcanaryco/at… pic.twitter.com/I4rRwd9dak
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
DirectoryRanger
@DirectoryRanger
|
Apr 15 |
CredNinja. A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB, plus now with a user hunter
github.com/Raikia/CredNin…
|
||
![]() ![]() ![]() |
Chris Nickerson retweeted | ||
![]() |
DirectoryRanger
@DirectoryRanger
|
Apr 15 |
Jumping Network Segregation with RDP
rastamouse.me/2017/08/jumpin…
|
||
![]() ![]() ![]() |