|
John Lambert
@
JohnLaTwC
Redmond WA
|
|
Distinguished Engineer, Microsoft Threat Intelligence Center, johnla(AT)microsoft.com,
**BEWARE There are Tech Support Scams that use my name **
|
|
|
4.027
Tweetovi
|
392
Pratim
|
29.690
Osobe koje vas prate
|
| Tweetovi |
| John Lambert proslijedio/la je tweet | ||
|
Pete Bryan
@MSSPete
|
4 h |
|
Have you looked at the Notebook features in #AzureSentinel but wanted to know more? Check out this deep dive of our #Linux Host Explorer Notebook to understand what it is doing and how to use it:
techcommunity.microsoft.com/t5/azure-senti…
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
5 h |
|
🆕hxxps://byteout.xyz/olympic/ad/index.html
They aren't loading the rings logo from the olympics.org website. Where did it go? #CyberChef reveals all! pic.twitter.com/wy0qifLlMX
|
||
|
|
||
| John Lambert proslijedio/la je tweet | ||
|
Mark Simos
@MarkSimos
|
2. velj |
|
Need a #ZeroTrust Reference Architecture? Check out this one showing how @Microsoft technology enables this strategy/access model.
Slide 14 of CISO Workshop Module 3
@ajohnsocyber @MalwareJake @_sarahyo @RavivTamir @JohnLaTwC #Cybersecurity
docs.microsoft.com/en-us/microsof… pic.twitter.com/t2eChLzW8r
|
||
|
|
||
| John Lambert proslijedio/la je tweet | ||
|
Maurice de Jong
@MauRiEEZZZ
|
1. stu |
|
📇 Good afternoon!
In this blog I explain how we can authenticate using devicelogin from interactive Python code execution like Jupyter notebooks and utilize keyvault.
👇
mcpforlife.com/2019/11/01/how…
@code
@ProjectJupyter @AzureSdk @wortell
#python #azure #vscode #jupyter #keyvault pic.twitter.com/PAvqohp11F
|
||
|
|
||
| John Lambert proslijedio/la je tweet | ||
|
Tomi Tuominen
@tomituominen
|
1. velj |
|
This thread is pure gold for both ops and incident response folks. twitter.com/jschauma/statu…
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
31. sij |
|
Amsi bypass by patching memory:
🔗virustotal.com/gui/file/ec559… pic.twitter.com/1qfTTzByEa
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
31. sij |
|
Themed PyQt rendering pandas dataframes.
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
31. sij |
|
Unicode VBA for obfuscation purposes:
🔗d7987d5bfcd0d8fd206c45b5a83bc429e22759c414d427c8bf1236e7d573f7c3 pic.twitter.com/pKeGqOEWqb
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
31. sij |
|
Running unexpected things via manage-bde.wsf and COMSPEC
🔗virustotal.com/gui/file/7493b…
🤜🤛twitter.com/bohops/status/… @bohops pic.twitter.com/SOTsepgDCI
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
31. sij |
|
Maldocs that launch code via CreateShortcut and SendKeys
🔗virustotal.com/gui/file/6d630…
🔗virustotal.com/gui/file/65420… pic.twitter.com/y2uCUSSIWI
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
31. sij |
|
#FFVT Follow Friday on interesting VT Submitter Ids. My first is ec31b410 uploading from Denmark. Examples in this thread pic.twitter.com/zHCeN0GuW9
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
31. sij |
|
|
||
|
John Lambert
@JohnLaTwC
|
30. sij |
|
JIFF
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
30. sij |
|
Malware that just quits? I think there's more to the formula in this maldoc. #oletools reveals all cc/ @decalage2
🔗virustotal.com/gui/file/f0bfb… pic.twitter.com/g9vITlJL5j
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
30. sij |
|
Blue teamers, just watched this webinar by @MSSPete on how to use #AzureSentinel to hunt over data. Hypothesis formulation, graph investigation, #Jupyter notebooks, and more! twitter.com/PrakashAjeet/s… pic.twitter.com/E6l4bdE08X
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
30. sij |
|
🆕hxxps://transnesia.co.id/olympicfencingtoshiromutotokyo2020/
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
30. sij |
|
I like it with labels!
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
30. sij |
|
That feeling when someone has just joined and you're looking forward to grabbing coffee with them. twitter.com/drhyrum/status…
|
||
|
|
||
|
John Lambert
@JohnLaTwC
|
29. sij |
|
When you can pivot by submitter id, you can quickly find many more relevant samples. Combined with the other VT meta data, it makes perusing samples very easy. pic.twitter.com/gyWueO6L3d
|
||
|
|
||