Systems security, author DecentSecurity.com, GotPhish.com, SciFi @ UniversalShards.com, sysadmin & SecEng. Microsoft MVP, Client Security 2021. they/them/tay
Cyber, USA
Joined April 2014
- Tweets 140,182
- Following 9,093
- Followers 336,653
- Likes 122,054
π retweeted
This is one of my favorite things to demonstrate to people. Itβs so easily shown and yet I feel not enough people were ever warned.
0
1
0
1
π retweeted
yep, instead of installing the proper strike plates which vary depending on the latch model, they'll just use a single plate that fits all the latches they typically use
extremely widespread door vulnerability
0
2
1
19
You know when you close some doors, then press further and hear click? That's the deadlatch falling in and disengaging. This is a common issue especially commercially where doors are poorly fitted. Credit card can push in the bolt.
go-rbcs.com/articles/the-deaβ¦
piped.kavin.rocks/jM7i9u0VwkY
7
8
0
75
π retweeted
i have never been so grateful in my life for running water and machines as i was after having to haul and boil water for washing my clothes for two years.
Water is weight. It is heavy, in a way that seems exponential. It sloshes and jostles, ever building energy to escape your hours-long grasp.
Water is so heavy you don't know what those numbers mean until you carry it. A few gallons become granite. A few minutes become eternity.
Show this thread
2
12
0
137
For fellow Microsoft MVPs looking for an exciting job opportunity in a new vertical. #MVPbuzz
7
5
1
74
π retweeted
We shouldn't overlook that there is likely some intentional strategic messaging by the USG here: "we can track your payments." I understand not wanting to reveal too much, but I wonder if naming the variants (rather than redacting) could have more of an impact toward this goal.
1
6
0
22
π retweeted
I have encrypted the message by writing it upside down. If you read it upside down: illegal hacking. Right to jail, right away.
14
61
5
583
π retweeted
Base64 tl;dr it's a way to wrap content inside other content in a way that doesn't confuse the shit out of systems with weird formatting and avoids other protocol issues. It's not obfuscation it's literally everywhere in tech and it's the chief reason for equals signs.
25
50
5
874
Agreed, Linux-based appliances need to require this kind of visibility especially if we don't have root. Considering bringing this up in our next vendor requirements.
Dear Linux Blackbox Vendors out there you have no excuse anymore to not provide telemetry required to prove that your box has been owned! Ship your products with Sysmon pre-installed and make them available!
5
19
0
139
π retweeted
Another way to transfer files via RDP 3:
1.) Open pic.jpeg in Notepad++
2.) select all
3.) Plugins > MIME Tools >Base64 Encode
4.) Copy
5.) Paste in RDP Notepad
6.) save picture.txt
7.) certutil.exe -decode pic.txt pic.jpeg
8.) now have original file
(Thx @rhysjeffs for reminder)
14
74
1
439
π retweeted
WTF. This is the most impressive thing I have ever seen in computer vision. Absolutely incredible. I knew it was going to happen, nevertheless seeing it here is something else. The video is synthetic from a few pictures π€―
But there is more re where this can go 1/
40
715
68
3,290
whenever you see a startup who you didnβt join at seed stage goes public, take solace in the possibility that theyβd not have succeeded had you joined
32
349
86
3,265
π retweeted
New #Windows #ActiveDirectory #Azure #WindowsServer event log #Mindmap released
github.com/mdecrevoisier/Winβ¦
@SBousseaden @SeloX_AUT @SwiftOnSecurity @PyroTek3 @GossiTheDog @cyb3rops @Sh0ckFR
7
171
3
533
