Security Engineer at Palantir. Previously Windows Kernel at Microsoft. AD PFE for a while & MS Certified Master (MCM) #ActiveDirectory. OSCE, OSCP & GXPN. 🇦🇺

Seattle
Joined November 2014
Restricting SMB based lateral movement in a #Windows environment. Lessons learned from work with the @SpecterOps team; drawing from previous posts by @mattifestation, @Haus3c, @cryps1s, @harmj0y & Mr SMB himself @NerdPyle bit.ly/SMB-lateral-movement #redteam #blueteam #infosec
11
507
25
1,057
One of the many reasons VBS should be on everywhere and why it’s default enabled on Windows 11: docs.microsoft.com/en-us/win…
Did you know you can report a vulnerable or malicious driver to the Windows and Defender teams? We use these submissions as part of HVCI, KMCI, and Defender block lists. microsoft.com/en-us/wdsi/dri…
10
23
0
106
Been a few months in development on and off, but finally got an end to end POC working for lsarelayx. System wide NTLM relay from Windows which relays all incoming NTLM authentications without affecting the original target application. Silent relay if you will.
17
293
10
949
29,830
Show this thread
Chad Duffey retweeted
2
121
2
390
Chad Duffey retweeted
If you do anything related to #DFIR especially NTFS forensics, then you should check @kacos2000 MFT_Browser, it is AMAZING! Download: github.com/kacos2000/MFT_Bro…
4
280
7
750
GIF
Show this thread
Chad Duffey retweeted
In our never-ending hunt for new persistence techniques, @mutantvillian and I spent some time digging into using preview handlers over the past few weeks. Today we're publishing our research along with detection guidance. posts.specterops.io/life-is-…
6
145
7
252
Chad Duffey retweeted
Reverse Engineer's Toolkit : This is a collection of tools you may like if you are interested on reverse engineering and/or malware analysis on x86 and x64 Windows systems : github.com/mentebinaria/reto…
13
396
5
1,196
GIF
Chad Duffey retweeted
22
643
65
3,960
Chad Duffey retweeted
There is actually a BIG change how PRTs now work after @_dirkjan reported an issue to @msftsecresponse. The MFA claim is not anymore present in access tokens fetched with PRT + username/password authentication. This makes #redteamers and #hackers life a bit more difficult 😜
Just watched @_dirkjan's 🔥 presentation at #RomHack2021 / @cybersaiyanIT on breaking AAD joined endpoints. You should do the same 👇 piped.kavin.rocks/JPKerDMkb9g?t=13933
0
26
0
55
Chad Duffey retweeted
I’ve worked with athletes around reaching “flow states.” It's 100% psychology. We’ve all been there - you lose time, are immensely productive, or just crush it in your sport...or work. Let’s look at what flow states are & how to get there. No punches pulled. 1/
25
125
22
794
Show this thread
If you're going to take the recommendation to increase your minimum #ActiveDirectory password length to 15+ chars its worth reading this first: support.microsoft.com/en-us/… The requirements might be surprising. The "History" section gives context as to why there is some confusion.
0
3
0
12
Chad Duffey retweeted
📢 It's out!!!! 🎉🥳🍾 Our brand-new "macOS Control Bypasses" course. ✅macOS internals ✅Shellcoding ✅Dylib & Mach Injection ✅Hooking ✅XPC exploitation ✅Sandbox escapes ✅Attacking TCC ✅Symlink attacks ✅Kernel code execution ✅macOS Pentesting offensive-security.com/exp31…
20
119
4
480
Chad Duffey retweeted
All researchers have heard of Google Dorks, but much less well known are the dorks for #Github, #Shodan, #DuckDuckGo, #Bing, #VirusTotal... Here is my small collection with links to a list of dorks for various search tools. github.com/cipher387/Dorks-c… #osint
14
486
14
1,159
Chad Duffey retweeted
Really liked @Cyb3rWard0g's OMIGod Detection rules but wasn't sure how to configure Linux Logging to utilize it. Spent a few hours learning Auditd and Laurel, so if you ever wanted to do more than default Linux logging. This is for you - piped.kavin.rocks/lc1i9h1GyMA
6
120
3
465
Show this thread
wrote a version-independent pykd script that dumps APIs allowed by Control Flow Guard. 👇 github.com/uf0o/CFG_Allowed_…
1
9
0
21
Chad Duffey retweeted
The first 10 videos for the Microsoft Cybersecurity Reference Architecture (MCRA) are up on YouTube (more being added as we speak) Share and enjoy! aka.ms/mcra-videos
1
44
2
148