Discover and read the best of Twitter Threads about #BlueTeam

Most recents (18)

Grow your cybersecurity skills with this incredible collection of FREE learning resources.

⚡️ Get ready to level up!

Follow & share the 🧵

#infosec #cybersecurity #pentesting #bugbounty
#hacking #blueteam #redteam #technology #DataSecurity #CyberSec #Linux#soc #dfir
1️⃣ Hands-on cyber security training through real-world scenarios.

tryhackme.com
2️⃣ LiveOverflow YouTube channel

youtube.com/@LiveOverflow
Read 11 tweets
☃️FREE Blue Team Resources☃️

Security Blue Team is 6 free courses

➡️ OSINT
➡️ Digital Forensics
➡️ Network Analysis

and much more...

#blueteam #bugbounty #hacking #infosec #cybersecurity
That's a wrap!

If you enjoyed this thread:

1. Follow me @thebinarybot for more of these
2. RT the tweet below to share this thread with your audience
Read 3 tweets
Check Out Blue Teaming Tools Below to practice your #Hacking Skills 👇

#thesecureedge #infosec #blueteam
1. Prime Hunt is a browser extension for threat hunting
github.com/socprime/the-p…
2. Report on changed Active Directory groups using PowerShell
powershellisfun.com/2022/07/13/rep…
Read 12 tweets
Day 4⃣1⃣

We will learn how to fuzz input fields today - first we fuzz manually today.
First things first - remember we had a giveaway yesterday - Winner:

@Illusionist3886

Twist 1: @Rohaan_ because I am having a nice day - you win as well

Congratulations to both of you - DM me for details.

Now on to hacking!
We checked the technologies, found version numbers and tried to find previously reported vulnerabilities.

One thing should have caught your eye - farmOS does not have ANY! reported vulnerabilities.

Is this good or bad?

BOTH.
Read 20 tweets
Day 3⃣9⃣

I will teach you how to find bugs in open source software step by step

Lets go!
1. You use the query I posted yesterday to find potential targets: github.com/search?q=stars…

(You can adapt the number of stars to your liking, anything more than 50 stars should suffice)

You now have 1068 RESULTS - WAOW.
2. You get into your hacker mindset and figure out which ones are juicy targets🧃

but... How?

Easy, all you have to do is think about vulnerabilities...

What?

Ok, let me explain
Read 18 tweets
People seeking a #cybersecurity career immediately get overwhelmed with Step 1😲

I’ve been at it 18+ years
I have over 500 #cybersecuirty YT vids💥

Grab my 7 focused, curated Playlists below💪
Accelerate your progress 🚀

(They answer the FAQ I get all the time)

[🧵]
[1] I have NO IT Background and Want to Get Into Cybersecurity
(21 Videos) 🎥

🌐 youtube.com/playlist?list=…

Is Cybersecurity for IT people only? NO! But how does one start without an IT background?

Here you go! 💥
[2] I Need to Know What Jobs Are In the Cybersecurity Field.
(12 Videos)🎥

🌐 youtube.com/playlist?list=…

There are soooo many jobs in the cybersecurity field.

Most people think of hacking or penetration tester, but there are many roles that suit different skills. ⚒️
Read 11 tweets
A lot of talk about threat modeling lately. Let me give you some idea of why I hate it and think threat modeling is bullshit. I'll also tell you what I think is better. I'm going to use $BIGCO as my example. Here's a long thread.
#infosec #blueteam #malware #skincare
🔜🧵
First, you constantly hear the snarky refrain "my threat model is not your threat model" from people trying to sound important. They don't have a "threat model". They have a superiority complex in their head about potential "threats" 🙄 It's silly. Show me your threat model. 🔜🧵
Oh, you don't actually have it written down and it's not based on data, but based on just general things you're worried about? All in your head? 🆗🆒 Sounds like your idea of a "threat model" and mine really are pretty different.
🔜🧵
Read 16 tweets
¿No os ha pasado nunca que lleváis unos días malos y necesitáis descargar energías negativas con alguien? Pero con alguien que se lo merezca, ¡¡¡claro!!! 😬
hilo de troleo a un scammer #scam #whatscam #whasapp ... 🧵
En realidad, se trata de transformar las vibraciones negativas en algo positivo. Ahí te descargas y ya ... 😎
⬇️
No es habitual, que conste, pero a veces me guardo algunos IOC's de cosas malas. En este caso me guardé el teléfono de un #scammer, por si algún otro día salía la oportunidad.
⬇️
Read 23 tweets
mshtml.dll was loaded into winword process, when Microsoft MSHTML used? I guess, it will be nice for #threathunting perspective
based on sample: app.any.run/tasks/36c14029…
possible another suspicious loads: ExplorerFrame.dll, ieproxy.dll

#CVE-2021-40444 #DFIR #BlueTeam
...run query on prod enviroment, last 30 days - 0 FPs hists. via (MDATP) @MSThreatProtect
Read 3 tweets
🧵on stealing TeamViewer credentials

Many organizations have systems with TeamViewer actively running; some know it and manage it correctly, other have no idea it is running or where. The latter probably have multiple versions #redteam #blueteam #purpleteam #ThreatThursday 1/10
I started looking deeper into TeamViewer when @snlyngaas reported that a Florida water facility had been breached. A malicious actor used TeamViewer to login and change the levels of sodium hydroxide. The plant operator say this and no damage was done cyberscoop.com/florida-water-… 2/10
For those that speak @MITREattack we are talking about T1078 Valid Accounts: attack.mitre.org/techniques/T10…
But how were these credentials obtained? We don't know but @brysonbort spoke with #RSAC about it if you want more on the Florida water plant breach: 3/10
Read 10 tweets
I’m going to tell you some things about #cybersecurity and why you should consider addnig it to your careers. For starters, today there’s a lack of 1.5 million specialists worldwide and the number is expected to grow by 2022.
Today more tan ever, #cybersecurity is important for everyone—professionally, as parents, for our exposition and above all, for our #reputation. Many times I find myself speaking to people that believe that you need to be a #hacker to work in #cybersecurity.
There’re 4 domains you can investigate and study: Information Security Governance, Information Risk Management, Information Security Program Development and Management Information Security Incident Management. All allow to get a #CISM certification,
Read 10 tweets
Some very interesting XLLs in the wild (#blueteam take note!). Will link to some research in this thread. This one loads a payload from an embedded resource and displays a decoy message.
📎virustotal.com/gui/file/1994a…
🎁🎇joesandbox.com/analysis/21041… ImageImageImageImage
This XLL decodes a Base64 string using CryptStringToBinary and uses the Nt APIs to jump to it.
📎virustotal.com/gui/file/5644a… ImageImageImage
Read 13 tweets
I've been seeing some tweets about #BlueTeam and documentation and diagrams. Diagrams are an important part of the engineering process! So, I figured I'd do a little diagram breakdown for folks wondering what are some useful types of diagrams.
High level diagrams provide a non-technical overhead perspective of the environment. If you are at all familiar with DoDAF, this would be like your OV-1 diagram. These should tell a high level story and be easily explainable to someone who is new/and or non-technical.
Network level diagrams show logical connectivity between all nodes/devices in the environment. It should include the IP/hostname of the devices. Other details to include are VLAN information, system/authorization boundaries, as well as any unique information that might make sense
Read 12 tweets
“The true test of a man’s character is what he does when no one is watching.” - John Wooden

I like this quote a lot, though I wish it said character is what a person does when they *THINK* no one is watching.

#blueteam loves it when threat actors think that no one’s watching.
What defenders actually do when threat actors think no one’s watching: collect.

For me, I prefer building, improving, or automating around Low-Fi/trap/silent/“weak” signals or undocumented forensic artifacts.

Goal during quiet time: a clear picture to enable impactful decisions
When #blueteam pulls the trigger on whatever quiet plan they’ve cooked up – there is this sweet moment of surprise.

In security, everyone’s trying to avoid unmitigatable surprise. And the ability to inflict confusion is just rarer for defenders.

I hope you get to go big. ⛈🤕
Read 3 tweets
🆕 Microsoft.Workflow.Compiler sample with low VT detection!
1⃣C:\ProgramData\ccm_deploy.xml 🧐
MD5 fb98cddfa2e13334989d27d1b5b7cdda
VT (0/56): virustotal.com/gui/file/8b6d8…
2⃣Loads C:\ProgramData\package.xml
MD5 a916ca1d57d9c3b2627907ab68a264fe
VT (1/58): virustotal.com/gui/file/9a8b5…
[1/4] Image
I uploaded both to @virusbay_io: beta.virusbay.io/sample/browse/…

and the extracted payload to @anyrun_app: app.any.run/tasks/35c09520…

STDOUT:
Injection Target Process = %ProgramFiles%\Internet Explorer\iexplore.exe
PPID Spoof Parent = True
PPID Spoof Process = explorer
Returned true
[2/4] Image
@virusbay_io @anyrun_app More info on @mattifestation's method:
1⃣ My favorite implementation uploaded publicly is this Excel file (probably authored by @egyed_laszlo):
2⃣ The first workflow VT sample uploaded was ~1 year ago:

^plus background & links
[3/4]
Read 12 tweets
Please share in this thread some defensive techniques that are relatively simple to configure/deploy that has a high success rate (low false positives).

I'll start:
* Detect Kerberoasting:
trimarcsecurity.com/single-post/Tr…

* Detect PW Spraying:
trimarcsecurity.com/single-post/20…

#BlueTeam
* Deploy LAPS to automatically rotate local Administrator passwords on Windows computers
adsecurity.org/?p=1790
microsoft.com/en-us/download…
* Test & Deploy "AaronLocker" for simplified AppLocker deployment
github.com/microsoft/Aaro…
Read 11 tweets
I've got a story to share. Not as exciting as the exploits of @TinkerSec, @HydeNS33k, or @_sn0ww, but a story nonetheless. #DFIR & #BlueTeam in nature. 1/
I worked for a service provider back in the day. And we provided email accounts to customers. 2/
This was back when most places would slap #SquirrelMail or #Horde on top of a #dovecot server. 3/
Read 13 tweets
Thought of the Day: It's actually possible to cause HARM with a #redteam exercise. Read the thread before you jump to conclusions.
There are many different "goals" that stakeholders of a #redteam exercise may expect (and they probably only latch onto one of them, not even aware of the others):
- Program/Posture Assessment
- Controls Validation
- Adversary Simulation
- Adversary Emulation ^not the same^
In a healthy red team program, you'll have stakeholders from each "camp" expecting each of those items to be represented. A SOC will want controls validation, for instance, but may not care about a Posture Assessment (i.e. this business unit has a C+ security program).
Read 15 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!