Apple TV 4 with iOS 14.7. Jailbreak with checkra1n Full file system with ElcomSoft and Magnet Forensics Processing with @AlexisBrignoni iLEAPP and Sarah Edwards 👩🏻‍💻🐈‍⬛ APOLLO Nice :)

SANS Live Online Europe January 2022 Volume 1 #FOR500 w/ Lee Whitfield #FOR508 w/ dfirfpi #SEC660 w/ Michiel Lemmens #SEC530 w/ Greg Scheidel #MGT551 w/ Mark Orlando Register 👉 sans.org/u/1jEP

Bypass Defender AV static detection: If you name a malicious file DumpStack.log Defender doesn't scan it.

SANS Live Online Europe February 2022 Volume 1 SEC504 w/ Mick Douglas 🇺🇦🌻 SEC488 w/ @RogerOfarril FOR508 w/ dfirfpi SEC510 w/ Kenneth G. Hartman FOR610 w/ Jim - #BlackLivesMatter 🌈 MGT514 w/ @_JoeSullivan Register 👉 sans.org/u/1k57

Don't you think #mimikatz 3 is more sexy with #kekeo inside? Still compatible with Windows XP, Without custom compiler this time (VS2019+ Community+) Without commercial ASN1 library

I’ll just leave this here. Chad Tilbury @Hexacorn Phill Moore github.com/jklepsercyber/…

Procdump works against Defender with a simple rename. It quarantines the generated .dmp file but you have a few seconds to make a copy of it before it's removed. I've seen other security solutions that do this, try to copy the file quickly before it's removed.

📢 New Article Released! 📝 Domain Escalation - ShadowCoerce pentestlaboratories.com/2022/01/11/sha… #pentestlaboratories #redteam #redteaming

New #AADInternals version and related blog post (with multicolor arrows) out now! "Stealing and faking Azure AD device identities": o365blog.com/post/deviceide… Credits to 🥝🏳️‍🌈 Benjamin Delpy/#Mimikatz! #infosec #redteam #blueteam

Puzzled why a yara rule did or didn't match? Let me introduce yaradbg.dev, a web-based #yara #debugger! With #YaraDbg, you can see the: 1⃣ evaluation steps 2⃣ matched strings 3⃣ relationship among the rules

Why you should never ever ever use pixelation as a redaction technique 🙈 github.com/bishopfox/unre… #infosec #cybersecurity #dataprivacy

"write.exe" is just ShellExecute() to wordpad.exe. And ShellExecute() reads HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths before reading HKLM. Which means, you can use "write" to launch anything if you create "wordpad.exe" subkey. And it explains why I love Windows.🙃

Congrats Silvia Spallarossa for your #GASF cert! Very well deserved, so proud of you! And thanks domenica for teaching her :) #for585 SANS DFIR

Mattia Epifani domenica SANS DFIR Thanks to you and dfirfpi for giving me this great opportunity ❤️ and thanks to all REALITY NET (especially Claudia Meda) for all your support in these months ❤️

Coming 🔜: #SANS 🇪🇸 Madrid, March 2023 🔦 #SANS In-Person Course Spotlight #FOR508: 🗣️dfirfpi #FOR509: 🗣️Korstiaan Stam #ICS410: 🗣️ Justin Searle ➕ Search For More Courses: sans.org/u/1oiE #SANSTraining #EMEA #CyberSecurityTraining

Nasreddine Bencherchali We target anything from C:\\Users as first path github.com/mgreen27/Detec…

The SANS #RansomwareSummit is open for registration! Join Ryan "Chaps" Chapman Live Online as we bring together #Cybersecurity professionals for in-depth talks focused on #Ransomware prevention, detection, response, and recovery. ✍️ Register For Free: sans.org/u/1p0B

If you're starting out in security and find the breadth of stuff you "need to know" daunting, I want to give you some perspective: 1. The field has broadened - dramatically. The "baseline knowledge" grows every year. Anyone saying otherwise is lying or uninformed. 1/