Adversarial Collaboration Engineer @Lares_ | Blue Team stuff | Trying to be a decent human being | @munkschool Grad

Hamilton, Ontario
Joined November 2015
A lot of mud slinging on InfoSec twitter lately; I wanted to flip the script a bit and highlight the blogs, tools, talks etc that I keep coming back to on a regular basis, both as a defender and general InfoSec professional. Thread..
42
420
1,353
Show this thread
Anton retweeted
Start-ATHProcessHerpaderp was added to AtomicTestHarnesses w/ some extended capabilities from the original PoC. As I reimplemented @jxy__s's awesome capability and PoC, I came to appreciate both the novelty and reliability of the technique so much more. github.com/redcanaryco/Atomi…
2
25
66
Show this thread
The third part of my Paving The Way to DA series is live blog.zsec.uk/path2da-pt3/ this time talking about how #PassTheHash works, while it is an older technique it certainly still works in environments! Added extras at the end linking to @0x616e6874's posts about Ansible!
1
18
26
Show this thread
My favorite PSGumshoe PowerShell module is the creation of quick include or exclude rules from exiting events. Makes building config files so easy
3
22
68
Show this thread
Anton retweeted
We've noted our findings after a couple of years auditing #Windows #Defender Attack Surface Reduction events. Hopefully it will help anyone considering block mode. Being able to use the credential stealing/lsass rule was the surprise for me. medium.com/palantir/microsof…
12
143
323
Anton retweeted
There's a lot going around about analyzing Azure AD environments for compromise and risky/rogue permissions lately. Most focus on logs, but if there are no (more) logs or you just want to review AAD as a blue teamer, here is how ROADrecon (github.com/dirkjanm/ROADtool…) can help:
1
80
216
Show this thread
1
44
194