Joined July 2016
Roberto Rodriguez retweeted
Try it out with a one-liner (from elevated PS): > ConvertFrom-CIPolicy -XmlFilePath C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml -BinaryFilePath C:\Windows\System32\CodeIntegrity\SIPolicy.p7b Then reboot.
Did you know that you can completely neutralize Doppelganging, Herpaderping, and some other Process Buzzwording techniques by applying literally any WDAC (Device Guard) policy? Even an AllowAll one? Those things will simply be unable to run with WDAC enabled.
Show this thread
1
37
116
Show this thread
Roberto Rodriguez retweeted
Here's an exhaustive look at our Identity IOCs and the patterns we see, in the hopes that our Identity partners in the industry can use this to help protect our mutual customers (and customers can protect themselves). Happy Hunting. aka.ms/solorigateidentityioc…
3
64
155
Roberto Rodriguez retweeted
🚨Solorigate attack patterns targeting identity🚨 1⃣Forged SAML tokens using Stolen SAML Token Signing Material 2⃣Illegitimate registrations of SAML Trust Relationships 3⃣Adding credentials to existing applications 4⃣Queries impersonating existing apps techcommunity.microsoft.com/…
1
158
337
Roberto Rodriguez retweeted
@Cyb3rWard0g Thank you for the presentation about the great work you are doing... Mordor rocks!
Thank goodness it's #AtomicFriday! @Cyb3rWard0g and @mattifestation will be live at 1 PM ET! Join here: bit.ly/33AKlil
Show this thread
1
3
15
💥😱 @tiraniddo added "named pipe RPC client transport" to NtObjectManager 🔥 Thank you very much James for all your work 👏! I'll create PS scripts to cover a few scenarios 🍻 (Img 4) If anyone would like to help me, let me know 😉 @OTR_Community github.com/Cyb3rWard0g/WinRp…
2
52
151