📣 Red Teamers 📣 If you come across a cloud based IdP in your assessments, please make sure all of these techniques are in your arsenal. We routinely see these in identity compromise events. We need to make sure our organizations are informed on these attack vectors to plan defense strategies.
My first talk finally landed on YouTube from SpecterOps So-Con24, looking forward to doing it again on a new topic (but can’t bring myself to watch it back 🤣) https://lnkd.in/epBZWvdw
STATING THE OBVIOUS #43 If you are blue teaming, and spot an attacker seeding your systems with SSRF links, then you may not want to paste them into your IR channel (slack, meet, teams etc), as by default the apps will try to unfurl them. For recursion, see recursion. ;) #redteam #blueteam #purpleteam
CompTIA Security+ SY0-601 | ISC2 Certified in Cybersecurity (CC) | Google Cybersecurity | top 3% on TryHackMe
Seytonic is always a reliable source of information. If you happen to miss important news from your regular thread feeds, he's there to keep you informed. Subscribe to his channel if you didn't already. #informationsecurity #bughunting #zeroday #threatintelligence #patchmanagement
- eM Client investigation - Usage of MFT, USN Journal , Jumplists , Dialogue Boxes MRU, Recent Files, Browser Artifacts -Dump NTLM Hash using impacket secretsdump.py and brute force. Highly recommended!
We'll take SLSA with a side order of Sonatype , please ☝️🌶️ Read on for more about the seamless compatibility between #SLSA and Sonatype solutions, a powerful synergy that can enhance your software security efforts:
I had some fun with gen-ai and created an overview of how passkeys (using OmniPasskey) work on various platforms so people can see how easy multi-factor passwordless can be. Check it out: https://lnkd.in/grEKJZg6
Check out my blog post https://wix.to/4pkuzhs #newblogpost
Its Ethical status changed due to illiquid assets to total assets ratio so one can avoid it. plz.
#cybertech : on my radar and currently at the area of confluence. bit risky but will play with SL.✍️✍️
🌟 Discover the Power of MdE User Groups! 🌟 Excited to learn more about how user groups can transform your experience with MdE software? 💡 Check out our latest blog post for all the details! https://lnkd.in/dwuMi-DZ 🚀 #MdEInc #UserGroups #Empowerment #Community #Support #BlogPost #PublicSafety
Code cruncher by day, smart home alchemist by night, fiercely guarding the realms of privacy and security.
"DKIM is a standard that allows you to control things about your domain in terms of email. Things like: Should this server be allowed to send email as me? Where should email go? To help email from being spoofed. If you don't understand EXACTLY how DKIM works, no one can send you email, or no one will get email that your send." This is the introduction of DKIM by Dave Hamilton in episode 1037 by Mac Geek Gab (https://lnkd.in/eDCZvcaW). Unfortunately, everything of what is being said about DKIM is incorrect. To make matters worse, they even suggest generating DKIM key pairs and records using third-party services. Please don't do this; A private key should be generated on your machine and should never leave it. It is unfortunate that misinformation like this discourages people from adopting email authentication. For those genuinely interested in understanding how email authentication works or wanting to see it in action, please visit my blog below or check out https://learnDMARC.com, our free service that visualizes and explains email authentication in realtime. https://lnkd.in/ezxh4KRE
