Some things never change pic.twitter.com/S1VV9JFJdP

— joernchen (@joernchen) November 10, 2023

You've probably heard a lot of NTLM leaking techniques by now, but have you wondered leaking NTLM info via ports other than 445/SMB? This long-overdue blog post from me reveals an interesting trick which could leak NTLM via any port (e.g. port 80). https://t.co/7g55VnHU7O

— Haifei Li (@HaifeiLi) November 9, 2023

Dear China, please please please make anti-American propaganda featuring the B-21. It would make us so mad. pic.twitter.com/RsWNZTeMDc

— William "Balloon Guy" Kim (@TheKimulation) November 10, 2023

Last week, Denmark dropped the cases against the intelligence chief and the former minister charged with leaking secrets. Denmark’s highest court ruled that the cases should be made public, the prosecution then argued it would not be safe to move forward. https://t.co/2IL6KgGDzn

— Runa Sandvik (@runasand) November 9, 2023

...
Merely to let you know that the courtcase against two of the "more prominent" individuals in Denmark, has been dropped,

Time will tell, if the public will obtain all facts, regarding underwater seacables + Operation #Dunhammer.https://t.co/RSvxm8Wj8T… pic.twitter.com/VZN7tpbfuA

— Anonymous Scandinavia🌐 Assange⏳ #NoExtradition (@AnonScan) November 1, 2023

This reads as if Adams either unlocked his devices for the FBI or they weren't locked to begin with. But man, can you imagine the shitshow if this became another encryption impasse?https://t.co/4sw72mnT6O pic.twitter.com/3hp1yaOoVH

— Kevin Collier (@kevincollier) November 10, 2023

Pictured above is Astronaut Leland D. Melvin's official NASA portrait.

When NASA astronaut Leland Melvin was assigned to a space shuttle mission in 2008, he was told he could bring his family for the official photo shoot wearing the famous orange "pumpkin suit." They didn't… pic.twitter.com/UcyZEGaSRk

— Historic Vids (@historyinmemes) November 10, 2023

France identified a manufactured campaign of 'painting' Stars of David on the streets to inflame chaos. It's an information operation, and there's an investigation of it being driven from abroad (guess where, a big Eastern Europe country). That's official. https://t.co/MTYh45ywDH pic.twitter.com/dzJujzjnTA

— Lukasz Olejnik, Ph.D, LL.M (@lukOlejnik) November 10, 2023

Join us next week at #SANSHackFest when @chompie1337 will explore compelling reasons why highly specialized security research has a place outside a SCIF.

Join us in Hollywood, CA or Attend Free Live Online Nov 16-17.

Register here: https://t.co/gxtdt6D4eN#RedTeam #PenTest pic.twitter.com/FWi2kJHJSV

— SANS Offensive Operations (@SANSOffensive) November 8, 2023

Like writing exploits and want to make it a career? Want to know why offensive security researchers can do any cybersec job? Can AI replace them? I’ll be discussing this and more during my keynote at Hackfest next week. The whole conference will be streamed for free. https://t.co/HCKtE67NUN

— chompie (@chompie1337) November 9, 2023

pic.twitter.com/PkDUTEYXVE

— Marc Slaughter 🌻 (@MarcSlaughter) November 10, 2023

We will continue to add to this (there are some more threat intel details, indicators & detection efforts to pour in... and I still want a flashy video demo 😜) ---

but we did want to get some actionable info out quick. 😁

Here's that writeup:https://t.co/1J9vM73IG3 https://t.co/5XXZU2Zlkp

— John Hammond (@_JohnHammond) November 10, 2023

Most ransomware IR's pic.twitter.com/ZGWnCIFiZ7

— PeterM🌻 (@AltShiftPrtScn) November 10, 2023

Teams AV exclusions: updated Oct 5th, 2023. This include both classic and the new Teams.https://t.co/xblL27aeRB

As a friendly reminder as well, #Citrix has added newer entries in https://t.co/P5WF8uBXgn#Citrix pic.twitter.com/09ABqrbAAI

— Steve Noel (@steve_noel) November 9, 2023

This is utter crap for AV advice from Microsoft

It's bad enough that Teams still runs in a user-writable location (AppData), but lets combine that with AV exclusions AND not specify path based vs process based exclusions

I would highly advise against path based exclusions here https://t.co/9RdvBFI2UI

— Nathan McNulty (@NathanMcNulty) November 10, 2023

Microsoft also has some exclusions for Citrix in their ASR whitelisting that you can abuse to bypass ASR to dump lsass, one in %temp% which is pretty handy. https://t.co/5PP8usECtt pic.twitter.com/MC8yZeCneV

— Adam Svoboda (@adamsvoboda) November 10, 2023

I alerted Intel multiple times that their PSIRT leadership was creating an actual liability. Crediting folks based on personal feelings and not facts; deciding mitigations based on marketing and not data: https://t.co/kD48Hc3qqa - I hope the great teams there find their way again

— Rodrigo Branco (@bsdaemon) November 10, 2023