Wrote some words on my recent experience with burnout.

I was burnt out. Everyone else is too. We're about to have a moment.
mayakaczorowski.com/blogs/burnout

📌NIST 800-53 Controls mapped to ATT&CK
➡️ ctid.mitre-engenuity.org/our-work/nist-…
#BlueTeam #Security #infosec #ATTACK

#kaseya master key?

OgTD7co7NcYCoNj8NoYdPoR8nVFJBO5vs/kVkhelp2s=

github.com/Fr3akaLmaTT3r/…

The PancakesCon 2 videos for this year are available now at PancakesCon.org/videos.

Our A/V crew had a secret goal of releasing these within a week of the con. We hope you enjoy them as much as we do.

HUGE thx to Dustin (BusySignal), @c1ph0r, and Golgothus (Zach He/Him) for their work this week!

PancakesCon 2 - Hunting Malware Beacons and Making Pizza from scratch — both easier than you might think: youtu.be/BoJKrpBFYYQ

Thanks Ray and a huge shoutout to everyone involved with PancakesCon (Virtual Hacking Conference). Awesome conference format and so well run!

Nick Britton Nick,

I loved your talk. It was awesome.

Here's a video:
youtu.be/CDIkW3AALCo

Huge shout out to Lesley Carhart and all the volunteers and helpers for organizing and running PancakesCon (Virtual Hacking Conference). I had a blast and enjoyed all the talks thoroughly. Well done everyone!

Prepping pizza for my talk on PancakesCon (Virtual Hacking Conference) starting in just over an hour from now (7pm EDT). The votes were overwhelmingly for live demo, so I will be attempting to design #KQL threat hunting queries while baking a pizza simultaneously streaming live on pancakescon.org/track2

Honored to be selected to share two of my passions: breached credentials and bourbon!
We’re coming for your creds and we’re going to have some tasty drinks while we do it!

'Modern Web Application Vulnerabilities (on the perimeter right now)' by Cary Hooper
Cary (h00p) #BSidesDFW2020

'Hey I Hacked Your Skimmer' by Caleb Davis
#BSidesDFW2020

'Managing Misfits: Lessons Learned from a decade leading a penetration testing team.' by Krissy Safi and Nick Britton
#BSidesDFW2020

'A Drop of Jupyter: A Modular Approach to Penetration Testing' by Omar Bheda, Nate Kirk, Cody Ruscigno
#BSidesDFW2020

Introducing GitDorker - My automated GitHub dorking tool with over 240+ dorks for easy bug bounty wins :)

#HackerOne #infosec #Synack #bugcrowd #bugbountytip s #bugbountytip #CyberSecurity #100DaysOfCode

Check out my blog post for more details!

medium.com/@obheda12/gitd…

Microsoft is actively tracking threat actor activity using exploits for the CVE-2020-1472 Netlogon EoP vulnerability, dubbed Zerologon. We have observed attacks where public exploits have been incorporated into attacker playbooks.

The #Zerologon bug is going to be game over for a lot of companies and I reckon the weaponised payloads in ransomware will be pretty bad now; Destroy the DC by changing the password, get DA ransom the network and it's maximum pay day for criminals.

An interesting read, on Cobalt Strike detections. Plenty of takeaways for red teams looking to improve their tradecraft... One good point that we've been aware of for quite some time, work stageless or use a custom stager...

Want to test out Microsoft #Security products (and others) but don't have the environment to thoroughly test? Want to simulate Active Directory, privileged users, to learn more about credential exposure? Check it out this Defend the Flag environment
github.com/microsoft/Defe…

Hey y'all!
Ever used invoke-kerberoast or rubeus and tired of having to do kung fu to get the output completly hashcat/john compliant?

Ever had a mimikatz dump so big your eyes popped out?

Fear no more, I wrote parsers for both in python!
github.com/jfmaes/Parsers