Stephan Berger
@malmoeb
Head of Investigations @InfoGuardAG • #DFIR • Threat Hunting • Azure & Active Directory Fanboy • OSCP, GXPN, GCIA, GCFA, GSE @malmoeb@infosec.exchange
عرض في 𝕏2
سلاسل التغريدات
49
عدد المشاهدات
14.3K
متابعون
1.5K
تغريدة
سلاسل التغريدات
1/ "They tried to stay stealthy and used the sysinternal's procdump tool, renamed in error.log to bypass Windows Defender detection and dump lsass process memory" [1] A similar t...
Real-World #PingCastle Finding #8: Non-admin users can add computers to a domain. A customer called us because he discovered two new computer objects. Such new computer objects can...