Incident Responder @ Microsoft DaRT | Former Microsoft MVP | Tweets are my own.

Jupiter
Joined February 2017
The Macaw ransomware is impacting multiple industries. To help organizations hunt for this threat we published hunting queries: aka.ms/MacawAHQ. Microsoft 365 Defender customers can refer to the threat analytics report for more details, detections, investigation guidance.
1
60
8
121
Huy retweeted
Binary Format Security Descriptor Export/Import blog.joeware.net/2021/10/23/… #adfind #admod
0
4
0
8
Every time when I have to do a self-assessment, I just can't. I'm that type of person that would never call himself an ''expert'' in something. I rather let others judge my skills. It keeps me humble, but it may not always be the right attitude, I think. I don't know though.
11
3
0
52
Folks, let’s start the weekend on a positive way. What was the thing you recently worked on that you were proud of?
29
3
2
34
I get this a lot from sysadmins and network engineers: "I want to get into infosec". Like, you're already there! Do your job to secure the network. sysadmins and network engineers have farrrrrr greater opportunity for security in their daily tasks than a SOC or a Sec Engineer.
Uncomfortable truth, you don't need to be working in a SOC to be in infosec. Network and Sysadmins do just as much infosec as your high paid security analysts. They directly implement security, from firewall rules to system configurations. Be nice to your sysadmins.
19
51
18
356
Show this thread
Huy retweeted
AADConnect feature announcement: block cloud only account takeover There is a new configuration setting for AADConnect that customers can use to block cloud only account takeover by AADConnect. Remember to disable this setting if you need hard matching again.
3
29
2
99
Show this thread
We recently discovered the latest variant of a Mac malware tracked as UpdateAgent (aka WizardUpdate) with new persistence and evasion tactics, the latest in a series of upgrades over the past year. Given its history, this Trojan will likely continue to grow in sophistication.
5
163
17
355
Show this thread
Huy retweeted
All the contents of the offline advanced RE course + a new Golang track packed in a self-paced lab environment - coming soon ;)
Soon on Xtraining.kaspersky.com - Advanced Malware Analysis Techniques feat reversing legend @2igosha:
1
6
1
32
I found some private keys on VT, enabling all of us to decrypt C2 traffic from a subset of all the malicious Cobalt Strike servers that are out there on the Internet. More details: "Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1" blog.nviso.eu/2021/10/21/cob…
4
281
13
654
Lol, I was doing an AD Security Assessments with a colleague and we discovered Domain Users having granted SeLoadDriverPrivilege via the Default Domain Policy... 😦
21
12
2
193
Ok, so I've just discovered that they also allow Domain Users to log on locally to a DC. 🙃
11
2
1
62
I really love the job that I'm doing! This has been the best career switch so far. There are so tough moments, but in the end. I'll enjoy what I'm doing, and that's IR.
3
0
0
81
Cybersecurity Awareness Month works! Just spotted NTLM hash "999E1C2A032ADA29D812361249FB3C58" for "October2021" password during #IR 🥳
2
11
1
93
It's not about how you are when things go well. What defines you is how you are, after you fail from an obstacle.
1
3
0
25
Make sure to have time to invest in yourself.
2
3
1
45
I really struggle with reading long documentation. It's just not my thing. Get straight to the point and I will understand it better. Same thing goes for PowerPoint slides. I get distracted when I see someone presenting 100 slides to me, sigh...
16
1
0
75
I’m going to buy that fucking macbook.
4
0
0
17
Show this thread