Dominic Chell 👻 @domchell Twitter profile

Pinned Tweet

Dominic Chell 👻

8 months

Happy we can finally talk about this one. Some EPIC work has gone in to this release from @modexpblog @peterwintrsmith @x86matthew @_batsec_ 🔥🔥🔥🌶️🌶️🌶️

MDSec

@MDSecLabs

8 months

Nighthawk 0.2.6 - Three Wise Monkeys, details of our upcoming new release for Nighthawk. See no evil, hear no evil, speak no evil.

9

64

213

5

21

72

Last Seen Profiles

@NoBlindspot

@calayours

@vi3h2

@fer_elizondo5

@ICIMAR_Cuba

@hoIyfvcks

@CoachCMill

@PSPCA

@rrmtrl

@SeniorStaffy

@iammusashi456

@mixedrace95

@_miikaji

@ArtsNChills

@WendyAndrew_

@classiccraig95

@Ennyxy

@shaammj

@Griznasty94

@rahayesuk

@hmartrotro

@carberry_teresa

@YTdementiadoc

@bennyb082

@MistyHolla10681

@1ii1_w

@scarypoolparty

@ZcChild

@_JLOTTO_

@japanzonjp

@olgamvazquez

@BernardoBonetto

@Doctor_Fill

@stw_pdg

@MsEricaDixon

@MokkaSrinu5593

Dominic Chell 👻

@domchell

10 months

#CVE -2023-*

17

124

621

Dominic Chell 👻

@domchell

1 month

I guess 2024 isn't going to be the year of Linux on the desktop either then

7

25

534

Dominic Chell 👻

@domchell

5 months

OST is out of control.... I was able to purchase the latest hacking tool with no background checks and for minimal cost!

16

42

536

Dominic Chell 👻

@domchell

2 years

I didn’t particularly want to name and shame the infosec person who stole $2k from me so tried to give him one last opp to return the money, instead he took to insulting and threatening me. However, I’m concerned about other ppl being scammed...

20

84

510

Dominic Chell 👻

@domchell

7 months

Everyone freaking out about the Okta pwnage... just wait until your EDR provider gets popped, free c2 to all endpoints 🤤🤤

18

83

470

Dominic Chell 👻

@domchell

1 year

As auth coercion is blowing up due to #cve -2023-23397, I've put together a quick thread about how we at @MDSecLabs have been leveraging these techniques in our red team engagements for quite some time. Its timely, but I presented much of this at @FiestaCon_RT last week 🧵

10

148

463

Dominic Chell 👻

@domchell

4 years

I've just uploaded my slides from @x33fcon for anyone who's interested

13

188

440

Dominic Chell 👻

@domchell

3 years

Just pushed a new blog post to the @MDSecLabs blog on Outlook based persistence -

6

188

433

Dominic Chell 👻

@domchell

3 years

Just push a new post and some fresh tooling to the @MDSecLabs github, demonstrating tricks for harvesting hashes over a c2. Weaponising these tricks has been a game changer for me during red teams....

14

200

421

Dominic Chell 👻

@domchell

4 months

A little tip for defenders going in to 2024.... Image load event telemetry is so important. As a simple example here's how to generically catch Cobalt Strike in your environment based on winhttp loading OnDemandConnRouteHelper.dll and msvcp_win.dll every time a callback occurs...…

6

92

410

Dominic Chell 👻

@domchell

4 years

Want to stop the blue team detecting your events? Just remotely DoS Sysmon 🤣😳😱 #oops post coming to the @MDSecLabs blog soon....

11

115

403

Dominic Chell 👻

@domchell

4 years

Just published some thoughts on red teaming, how to approach it, procure it and get in to it...

What I’ve Learned in Over a Decade of “Red Teaming”

Historically, most of my posts have been technical in nature (and can be found on the MDSec blog — normal service will resume shortly)…

link.medium.com

15

167

391

Dominic Chell 👻

@domchell

8 months

Spent some time refreshing my memory on ETW TI tonight. As a red teamer it's really important to get a good understanding of what the defenders/EDRs can see. Using the excellent Havoc as an example, let's have a peak...

3

108

388

Dominic Chell 👻

@domchell

1 year

Here's some further details on how to exploit CVE-2023-23397 in Outlook; its a pretty interesting one and incredibly easy to exploit...

MDSec

@MDSecLabs

1 year

We've just published a quick write up on CVE-2023-23397, which allows a remote adversary to leak NetNTLMv2 hashes: by @domchell

10

432

855

6

140

370

Dominic Chell 👻

@domchell

4 years

Part 1 of a blog series I’ve put together on lateral movement is now on our blog, I’ll be cover some old tricks with a twist as well as some new techniques...

I Like to Move It: Windows Lateral Movement Part 1 - WMI Event Subscription - MDSec

Overview Performing lateral movement in an OpSec safe manner in mature Windows environments can often be a challenge as defenders hone their detections around the indicators generated by many of...

www.mdsec.co.uk

3

155

365

Dominic Chell 👻

@domchell

4 years

Every bloody time 😩

9

54

359

Dominic Chell 👻

@domchell

1 year

Following some additional testing of #CVE -2023-23397 - I can confirm MS have only partially fixed this. You can still trigger auth to systems in trusted zones - ie other AD joined systems, which can then be relayed for privilege escalation 🔥

CVE-2023-23397 - Bypass

vimeo.com

7

116

337

Dominic Chell 👻

@domchell

2 years

Good red teams will blend in with the noise. ETW is a sweet resource for finding out what noise looks like. Here I'm using @FuzzySec 's SilkETW to hunt for surrogate processes for hosting my AD post-ex... I see you taskhostw.exe & winword.exe

6

89

324

Dominic Chell 👻

@domchell

5 years

I’ve just published the 2nd part of my series on persistence, this time on COM hijacking, including details of a hijackable interface in Win10 #redteam

Persistence: "the continued or prolonged existence of something": Part 2 - COM Hijacking - MDSec

In the first post I talked about my favourite persistence technique using Microsoft Office add-ins and templates. My second favourite technique for persistence is using COM hijacking which will be...

www.mdsec.co.uk

5

141

320

Dominic Chell 👻

@domchell

6 years

Here's how you can do scriptlet execution from inside Office using a macro....

5

133

323

Dominic Chell 👻

@domchell

7 months

It's mental how MS legitimately use domains that they allow their Azure customers to register hosts on... how is anyone supposed to spot whats malicious c2/phishing and not? 🤯

16

26

315

Dominic Chell 👻

@domchell

5 years

I decided to start posting some red team related content that I didn't feel was exciting enough for the @MDSecLabs blog. Here's a little series on persistence, starting with Office:

Persistence: “the continued or prolonged existence of something”

During a red team engagement, one of the first things you may want to do after obtaining initial access is establish reliable persistence…

medium.com

10

126

273

Dominic Chell 👻

@domchell

4 years

I'm just gonna leave this here... some EPIC work from @peterwintrsmith with some kind CS support from @buffaloverflow ... in process CLR for @armitagehacker 's Cobalt Strike

9

78

264

Dominic Chell 👻

@domchell

3 years

RCE in gitlab

1

82

251

Dominic Chell 👻

@domchell

1 month

The most effective controls I see in my red team engagements are practically cost-free… host based firewalls and tight segmentation give red teams a total headache

16

37

246

Dominic Chell 👻

@domchell

3 years

This may turn out to be an unpopular opinion, but having red teamed quite a few pure "zero trust", no perimeter, cloud first environments now, this model really needs to be rethought. I can safely say it scares the shit out of me that ppl are deploying this....

22

38

242

Dominic Chell 👻

@domchell

5 years

My talk “Offensive Development: DevOps Your Red Team” from @BSidesMCR is now available on YouTube tooling and blog post will follow in the upcoming weeks...

BSidesMCR 2019: Offensive Development: How To DevOps Your Red Team -...

null

www.youtube.com

12

97

225

Dominic Chell 👻

@domchell

2 years

If you missed my @x33fcon talk yesterday, I've just made the slides available. We'll be following up with more material on this in due course 🙂

6

91

220

Dominic Chell 👻

@domchell

3 years

Here's a simple gist to pull named pipes on current system , you can use this as part of your post-ex tradecraft to blend in better with Cobalt Strike's malleable pipename/pipe_stager/ssh_pipename etc

4

82

213

Dominic Chell 👻

@domchell

3 years

Super excited to offer more details around @MDSecLabs advanced C2 Nighthawk, and invite interested parties to get in touch for demos

4

75

201

Dominic Chell 👻

@domchell

5 years

Just popped the final part of my persistence series on the blog, covering WMI, along with an example you can execute-assembly

Persistence: “the continued or prolonged existence of something”: Part 3 – WMI Event Subscription -...

In my previous two posts I covered persistence using both Microsoft Office and COM hijacking, in this post I’ll discuss my third favourite technique for persistence; WMI event subscription. Unlike...

www.mdsec.co.uk

3

83

199

Dominic Chell 👻

@domchell

6 years

Executing macros from docx with remote template injection

1

119

197

Dominic Chell 👻

@domchell

2 years

Signed up for an infosec training in Aug, the provider then contacted me in Sept saying my seat had been revoked due to “being a competitor” and a refund would be provided. The training occurred in Oct. I’m yet to have the 2k refunded and have been given a variety of excuses 1/2

36

19

184

Dominic Chell 👻

@domchell

10 months

So who's gonna drop the netscaler RCE POC at 5pm today??

15

18

180

Dominic Chell 👻

@domchell

7 months

3 years ago, me, @StanHacked and @MarcOverIP set about creating our own con, built by red teamers for red teamers. Today it finally happened and it was 🔥 #redtreat23 @MDSecLabs @OutflankNL

11

22

173

Dominic Chell 👻

@domchell

2 months

I spent some time re-reviewing all our 2023 red team post-op notes and reports to get a better understanding of where our most common detection points were. I'll probably throw a blog post together talking about this and what we did to improve our tradecraft...

8

4

169

Dominic Chell 👻

@domchell

3 years

Found some time to play with the new #Nighthawk beta this afternoon.... some amazing work from @peterwintrsmith and @modexpblog .... when #Moneta thinks your implant is not "abnormal" 😍😉

9

38

169

Dominic Chell 👻

@domchell

2 years

Sneak peek of an upcoming #Nighthawk feature... full hidden desktop, transparent to the user - great work @peterwintrsmith and @x86matthew

13

27

165

Dominic Chell 👻

@domchell

7 years

Worried about categorisation in your #redteam ? Name your C2 webmail.<domain> - BlueCoat categorises it as Email w/o validation @MDSecLabs

3

77

159

Dominic Chell 👻

@domchell

4 months

There was a thread a month or two back about red teams not needing R&D, 0days irrelevant etc. I've just finished the report for my most recent project and reflecting on it I can see I used at least 2 0days (ohdays?😅) 1x initial access and 1x privilege escalation, in addition to…

11

18

160

Dominic Chell 👻

@domchell

4 years

This afternoon I'll be presenting at @x33fcon on redteam tradecraft #RedTeam

4

33

158

Dominic Chell 👻

@domchell

5 years

Slides for my @hackinparis presentation on SharpShooter are now available

1

58

153

Dominic Chell 👻

@domchell

3 years

Day 2 of the @MDSecLabs adversary simulation training is coming to a close. Today was all about going custom, students learnt how to build initial access payloads that did AMSI bypasses, PPID spoofing, argument confusion & injection. We then developed a custom stager that 1/2

4

36

151

Dominic Chell 👻

@domchell

9 years

So this just happened - PIN bruteforced on my 5s with iOS8.1 and wipe after 10 attempts turned on... http://t.co/lR1rsTG5pC

18

173

149

Dominic Chell 👻

@domchell

3 months

Wrote up some of my thoughts on LDAP post-ex....

MDSec

@MDSecLabs

3 months

Interested in sharpening your red team AD recon? Check out our latest post by @domchell , "Active Directory Enumeration for Red Teams"

2

163

388

0

28

148

Dominic Chell 👻

@domchell

1 year

Seeing a lot of hate for EDRs on here over the last week or two and I'm not really sure why. Of course they are bypassable, but they're trying to solve an impossible task and overall most do a reasonable job 🤷‍♂️

14

13

149

Dominic Chell 👻

@domchell

3 years

Just pushed a quick post on a trick that came in handy during a recent macOS red team to the blog...

macOS Post-Exploitation Shenanigans with VSCode Extensions - MDSec

Overview It’s no secret that macOS post-exploitation is often centric around targeting the installed apps for privilege escalation, persistence and more. Indeed, we’ve previously posted about...

www.mdsec.co.uk

3

58

140

Dominic Chell 👻

@domchell

3 years

#Nighthawk is packed with opsec post-ex features, here's it memory dumping and auto exfil lsass, never touching disk and without hooks, on a host with $EDR...

Nighthawk - Memory Dumping

Nighthawk, modern c2 for advanced operations

vimeo.com

6

37

138

Dominic Chell 👻

@domchell

3 years

And my revenge for Italy beating us in the Euros…. Nutella, strawberry and banana pizza… take that 🇮🇹🍕

41

3

141

Dominic Chell 👻

@domchell

8 months

Interesting post from @CrowdStrike on some ITW TA abuse of c2 🤔

CrowdStrike’s Advanced Memory Scanning Stops Threat Actor

The following case study describes how CrowdStrike leverages memory scanning in combination with new IOAs to provide world-class protection to customers.

www.crowdstrike.com

3

33

131

Dominic Chell 👻

@domchell

3 months

0/10 for effort

12

11

134

Dominic Chell 👻

@domchell

2 years

...as such it’s only right that anyone who is considering taking @ninjaparanoid ’s training know what they might have to deal with. It would be unfair to make such an accusation without proof, so I’ve provided evidence below.

6

12

128

Dominic Chell 👻

@domchell

2 years

Which brings us to today, where @ninjaparanoid has not returned the 2k that he received nearly 4 months ago. Judge for yourselves if this is the kind of person you would like to deal with and think twice before paying for trainings that only accept bank transfer!

2

8

132

Dominic Chell 👻

@domchell

4 years

Following on from my post on .NET tradecraft (), if you're looking to find a suitable sacrificial process to blend your execute-assembly use with, you can hunt for CLR loads using sysmon event ID 7 e.g. backgroundTaskHost.exe

2

53

132

Dominic Chell 👻

@domchell

9 months

As LinkedIn updates are already in full flow 😆 We’re very happy to announce a couple of additions to the @MDSecLabs fam, welcome @exploitph and @filip_dragovic ❤️

19

5

129

Dominic Chell 👻

@domchell

3 years

Amazing work from @peterwintrsmith and @_batsec_ in getting full BOF support in to the @MDSecLabs implant #nighthawk

7

28

128

Dominic Chell 👻

@domchell

3 months

Looks like the cat is out of the bag on ADWS then, I guess I should finally publish the blog post I've sat on for 2 years as well then 😅 Great work @falconforceteam

Olaf Hartong

@olafhartong

3 months

SOAPHound is out for walkies! SOAPHound is a #BloodHound collector to enumerate AD over SOAP instead of LDAP directly. Proud of Nikos for all his hard work! Blog: Tool repo: Detections:

15

235

549

4

13

127

Dominic Chell 👻

@domchell

6 years

Today someone asked me how to create a stageless payload with SharpShooter that would install @armitagehacker 's Cobalt Strike beacon... I made a quick video to demonstrate how

Creating a stageless payload for Cobalt Strike with SharpShooter

This video demonstrates how to create a stageless payload for a HTA file, that executes 32-bit shellcode to retrieve a Cobalt Strike beacon.

vimeo.com

2

60

122

Dominic Chell 👻

@domchell

3 years

New training module on creating Cobalt Strike BOFs finished, just in time for 😎

Adversary Simulation and Red Team Tactics

This course covers the skills required to conduct a simulation of a sophisticated adversary, including the latest tradecraft.

www.eventbrite.com

5

30

125

Dominic Chell 👻

@domchell

3 years

Sorry Kim, you’ll have to try harder

6

19

116

Dominic Chell 👻

@domchell

6 years

New release of SharpShooter including Squiblydoo, Squiblytwo, new techniques for script execution and an AMSI bypass... get it while it's hot 😊

MDSec

@MDSecLabs

6 years

FreeStyling with SharpShooter v1.0 - new blog post by @domchell

0

49

97

2

46

119

Dominic Chell 👻

@domchell

3 months

Me and @_batsec_ have been cooking up something good and happy to announce we'll be delivering @MDSecLabs new red team & maldev training at @BlackHatEvents #BHUSA24

5

19

115

Dominic Chell 👻

@domchell

2 years

Ranging from the money disappearing, the bank being closed, the bank unable to trace it. Feels like I’ve been pretty patient waiting nearly 4 months to have the money returned but equally don’t want other ppl to get scammed. Name and shame?

33

4

111

Dominic Chell 👻

@domchell

6 months

More fresh @vxunderground merch for the office today 💪

6

1

111

Dominic Chell 👻

@domchell

2 years

I take no joy in airing dirty laundry or naming and shaming anyone. But it's unacceptable to blatantly steal $2k then act the victim. It would be unfair to make such an accusation without providing the evidence so I have, hopefully doing so others can learn from this experience

4

3

109

Dominic Chell 👻

@domchell

1 year

Today I officially begin my 5th decade 🎉

36

1

109

Dominic Chell 👻

@domchell

3 years

Some bank holiday fun playing with Farmer v2.0 with some additions from @_batsec_ ... now supports relay to ADCS/Exch and triggers PetiPotam to pull user and machine$ certs which can be used with RBCD to RCE remote host, as well as delegate mbox rights 🔥

Farmer v2, ADCS Relaying

This is "Farmer v2, ADCS Relaying" by MDSec on Vimeo, the home for high quality videos and the people who love them.

vimeo.com

1

43

107

Dominic Chell 👻

@domchell

4 years

Keep an eye on the @MDSecLabs blog on Monday... @peterwintrsmith will be releasing what imo is one of the hottest bits of red team research in recent times! 🔥 #firewalker

2

20

106

Dominic Chell 👻

@domchell

6 years

You can now get a TGT from ASREP with no kerb preauth using #impacket , tested and verified - Thanks @agsolino ❤️

1

63

105

Dominic Chell 👻

@domchell

3 years

I recently found a ESC1 vuln cert template with PEND_ALL_REQUESTS (meaning enrolment approval reqd) which I also had a write ace on. I couldn't find any existing code to bypass so knocked up this tool to reset the mspki-enrollment-flag attrib to exploit it

Reset the mspki-enrollment-flag attribute when you possess a write ACE on a vulnerable certificate...

Reset the mspki-enrollment-flag attribute when you possess a write ACE on a vulnerable certificate template - SharpApprover.cs

gist.github.com

1

33

103

Dominic Chell 👻

@domchell

1 year

More innovation and beacon firsts for Nighthawk, great job team! 🔥🔥🔥

MDSec

@MDSecLabs

1 year

Nighthawk 0.2.4 - Taking Out the Trash

8

46

138

7

14

104

Dominic Chell 👻

@domchell

1 year

Thanks #ChatGPT 💀

38

8

105

Dominic Chell 👻

@domchell

6 months

Some great Halloween outfits in the office today, I decide to wear my @vxunderground tee... because what could be scarier than malware? 💀👻🎃

4

1

103

Dominic Chell 👻

@domchell

3 years

Little spoiler for some upcoming R&D release, it's going to be a good one...🔥🔥🔥

2

6

100

Dominic Chell 👻

@domchell

3 years

Many red teamers right now...

Reuters

@Reuters

3 years

The hackers posed as recruiters on networking site LinkedIn and WhatsApp to approach AstraZeneca staff with fake job offers, the sources said. They then sent documents purporting to be job descriptions that were laced with malicious code

27

233

487

4

17

101

Dominic Chell 👻

@domchell

2 years

1

9

96

Dominic Chell 👻

@domchell

3 years

Threw together a quick Cobalt Strike extension for the @MDSecLabs ActiveBreach toolkit this weekend, ready for some post-ex mail abuse....

0

21

97

Dominic Chell 👻

@domchell

8 months

I note theres a few people without practical real world RT experience wondering how you can know if an app like vscode is installed on a target in advance... well, with good targeting its actually pretty easy and historically there's been a bunch of ways to do this. For…

1

18

94

Dominic Chell 👻

@domchell

7 months

I wonder why I try so hard on red teams sometimes if this shit works 😅

Dave Luber

@NSA_CSDirector

7 months

Our ‘Living off the Land’ advisory provides important context on Chinese intrusions into critical infrastructure. You can’t rely on IOCs and malware detection. You need to focus on tradecraft.

18

144

459

8

5

96

Dominic Chell 👻

@domchell

4 years

Great work by @Cyb3rWard0g to produce a @Mordor_Project dataset for the Excel dcom lateral movement techniques!

Security Datasets

@SecDatasets

4 years

🚨 Datasets are ready 💥 Host (Win Events) & Network (PCAPs) 🌎 @HunterPlaybook is putting together a #jupyter notebook soon. INNER JOINs! 😎 @OTR_Community TY @domchell @MDSecLabs 🙏 1⃣ ExecuteExcel4Macro: 2⃣ RegisterXLL:

1

47

120

1

38

93

Dominic Chell 👻

@domchell

4 months

Some amazing work from @filip_dragovic , with a very detailed walk through of his approach and research strategies in exploiting CVE-2024-20656 🔥

MDSec

@MDSecLabs

4 months

Exploiting CVE-2024-20656, a Local Privilege Escalation in the VSStandardCollectorService150 Service - new research from @filip_dragovic

2

119

354

0

21

96

Dominic Chell 👻

@domchell

2 years

Very happy to officially welcome @x86matthew to the @MDSecLabs family today. Amongst other things, @x86matthew will be working alongside @modexpblog and @peterwintrsmith in building out further capabilities to Nighthawk c2 🔥

6

5

94

Dominic Chell 👻

@domchell

1 year

Great to see MS warning admins on vanilla ADCS vuln configs, hopefully this will help weed out ADCS exploitation over time

9

95

Dominic Chell 👻

@domchell

4 years

@varonis @_xpn_ did this over a year ago... 😄

@_xpn_ - Azure AD Connect for Red Teamers

blog.xpnsec.com

4

8

94

Dominic Chell 👻

@domchell

4 years

Another Red Team Training down, thanks to all the students for a great course! #redteam

2

5

93

Dominic Chell 👻

@domchell

1 year

- this sounds really misleading Microsoft, WebDAV WILL leak hashes to intranet zones, even on patched Outlook 👀

3

27

94

Dominic Chell 👻

@domchell

2 years

Stackoverflow seems to be down, how the heck am I supposed to code?!

5

3

91

Dominic Chell 👻

@domchell

6 years

I've just merged a PR from @cobbr_io to LyncSniper to add MFA identification and user enumeration in Office365 - thanks for the contributions!

added MFA identification & username enumeration to Invoke-AuthenticateO365 by cobbr · Pull Request...

Thanks for the great tool! I noticed that the response from O365 indicates whether the credentials are accurate, but requires MFA, which can result in valid credentials not being identified by Lync...

github.com

1

34

93

Dominic Chell 👻

@domchell

2 years

Took a few hours but managed to write an exploit for CVE-2022–26923 in .NET to escalate an existing computer account where I have SYSTEM and leverage on current gig... amazing work @ly4k_ 🔥🔥

0

8

92

Dominic Chell 👻

@domchell

2 years

Had a bit of spare time yesterday so whipped up a quick #Nighthawk c2 channel for Microsoft Teams… should be a lot faster once I add threading and tidy it up 😆 Here it is injected in to teams.exe…

Nighthawk - Custom C2 Over Teams

This is "Nighthawk - Custom C2 Over Teams" by MDSec on Vimeo, the home for high quality videos and the people who love them.

vimeo.com

8

20

89

Dominic Chell 👻

@domchell

2 years

@424f424f @ly4k_ Here's a quick poc to setup the attributes for an existing machine account where you've escalated - lovely bug ♥️

Exploit for Active Directory Domain Privilege Escalation (CVE-2022–26923)

Exploit for Active Directory Domain Privilege Escalation (CVE-2022–26923) - Program.cs

gist.github.com

1

35

88

Dominic Chell 👻

@domchell

7 months

1

14

86

Dominic Chell 👻

@domchell

7 months

If you pulled any of this on one of our red teams, it would be the last one you ever did 😅

13

10

88

Dominic Chell 👻

@domchell

15 days

The Talos and @NCSC write-ups on arcane door are very good and worth a read, the troubling bit is the lack of details around the initial execution vector... Not sure enough noise is being made about this...

4

31

88

Dominic Chell 👻

@domchell

4 years

@taosecurity @FireEye Expensive boxes promote false security

0

4

82

Dominic Chell 👻

@domchell

1 year

Created a new lab for the @MDSecLabs Adversary Simulation and Red Team Tactics v2 training... building a custom stage0 beacon in .NET that uses dynamic syscalls for injection with Airstrike from @q8fawazo as the backend

1

13

83

Dominic Chell 👻

@domchell

2 years

🤣🤣🤣

1

11

82

Dominic Chell 👻

@domchell

5 months

We're getting an ever increasing volume of product purchase enquiries from suspected bad actors. Some of them are pretty creative. My theory is they will just bounce to the next vendor with the same ruse. Are any OST product vendors interested in collaborating on intel in some…

11

84

Dominic Chell 👻

@domchell

2 years

So much fuss over hoarding a 0day, yet most orgs can still be owned with a macro 😆

3

14

82

Dominic Chell 👻

@domchell

2 years

I’m always looking to learn new things to sharpen my RT skills and try and do as much mal dev training as I can, having taken the NetSPI and Sek7 courses one of the few remaining was @ninjaparanoid ’s MOS; the syllabus looked good so I signed up and paid for this in August

1

3

77