Tal Be'ery @TalBeerySec Twitter profile

Pinned Tweet

Tal Be'ery

@TalBeerySec

9 years

OMG! i'm in RFC! http://t.co/3feTzqWRav

4

5

116

Last Seen Profiles

@ylnoahhh

@KasihLudah

@garbledtomato

@SerenaMann69

@USCIS

@RACHIDSUPERMAN

@FIAWorldRX

@mkursatgursoy

@coupleshowoff25

@wtttx16

@pengen_stw

@SummaiyaRizwann

@Nephentes5

@JamieTheToasty

@jandakembangstw

@ibubohay2

@RahafSaad1993

@CrystalAsige

@Hatay_evli_cift

@emilyepalmer

@JMalacova

@usjapan7

@AngelHDP_

@MartinMorong3

@ahmdjmy505

@SwingerHotwife1

@StanekMira

@LiterallyRogue

@CoviandinaSAS

@will_escalona

@808Faisal

@Ri7_u10

@akatheghosty

@uyohs_

@Dougie_Bear_

@Whitehawtzodiac

Tal Be'ery

@TalBeerySec

4 years

#infosec caption it. I start. When you realize that you are better off with #sysmon + ELK, than with $2M SIEM license quota filled with firewall log data

19

222

914

Tal Be'ery

@TalBeerySec

4 years

Just published a blog explaining the root cause of the recent #win10 crypto vulnerability (CVE-2020-0601 / #curveball ?) using some "Load Bearing Analogies" to make it more accessible. CC: @tqbf @grittygrease @dakami

Win10 Crypto Vulnerability: Cheating in Elliptic Curve Billiards 2

Yesterday, Microsoft’s has released a security update for Windows which includes a fix to a dangerous bug that would allow an attacker to…

medium.com

5

415

808

Tal Be'ery

@TalBeerySec

4 years

Even with end to end encryption, metadata matters

13

249

770

Tal Be'ery

@TalBeerySec

1 year

Yikes! Tomorrow @ZenGo will publish about a vulnerability we had found in @CoinbaseWallet and others. We had responsibly disclosed to CB many weeks ago, they fixed and awarded us multiple bug bounties. Today we informed them we are going to publish. This is the reaction we got:

63

137

743

Tal Be'ery

@TalBeerySec

7 months

Did Hamas trade on terror and shorted Israeli ETFs before #7octobermassacre yielding profit in the Billions? Very Likely, say the former SEC commissioner @SECJackson et al. via @haaretzcom

39

144

475

Tal Be'ery

@TalBeerySec

1 year

A bug bounty is not a gag order. We will not be bullied or intimidated. #CoinbaseWallet you can have your money back. CC: @brian_armstrong

19

28

401

Tal Be'ery

@TalBeerySec

7 years

"apt-get install bloodhound" FTW! #BloodHound was recently added to @kalilinux Thanks @GotMilk , sbrun CC: @_wald0 @harmj0y @CptJesus

7

247

383

Tal Be'ery

@TalBeerySec

1 year

This is NOT the way to treat security researchers. We conducted this research to increase the security of the ecosystem and not for some bug bounties. Bug bounties are mostly tokens of appreciation. So, YES, we will publish. And, YES, we name CB and share a video of an exploit.

6

18

356

Tal Be'ery

@TalBeerySec

1 year

1/ Core issue behind Trust wallet extension vulnerability: It used a Mersenne Twister (MT19937) pseudo-random number generator (PRNG) for generating private keys, which is not random "enough" and therefore such private keys can be brute forced by attackers

Browser Extension WASM Vulnerability Postmortem

This postmortem provides an in-depth account of the vulnerability and the assertive steps we undertook to protect our users’ wallets. For a summary of the incident and FAQ, please refer to our...

community.trustwallet.com

24

87

310

Tal Be'ery

@TalBeerySec

2 years

NTLM relay is dead and living in AAD. An interesting @BlackHatEvents talk by @rubin_mor CC: @SteveSyfuhs @gentilkiwi #BHUSA2022

5

118

309

Tal Be'ery

@TalBeerySec

7 years

Seems like the #NSA / #EquationGroup hacked #SWIFT Belgium HQ internal network CC: @x0rz

2

251

259

Tal Be'ery

@TalBeerySec

7 months

@SyomabCovid19 הוא היה בן 29 כשהקליע נורה

2

0

260

Tal Be'ery

@TalBeerySec

3 years

Currently the best #PetitPotam TLDR 👇 by @bojanz (but still a bit incomplete): 1⃣Attackers provoke NTLM authentication from DC to a machine they control using MS-EFSRPC / MS-RPRN 2⃣NTLM Relay back to DC (reflection) AD CS to get a cert for DC 3⃣Upgrade DC cert to DC TGT 4⃣Win

SANS.edu Internet Storm Center

@sans_isc

3 years

Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability

0

117

249

1

87

259

Tal Be'ery

@TalBeerySec

7 years

Finally, the root-cause #vulnerability of #ETERNALBLUE / #MS17010 is exposed. Kudos to @zerosum0x0 & @JennaMagius

5

175

243

Tal Be'ery

@TalBeerySec

7 years

#Windows Console Proxy by @FireEye to deeply monitor interactive apps (e.g. #mimikatz , #Python , etc.)

0

127

202

Tal Be'ery

@TalBeerySec

6 years

Attackers think in graphs (™️ @JohnLaTwC ) and have tools for that ( #BloodHound by @harmj0y , @_wald0 , @CptJesus ) Now the defenders can, too! Kudos to my former colleagues in #MicrosoftATA for releasing it.

1

107

193

Tal Be'ery

@TalBeerySec

1 year

Isn't it ironic: 100 crypto researchers are locked out of the conference @BIUCrypto room because of a lost key

13

47

190

Tal Be'ery

@TalBeerySec

7 years

Eternal Blues: a simple, free tool to scan your network for computers vulnerable to #EternalBlue Kudos to Elad Erez!

OmerEz.com is for sale | HugeDomains

Premium domains add authority to your site. Transparent pricing. 1 year WHOIS privacy included. 30-day money back guarantee.

www.hugedomains.com

3

137

164

Tal Be'ery

@TalBeerySec

6 months

1/ A technical writeup on @Meta ’s @WhatsApp privacy issue: WA leaks victim devices’ end-to-end encryption (E2EE) identity information (mobile device + up to 4 linked devices) to any user, by design, even if blocked and not in contacts.

Hi Meta, WhatsApp with privacy?

TL;DR: Meta’s WhatsApp suffers from a privacy issue that leaks victim devices’ setup information (mobile device + up to 4 linked devices)…

medium.com

5

59

159

Tal Be'ery

@TalBeerySec

8 months

How to decode the AWS account id from AWS key id standing on the shoulders of giants: @0xdabbad00 @__steele

A short note on AWS KEY ID

As I was playing with AWS authentication and authorization system, I had realized that most of its inner working and data structures are…

medium.com

6

40

160

Tal Be'ery

@TalBeerySec

4 years

I just published "GlueBall: The story of CVE-2020–1464" @peleghd performed the patch diff and reversing. Some technical answers about Microsoft trust and digital signature verification, but many question marks on @msftsecurity response #GlueBall

GlueBall: The story of CVE-2020–1464

Digitally signed files are more trusted by the Operating System. This higher trust allows such files to execute in sensitive contexts or…

link.medium.com

4

72

146

Tal Be'ery

@TalBeerySec

5 years

Detecting NTLM relay of Exchange account (AKA @_dirkjan attack). Written by @talthemaor

How to win the latest security race over NTLM relay

NTLM relay vulnerability is not a new phenomenon. With the added security mechanisms implemented in signed NTLMv2 making successful attacks seem more and more..

techcommunity.microsoft.com

6

66

145

Tal Be'ery

@TalBeerySec

6 years

An excellent writeup on @mysmartlogon & @gentilkiwi #dcshadow #mimikatz technique by @AlsidOfficial CC @PyroTek3 @jepayneMSFT

1

98

137

Tal Be'ery

@TalBeerySec

1 year

Just had a good call w/ @Coinbase head of cryptography @LindellYehuda . He made it clear that Coinbase encourages coordinated public responsible disclosures. @zengo is looking forward to working w/ @Coinbase @coinbaswallet in future. CC: @brian_armstrong @SecurityGuyPhil

5

7

127

Tal Be'ery

@TalBeerySec

6 years

World premiere of #mimikatz dcshadow module by @gentilkiwi @mysmartlogon , live @BlueHatIL . Now, you can manipulate Active Directory DB, to change KRBTGT and many other attributes #bluehatil

1

109

126

Tal Be'ery

@TalBeerySec

5 years

One of the most exciting talks today @BsidesTLV : ReDTunnel by @El3ct71k & @realgam3 While DNS Rebinding is an old concept, a tool (only JS on client) that creates a stable generic HTTP(S) tunnel into the internal network of the victim can be a game changer

ReDTunnel

ReDTunnel has 5 repositories available. Follow their code on GitHub.

github.com

2

55

124

Tal Be'ery

@TalBeerySec

6 years

Crowd sourcing the truth. That will end up well. "Algorithms that promote or hide speech based on community data are secret admin tools for people with bots" @pwnallthethings

Elon Musk

@elonmusk

6 years

Going to create a site where the public can rate the core truth of any article & track the credibility score over time of each journalist, editor & publication. Thinking of calling it Pravda …

19K

43K

244K

4

27

109

Tal Be'ery

@TalBeerySec

7 months

@danielamram3 @elonmusk How much better is it to get wisdom than gold! and to get understanding rather to be chosen than silver!

6

7

112

Tal Be'ery

@TalBeerySec

8 years

1/ SAMR moved on! #Windows10 pleasant surprise: Remote query of local users (inc. local admins) can be controlled.

7

110

109

Tal Be'ery

@TalBeerySec

6 years

The #US 🇺🇸 allegedly #hacked into #Israeli 🇮🇱 drone and fighter-jet surveillance feeds An interesting article on state level chess game CC: @thegrugq @taosecurity @pwnallthethings

4

50

103

Tal Be'ery

@TalBeerySec

4 years

Someone just lost $2.5M in $Eth fees to send $100 worth of Eth, probably because they confused "value" with "fee". On the other hand, some miner is very happy now. Spotted with @ZenGo #Ethereum txpool visualizer

amanusk

@amanusk_

4 years

Someone just payed $2.5M to send an #Ethereum transaction!? Gas prices are really getting bad...

14

35

138

10

33

102

Tal Be'ery

@TalBeerySec

6 years

#mimikatz #dcshadow attack in a single pic

2

70

108

Tal Be'ery

@TalBeerySec

6 years

I just published “Bluetooth Hacking: Cheating in Elliptic Curve Billiards”

2

48

98

Tal Be'ery

@TalBeerySec

6 months

1/ So obviously hacking @kaspersky was a well thought operation by an Intelligence Agency (IA). But why? What made Kaspersky such a valuable target worth risking and ultimately losing IA's decade+ old Apple exploit chain? CC: @pwnallthethings @ImposeCost @thegrugq @0xcharlie

hackerfantastic.x

@hackerfantastic

6 months

This is more likely work of an intelligence agency, not an APT. APT is contractor service organized or reporting to the intelligence agencies of a nation-state or an OCG and does not have the same level of bureaucracy with payload delivery. The selective targeting gives it away.

16

74

418

11

19

99

Tal Be'ery

@TalBeerySec

4 years

I suspect we'd see an outbreak of "big game hunting" #ransomware using #Zerologon very soon. Leaping from a simple user to domain admin is the ultimate shortcut.

🥝🏳️‍🌈 Benjamin Delpy

@gentilkiwi

4 years

A new #mimikatz 🥝release with #zerologon / CVE-2020-1472 detection, exploit, DCSync support and a lots of love inside ❤️ It now uses direct RPC call (fast and supports unauthenticated on Windows) > Thank you: @SecuraBV

12

604

1K

3

38

98

Tal Be'ery

@TalBeerySec

7 years

Black Friday, Cyber Monday

3

50

93

Tal Be'ery

@TalBeerySec

6 years

The @MITREattack table is the periodic table of enterprise network hacking. Breaking the almost infinite number of possible "Chemical Compounds" into finite number of "Core Elements" is the key to understanding and defending. #DFIR #MITRE #ThreatHunting

Roberto Rodriguez 🇵🇪

@Cyb3rWard0g

6 years

I updated to include Also, I updated the public shared file that includes all @MITREattack Enterprise in one file in a tabular format 😊🍻💜💜 Useful when preparing for #ThreatHunting engagements!! 😉

0

170

323

1

52

94

Tal Be'ery

@TalBeerySec

7 years

Uploaded our @BlueHatIL slide deck "The Enemy Within: Stopping Advanced Attacks Against Local Users" via @SlideShare

The Enemy Within: Stopping Advanced Attacks Against Local Users

The Enemy Within: Stopping Advanced Attacks Against Local Users - Download as a PDF or view online for free

www.slideshare.net

0

52

95

Tal Be'ery

@TalBeerySec

7 years

If you ❤️ #Mimikatz (who doesn't? ) & Active Directory security, you will ❤️ @mysmartlogon 's @BlueHatIL talk next month. With his special guest, @gentilkiwi , they are going to expose a new attack feature in #mimikatz , dubbed "DCShadow"

0

69

93

Tal Be'ery

@TalBeerySec

4 years

@ericgeller @Bing_Chris How it started how it's going

2

26

91

Tal Be'ery

@TalBeerySec

8 years

On #WindowsServer2016 admins can control (w/ ACL on DC) who can query "Net User/Group /domain". Verified by @ItaiGrady CC: @msftsecurity

4

89

92

Tal Be'ery

@TalBeerySec

7 years

#KrackAttack explained in just one slide! By its author, @vanhoefm

1

52

90

Tal Be'ery

@TalBeerySec

1 year

Thank you @coinnbase @CoinbaseWallet for the right response this time. Better later than never. Looking forward to working with you in future. CC: @OurielOhayon @brian_armstrong

Philip Martin

@SecurityGuyPhil

1 year

@TalBeerySec @ZenGo @CoinbaseWallet Hey @TalBeerySec , I lead security at Coinbase. We appreciate security researchers from around the world working with us to keep Coinbase products and customers safe. That message doesn't reflect how we want to engage with the security research community. 1/

6

7

211

5

9

87

Tal Be'ery

@TalBeerySec

9 years

The price of #flash #0day in the #black market ( #HackingTeam ): $39K Bug bounty: $10K http://t.co/yTSgCVfN5u

10

165

85

Tal Be'ery

@TalBeerySec

7 years

“I Hunt Sys Admins” @RSAsecurity report on the #KingSlayer campaign, attacking #sysadmin via event log analysis tool

2

71

85

Tal Be'ery

@TalBeerySec

4 years

Briefly looking into #fireeye ToC of potentially stolen #redteam tools, nothing caught my eye as "ground breaking". (please tell me if I missed anything) I find it hard to believe that stealing these tools would have been the goal of this risky operation.

9

21

85

Tal Be'ery

@TalBeerySec

4 years

exploiting #Zerologon ... Tired: boring all 0s challenge 😴 Wired: Exciting challenges with non 0 values 🥳 See my new blog on the matter Thanks to @djrevmoon @_dirkjan @gentilkiwi @SBousseaden @mkolsek @0patch @OphirHarpaz @SagieSec @indi303 @SecuraBV

Zeroing in on Zerologon crypto: More than zeros

TL;DR: Additional, non-all zeroes challenge strings, to exploit Zerologon

medium.com

1

47

85

Tal Be'ery

@TalBeerySec

3 years

Lose the whole Lateral Movement attack surface with this 1 weird trick! Imagine the same on-premises network, just without (PS|SMB|AT|WMI|..)exec tools I think #RPCfirewall can really move the needle CC: @gentilkiwi @agsolino @_wald0 @markrussinovich @harmj0y @JohnLaTwC

3

18

85

Tal Be'ery

@TalBeerySec

6 years

Per @WIRED #FIN7 story () EVERY organization has a least a few persons REQUIRED to "open attachments from strangers". HR open CVs from strangers, Sales open RFIs from strangers, etc.

1

32

79

Tal Be'ery

@TalBeerySec

6 years

#Windows Endpoint Detection, MacGyver style Tools: #Sysmon by @markrussinovich , #splunk by @splunk , sysmon config by @SwiftOnSecurity + @mattifestation , playbook by @MITREattack

Olaf Hartong

@olafhartong

6 years

I just published “Endpoint detection Superpowers on the cheap — part 1”

8

185

404

1

37

75

Tal Be'ery

@TalBeerySec

10 months

Storm-0558: The non-expiry of the stolen Microsoft certificate in nit getting enough attention 🧵 1. if the cert was expired in time, no damage would have happened. Instead, Microsoft choose to "renew" it with the same private key which defeats the purpose of renewal.

Tal Be'ery

@TalBeerySec

10 months

Why nobody is speaking about the fact the stolen Microsoft certificate has expired on 2021? What am I missing? CC: @shirtamari

0

1

5

2

29

75

Tal Be'ery

@TalBeerySec

5 months

Just extracted his password

Alexxxx

@haig98

5 months

Working in the NYC subway on the go with Apple Vision Pro?! 🤯🤯

3K

5K

43K

2

8

68

Tal Be'ery

@TalBeerySec

8 years

Just saw a demo of bloodhound. Mind blowing

4

32

64

Tal Be'ery

@TalBeerySec

8 years

#APT vs. #PenTest : APTs go all the way. @thegrugq argument illustrated on #MicrosoftATA 's Kill-Chain

2

41

65

Tal Be'ery

@TalBeerySec

7 years

Let's hope that nukes are not voice activated

The Register

@TheRegister

7 years

TV anchor says live on-air 'Alexa, order me a dollhouse' – guess what happens next

7

132

83

3

20

64

Tal Be'ery

@TalBeerySec

5 months

Prediction: We will have a "how to visually extract typing data from @Apple Vision Pro using AI" talk in this year's @BlackHatEvents . The attack will have a stupid name ("eyesdropping"?). It's inevitable. #VisionPro

Tal Be'ery

@TalBeerySec

5 months

Just extracted his password

2

8

68

3

18

65

Tal Be'ery

@TalBeerySec

6 years

"The Industrial Revolution of Lateral Movement" Our ( @talthemaor + me) @BlackHatEvents #bhusa17 talk's video is now live

0

33

66

Tal Be'ery

@TalBeerySec

4 years

An actual "in-the-wild" #Zerologon story (buried in blog): 1⃣Initial penetration with an older #SharePoint vulnerability (CVE-2019-0604) 2⃣implant a web shell to gain persistent 3⃣Cobalt Strike-based payload 4⃣targeting Domain Controllers with the #Zerologon exploit.

Artem Sinitsyn

@ArtyomSinitsyn

4 years

Did you know? #ZeroLogon is now detected by Microsoft Defender for Identity - ex Azure ATP (CVE-2020-1472 exploitation)

2

20

45

1

19

66

Tal Be'ery

@TalBeerySec

8 years

Offensive Active Directory (With #PowerShell !) by @harmj0y For Defensive Active Directory use #MicrosoftATA

PSConfEU - Offensive Active Directory (With PowerShell!)

PSConfEU - Offensive Active Directory (With PowerShell!) - Download as a PDF or view online for free

www.slideshare.net

0

36

64

Tal Be'ery

@TalBeerySec

5 years

My doubts on the recent "deepfake AI" CEO fraud story. Please RT to get @WSJ @washingtonpost to amend their stories to provide evidence or reflect the uncertainty of this narrative. Thanks @pwnallthethings @LevAretz @DianeBeery for reviewing.

Deepfake AI or Shallow Fake News?

Recently, the Wall Street Journal reported that “Fraudsters Used AI to Mimic CEO’s Voice in Unusual Cybercrime Case” (paywall). The…

medium.com

4

34

60

Tal Be'ery

@TalBeerySec

6 years

True story: #Putin just attacked @pwnallthethings with a shark on #bluehatil stage!

3

10

58

Tal Be'ery

@TalBeerySec

7 years

Per popular demand: #Mimikatz imported to #javascript (using #emscripten ) CC: @gentilkiwi , @subTee

3

43

58

Tal Be'ery

@TalBeerySec

7 years

Slides of our ( @talthemaor + I) #BHUSA talk "The Industrial Revolution of Lateral Movement" via @SlideShare

The Industrial Revolution of Lateral Movement

The Industrial Revolution of Lateral Movement - Download as a PDF or view online for free

www.slideshare.net

0

32

58

Tal Be'ery

@TalBeerySec

5 months

This is probably the end of the Israeli/non-US western offensive cyber security industry. I believe the threat of denying entrance to the US for workers & investors of such companies and their families would be enough to make them choose other career opportunities

Ivan Kwiatkowski

@JusticeRage

5 months

"The State Department is implementing a new policy today that will allow the imposition of visa restrictions on individuals involved in the misuse of commercial spyware." This includes engineers working for spyware vendors.

3

7

26

0

4

51

Tal Be'ery

@TalBeerySec

1 year

1/ Account Abstraction and MPC: Frens with benefits! What started as an unpopular opinion quickly became mainstream: Anyone in the know believes that AA and MPC are not enemies, but actually better together

Account Abstraction and MPC: Frens with benefits! - Zengo

Account Abstraction and MPC: Frens with benefits! Zengo is the first keyless bitcoin and cryptocurrency wallet — the most simple and secure way to manage your crypto assets.

zengo.com

2

11

54

Tal Be'ery

@TalBeerySec

1 year

@notFungibleLove @ZenGo @CoinbaseWallet sure. we said so explicitly. CB can have their money. Technically we did not even take it yet. It is still on @Hacker0x01

Tal Be'ery

@TalBeerySec

1 year

A bug bounty is not a gag order. We will not be bullied or intimidated. #CoinbaseWallet you can have your money back. CC: @brian_armstrong

19

28

401

0

1

52

Tal Be'ery

@TalBeerySec

1 year

1/ #EIP6384 inaugural thread!🧵 First a huge thank you to my @ZenGo colleague and EIP co-author @0xVazi and now to the details...

The Block

@TheBlock__

1 year

ZenGo proposes solution to tackle offline signature exploits with EIP-6384

2

12

35

9

12

46

Tal Be'ery

@TalBeerySec

2 years

Our @ZenGo research just helped a user (not our user) get almost $2M back. What a way to start the day! Thanks @Mudit__Gupta for your help. More details #soon

6

2

49

Tal Be'ery

@TalBeerySec

4 years

A testing site for #curveball by @KudelskiSec (has some availability issues) Results for Chrome on an unpatched win10 vs non-vuln Mac (when you boldly move past warning messages)

3

22

51

Tal Be'ery

@TalBeerySec

5 years

1/2 I call BS. I see no positive evidence that deepfake AI was used. But it's nicer to all parties involved to say they were hacked by "deepfake AI hint of a german accent" than to say: "someone said on the phone 'send me zi money', so we sent".

Emin Gün Sirer🔺

@el33th4xor

5 years

First crime involving Deepfaked AI. Won't be the last. Scammer Successfully Deepfaked CEO's Voice To Fool Underling Into Transferring $243,000 via @gizmodo

3

43

117

3

15

48

Tal Be'ery

@TalBeerySec

9 years

APT28: used #mimikatz , MS14068 exploit on unpatched AD servers. Great #RSAC preso #APT #DFIR

1

40

50

Tal Be'ery

@TalBeerySec

4 years

1/ I just published Hitting a CurveBall Like a Pro! Using #wireshark to detect and hunt #curveball exploits by following the NSA advisory

Hitting a CurveBall Like a Pro!

Every idea needs a Medium

link.medium.com

4

22

49

Tal Be'ery

@TalBeerySec

4 years

"CurveBall’s Additional Twist: The Certificate Comparison Bug" shedding some light on the bug in #Windows10 that allowed it to accept #CurveBall “evil twin” certificates as valid.

CurveBall’s Additional Twist: The Certificate Comparison Bug

Every idea needs a Medium

link.medium.com

1

21

50

Tal Be'ery

@TalBeerySec

5 years

@hacks4pancakes Dev-Oops

0

6

48

Tal Be'ery

@TalBeerySec

7 years

If you’re not a security nihilist at the age of 20, you haven’t got a heart. If you’re still a nihilist at 40, you haven’t got a brain.

0

18

48

Tal Be'ery

@TalBeerySec

1 year

For years, Firmware wallets (previously known as HW wallets) were riding, if not spreading, this false narrative of HW magical powers to eliminate software related issues. Now that it backlashed, I find their take of "It's always has been that way" to be extremely hypocritical.

6

8

45

Tal Be'ery

@TalBeerySec

5 years

This forum post claims that almost all of NSO's employees' personal accounts on Facebook, WhatsApp, Instagram were blocked today

10

26

48

Tal Be'ery

@TalBeerySec

6 years

1/4 #shadowbrokers leaked NSA #DarkPulsar admin console, but not the implant itself. Researchers @kaspersky were able to find its implant counterpart by looking for encryption constants. via @Securelist

1

25

47

Tal Be'ery

@TalBeerySec

6 years

Weaponized #Meltdown is a very powerful Local Privilege Escalation technique. It will be soon incorporated in standard hacking tools. Another good reason for EVERYONE to patch ASAP (IT guys, I hear you, P stands for Possible)

1

29

47

Tal Be'ery

@TalBeerySec

1 year

1/3 ZenGo Wallet ❤️ @Ethereum , Ethereum ❤️ @ZenGo ! The Ethereum Foundation has approved a grant for our Transaction Simulation Security Research.

Ethereum Foundation awards Zengo Wallet a grant for Web3 security research - Zengo

Ethereum Foundation awards Zengo Wallet a grant for Web3 security research Zengo is the first keyless bitcoin and cryptocurrency wallet — the most simple and secure way to manage your crypto assets.

zengo.com

4

45

Tal Be'ery

@TalBeerySec

1 year

1/ Thank you @CertiK for your assessment of our @ZenGo wallet 🧵: "We firmly consider ZenGo to be a highly secure consumer wallet solution on the market today." and for helping us making it even better!

CertiK - Fortifying ZenGo: Unearthing and Defending Against Privileged User Attacks

CertiK engineers recently discovered a vulnerability in ZenGo's cryptocurrency wallet application and worked with their team to patch it. Read the details here.

www.certik.com

6

13

39

Tal Be'ery

@TalBeerySec

8 years

The #NetCease tool, hardening Vs. net session enumeration attacks has just crossed the 2K DLs mark! WTG @ItaiGrady !

0

16

44

Tal Be'ery

@TalBeerySec

7 years

The new Four Horsemen of the #CyberSecurity Apocalypse: #metasploit , #mimikatz , #powershell , netsh

3

29

42

Tal Be'ery

@TalBeerySec

6 years

No more speculations! #bluehatil mystery keynote speakers are the #spectre #Meltdown researchers @mlqxyz @misc0110 @lavados

2

14

44

Tal Be'ery

@TalBeerySec

4 years

#SIGred nightmare exploitation, unpatched environments are one email away from full compromise: 1. victim opens an email from attacker 2. pic link in email makes victim DNS server (on DC) resolve name against attacker's DNS server.

SIGRed: Windows DNS Server Remote Code Execution | Check Point...

Check Point Research recently discovered a critical vulnerability in the Windows DNS server that affects Windows Server 2003 to 2019, and can be triggered by...

www.youtube.com

3

21

44

Tal Be'ery

@TalBeerySec

7 months

The $3M fees Bitcoin Tx is likely related to "dark forest" bots front-running each other for a Brainwallet address

Tal Be'ery

@TalBeerySec

7 months

1/ Seems like someone (probably more than one) was lurking for this address, as the incoming transaction was "intercepted in mid-air" when it was in the mempool and immediately sent elsewhere, all in the same block (see same times)

3

7

38

9

11

43

Tal Be'ery

@TalBeerySec

4 years

BTW, it says [in Hebrew]: " @AliExpress_EN I'm so pissed. I was humiliated in the post office because of you"

2

43

Tal Be'ery

@TalBeerySec

7 years

#pentester watches #BloodHound () + #GoFetch () for the first time #DFIR #PenTest #PenTetsing

2

23

43

Tal Be'ery

@TalBeerySec

6 years

NSO employee accused of stealing their main espionage tool (Pegasus) and trying to sell it over the "dark net" for $50M CC: @pwnallthethings @ILDannyMoore @RidT (Hebrew, but juicy stuff)

הותר לפרסום: NSO ופרשת הסייבר מהחמורות בתולדות ישראל

עובד של חברת הסייבר הישראלית NSO שעמד בפני פיטורים גנב את תוכנת פגאסוס - כלי עוצמתי שמי שמחזיק בו יכול להגיע לכל אדם בעולם, לצותת לו ולצלם אותו בלי ידיעתו - והציע אותה למכירה בדארקנט • נפילתה לגורמים...

www.globes.co.il

3

31

41

Tal Be'ery

@TalBeerySec

1 year

1/7 While the exact technical details of the new #Ledger 's recovery feature are yet a mystery, we @zengo can already share some important insights and lessons on Firmware wallets (previously known as h̶a̶r̶d̶w̶a̶r̶e̶ wallets) and Recovery #ledgerrecovery

Firmware Wallets: Sunlight is the best disinfectant - Zengo

Firmware Wallets: Sunlight is the best disinfectant Zengo is the first keyless bitcoin and cryptocurrency wallet — the most simple and secure way to manage your crypto assets.

zengo.com

3

8

39

Tal Be'ery

@TalBeerySec

5 years

1/ TLDR: #NTLM is a pig. Outdated protocol with inherent insolvable problems. Due to backward compatibility Microsoft wasn't able to get rid of it. So they had to put on lipstick, makeup and mascara. But it is still a pig. Details of the attacks below (& @BlackHatEvents I assume)

Marina Simakov

@simakov_marina

5 years

We have discovered 3 critical NTLM vulnerabilities allowing RCE against any domain machine which were all fixed in the latest MS security update. Check out @YaronZi blog to get all the technical details: @preemptsecurity

4

233

394

1

18

40

Tal Be'ery

@TalBeerySec

4 years

Call me conservative, but I don't think #wfhsetup is a good #opsec move and I'd expect security companies to know better. Can expose the exact computer model, peripherals, operating system, installed programs (including email client, browser) etc.

Kaspersky

@kaspersky

4 years

Many staff at Kaspersky are now #WorkingFromHome , so we thought we'd share some of our set-ups. Working from home too? Share yours! #WFHSetup

3

10

67

11

10

39

Tal Be'ery

@TalBeerySec

5 years

The security Pac Man effect. Hunter becomes hunted.

1

8

39

Tal Be'ery

@TalBeerySec

8 years

1/ When you roast #Kerberos tickets ( #Kerberoast ), there's smoke... #MicrosoftATA smells it :) CC: @mubix @timmedin

3

30

40

Tal Be'ery

@TalBeerySec

7 years

4/ Therefore, it's either the attackers were "too successful" by mistake, or that ransom is just a smokescreen for their true goal

3

33

39

Tal Be'ery

@TalBeerySec

8 years

1/ Net Cease! @ItaiGrady verified NetSessEnum can be controlled w/ a Registry's ACL Thanks to @JosephBialek et al. in @Windows for the info

2

26

40

Tal Be'ery

@TalBeerySec

8 years

Remote Butler Attack resources are available on @BlackHatEvents site Preso: WP: #BHUSA

1

27

39

Tal Be'ery

@TalBeerySec

6 years

1/ #TURLA installed an Outlook backdoor for persistence, exfiltration and C&C channel over emails. Cool research by @ESET . h/t @GelosSnake for the link

1

17

38

Tal Be'ery

@TalBeerySec

7 months

1/ #Bitcoin is a dark forest (too)! In 2020, @Paradigm researchers @danrobinson @gakonst discovered #Ethereum 's Dark forest: bots monitoring the mempool for TXs and exploiting them. Today we @ZenGo show this is true for Bitcoin too

Bitcoin is a Dark Forest (too) - Zengo

Bitcoin is a Dark Forest (too) Zengo is the first keyless bitcoin and cryptocurrency wallet — the most simple and secure way to manage your crypto assets.

zengo.com

7

17

41