CtrlAltDefend ♀️
@zxqa.bsky.social
*Can’t decide my path—there’s just too much to protect.*
Forever learning, always adapting. 💻✨
#CyberSecurity #ThreatHunter #InfoSec
Forever learning, always adapting. 💻✨
#CyberSecurity #ThreatHunter #InfoSec
Pinned
CtrlAltDefend ♀️
@zxqa.bsky.social
· Jan 29
i am on a mission to complete all defensive security badges in Cybrary because why NOT!
youtube.com/clip/UgkxTSp...
When we’re quick to give advice, what happens?
When we’re quick to give advice, what happens?
YouTube
Share your videos with friends, family, and the world
youtube.com
May 7, 2025 at 2:20 PM
youtube.com/clip/UgkxTSp...
When we’re quick to give advice, what happens?
When we’re quick to give advice, what happens?
Made some enhancements to my website xdscvr.com
xdscvr - Search Cyber Threats with AI.
Search Threat News and get instant insights about the latest cybersecurity threats with xdscvr.
xdscvr.com
April 2, 2025 at 4:00 PM
Made some enhancements to my website xdscvr.com
Reposted by CtrlAltDefend ♀️
Someone forgot to filter for prompt injection...
March 27, 2025 at 4:21 PM
Someone forgot to filter for prompt injection...
Hayo,
I built my webapp which searches in google then outputs the search results in addition to ai summary for each search result!! Isn’t that amazing 😍
my-threat-news.vercel.app
I built my webapp which searches in google then outputs the search results in addition to ai summary for each search result!! Isn’t that amazing 😍
my-threat-news.vercel.app
xdscvr - Discover & Analyze Cyber Threats
Explore and analyze the latest cybersecurity threats with xdscvr.
my-threat-news.vercel.app
March 4, 2025 at 9:26 PM
Hayo,
I built my webapp which searches in google then outputs the search results in addition to ai summary for each search result!! Isn’t that amazing 😍
my-threat-news.vercel.app
I built my webapp which searches in google then outputs the search results in addition to ai summary for each search result!! Isn’t that amazing 😍
my-threat-news.vercel.app
How do you exit vim?
February 18, 2025 at 10:06 AM
How do you exit vim?
Ever used forensics for threat detection?
If yes please explain.
If yes please explain.
February 15, 2025 at 5:12 PM
Ever used forensics for threat detection?
If yes please explain.
If yes please explain.
Registry Settings for Code Persistence
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run: used to start automatically for all users during system startup.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run: used to start automatically for the current user during login.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run: used to start automatically for all users during system startup.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run: used to start automatically for the current user during login.
February 7, 2025 at 9:19 PM
Registry Settings for Code Persistence
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run: used to start automatically for all users during system startup.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run: used to start automatically for the current user during login.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run: used to start automatically for all users during system startup.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run: used to start automatically for the current user during login.
Important registry files:
%SYSTEMROOT%\system32\config
-- SYSTEM
-- SOFTWARE
-- SAM
-- SECURITY
user profile (e.g., c:\users\administrator)
-- NTUSER.DAT
-- USRCLASS.DAT
C:\Windows\appcompat\Programs\
-- AMCACHE.HVE
%SYSTEMROOT%\system32\config
-- SYSTEM
-- SOFTWARE
-- SAM
-- SECURITY
user profile (e.g., c:\users\administrator)
-- NTUSER.DAT
-- USRCLASS.DAT
C:\Windows\appcompat\Programs\
-- AMCACHE.HVE
February 7, 2025 at 9:14 PM
Important registry files:
%SYSTEMROOT%\system32\config
-- SYSTEM
-- SOFTWARE
-- SAM
-- SECURITY
user profile (e.g., c:\users\administrator)
-- NTUSER.DAT
-- USRCLASS.DAT
C:\Windows\appcompat\Programs\
-- AMCACHE.HVE
%SYSTEMROOT%\system32\config
-- SYSTEM
-- SOFTWARE
-- SAM
-- SECURITY
user profile (e.g., c:\users\administrator)
-- NTUSER.DAT
-- USRCLASS.DAT
C:\Windows\appcompat\Programs\
-- AMCACHE.HVE
It seems like a remote job is a good idea *manifesting*
February 7, 2025 at 12:24 AM
It seems like a remote job is a good idea *manifesting*
People who work in cyber security of a highly regulated companies.. how do you manage the pressure of compliance and especially when IT fails to provide the necessary support or even follow basic cybersecurity guidelines?
February 4, 2025 at 8:48 AM
People who work in cyber security of a highly regulated companies.. how do you manage the pressure of compliance and especially when IT fails to provide the necessary support or even follow basic cybersecurity guidelines?
i am on a mission to complete all defensive security badges in Cybrary because why NOT!
January 29, 2025 at 4:29 PM
i am on a mission to complete all defensive security badges in Cybrary because why NOT!
Reposted by CtrlAltDefend ♀️
Deepseek has been my daily driver for a while and what most don't know is that it is suspiciously good at writing offsec tools...
January 26, 2025 at 9:45 AM
Deepseek has been my daily driver for a while and what most don't know is that it is suspiciously good at writing offsec tools...
LOLBins/Drivers Key resources:
→ LOLBAS: [lolbas-project.github.io](lolbas-project.github.io)
→ LOLDrivers: [loldrivers.io](www.loldrivers.io)
Detect abused tools & malicious drivers.
#LOLBins #LOLDrivers
→ LOLBAS: [lolbas-project.github.io](lolbas-project.github.io)
→ LOLDrivers: [loldrivers.io](www.loldrivers.io)
Detect abused tools & malicious drivers.
#LOLBins #LOLDrivers
LOLBAS
lolbas-project.github.io
January 26, 2025 at 2:24 AM
LOLBins/Drivers Key resources:
→ LOLBAS: [lolbas-project.github.io](lolbas-project.github.io)
→ LOLDrivers: [loldrivers.io](www.loldrivers.io)
Detect abused tools & malicious drivers.
#LOLBins #LOLDrivers
→ LOLBAS: [lolbas-project.github.io](lolbas-project.github.io)
→ LOLDrivers: [loldrivers.io](www.loldrivers.io)
Detect abused tools & malicious drivers.
#LOLBins #LOLDrivers
🚨 the "You Dun" Threat Group
Command & Control (C2)
8. Cobalt Strike
- Plugins:
- TaoWu: Drops `SharpHound.exe` for AD recon and `JuicyPotato.dll` for privilege escalation.
- Ladon: Automates payload execution across Windows domains.
Command & Control (C2)
8. Cobalt Strike
- Plugins:
- TaoWu: Drops `SharpHound.exe` for AD recon and `JuicyPotato.dll` for privilege escalation.
- Ladon: Automates payload execution across Windows domains.
January 26, 2025 at 1:48 AM
🚨 the "You Dun" Threat Group
Command & Control (C2)
8. Cobalt Strike
- Plugins:
- TaoWu: Drops `SharpHound.exe` for AD recon and `JuicyPotato.dll` for privilege escalation.
- Ladon: Automates payload execution across Windows domains.
Command & Control (C2)
8. Cobalt Strike
- Plugins:
- TaoWu: Drops `SharpHound.exe` for AD recon and `JuicyPotato.dll` for privilege escalation.
- Ladon: Automates payload execution across Windows domains.
🛑 the "You Dun" Threat Group
exploitation toolkit:
5. SQLmap
- Automated SQLi tool used to dump databases
6. Seeyon_exp
- Custom exploit
7. Weaver_exp
- Zhiyuan OA weaponizer leveraging deserialization flaws.
[The DFIR Report](thedfirreport.com)
exploitation toolkit:
5. SQLmap
- Automated SQLi tool used to dump databases
6. Seeyon_exp
- Custom exploit
7. Weaver_exp
- Zhiyuan OA weaponizer leveraging deserialization flaws.
[The DFIR Report](thedfirreport.com)
The DFIR Report
Real Intrusions by Real Attackers, The Truth Behind the Intrusion
thedfirreport.com
January 26, 2025 at 1:39 AM
🛑 the "You Dun" Threat Group
exploitation toolkit:
5. SQLmap
- Automated SQLi tool used to dump databases
6. Seeyon_exp
- Custom exploit
7. Weaver_exp
- Zhiyuan OA weaponizer leveraging deserialization flaws.
[The DFIR Report](thedfirreport.com)
exploitation toolkit:
5. SQLmap
- Automated SQLi tool used to dump databases
6. Seeyon_exp
- Custom exploit
7. Weaver_exp
- Zhiyuan OA weaponizer leveraging deserialization flaws.
[The DFIR Report](thedfirreport.com)
The "You Dun" Threat Group
*Breaking down their reconnaissance toolkit:
1. WebLogicScan
- Python-based scanner targeting Oracle WebLogic vulnerabilities (CVE-2020-14882, etc.)
- TTP: Mass scans with target lists focused on South Korea, China, and Iran
- Detect: Look for POST requests to in web logs
*Breaking down their reconnaissance toolkit:
1. WebLogicScan
- Python-based scanner targeting Oracle WebLogic vulnerabilities (CVE-2020-14882, etc.)
- TTP: Mass scans with target lists focused on South Korea, China, and Iran
- Detect: Look for POST requests to in web logs
January 26, 2025 at 1:28 AM
The "You Dun" Threat Group
*Breaking down their reconnaissance toolkit:
1. WebLogicScan
- Python-based scanner targeting Oracle WebLogic vulnerabilities (CVE-2020-14882, etc.)
- TTP: Mass scans with target lists focused on South Korea, China, and Iran
- Detect: Look for POST requests to in web logs
*Breaking down their reconnaissance toolkit:
1. WebLogicScan
- Python-based scanner targeting Oracle WebLogic vulnerabilities (CVE-2020-14882, etc.)
- TTP: Mass scans with target lists focused on South Korea, China, and Iran
- Detect: Look for POST requests to in web logs
Build Your Own SOC Lab!
Free hands-on guide → Splunk setup, threat detection, SPL queries & attack simulations.
Perfect for analysts.
Get it here:
github.com/r-ramos2/SOC...)
#Cybersecurity #ThreatHunting
Free hands-on guide → Splunk setup, threat detection, SPL queries & attack simulations.
Perfect for analysts.
Get it here:
github.com/r-ramos2/SOC...)
#Cybersecurity #ThreatHunting
GitHub - r-ramos2/soc-lab-at-home-with-splunk-comprehensive-siem-threat-detection-and-response-guide
Contribute to r-ramos2/soc-lab-at-home-with-splunk-comprehensive-siem-threat-detection-and-response-guide development by creating an account on GitHub.
github.com
January 26, 2025 at 1:12 AM
Build Your Own SOC Lab!
Free hands-on guide → Splunk setup, threat detection, SPL queries & attack simulations.
Perfect for analysts.
Get it here:
github.com/r-ramos2/SOC...)
#Cybersecurity #ThreatHunting
Free hands-on guide → Splunk setup, threat detection, SPL queries & attack simulations.
Perfect for analysts.
Get it here:
github.com/r-ramos2/SOC...)
#Cybersecurity #ThreatHunting