Discover and read the best of Twitter Threads about #OPSEC

Most recents (21)

Wie Ihr wisst, setze ich mich hier ab und zu mit den Social-Media-Guidelines der #Bundeswehr und der #SocialMediaDivision auseinander. Aber wie gehen eigentlich andere Armeen mit Social Media um? Die nächsten Tage ein kleiner Thread zur #DigitalArmy der 🇬🇧 @BritishArmy 🧵👇 Image
1. Wofür die @BritishArmy 🇬🇧 Guidelines? Der Einstieg etwas gezwungen. Schwankt zwischen:

⛔️ „Social Media ist gefährlich und untergräbt den Dienstweg“


🧐 „Oh, unsere effektivste Kommunikation stammt von jungen Soldat*innen, die authentisch kommunizieren.“

Komisch 🙄 Image
2. Mein Eindruck zur Einleitung 🧐 Man sieht sich *gezwungen* einheitliche Regeln für den Umgang mit Social Media aufzustellen. Im Ton wird deutlich, dass es der @BritishArmy um einen gewissen Grad der Kontrolle geht. Image
Read 17 tweets
Gather round #infosec fam

Warning: This is a long Thread with lots of #VBALostArts & new goodies for #c2c #opsec & #payloads in Office Malware #VBA

Spoilers: This thread is gonna make some Blue Teams & sandboxes mad

Red Teams: There is plenty of fun up ahead.

Currently Office Malware is 3 steps generally:

1. Encrypt/Obfuscate Your #Macro Dropper
2. Get Your Powershell/Java/JS/DLL flavor of the week onto the victim ASAP
3. Bug out

I want to change all of this, however before we do that we need to upgrade Office Malware
For now lets focus on the first step and why obfuscating/encrypting your macros not ideal.

1. Your code will eventually get deobfuscated
2. Your code is not unique - same sample <-> many targets
3. Most obfuscation methods = Noise/Signatures
4. Your code becomes evidence
Read 18 tweets
These little plastic standoffs that hold the @axon_us camera to its housing is annoying! They do scrape right off though.
If you ever wondered what the inside of a Body Worn Camera looks like. Here ya go.
Oh hai!
Read 15 tweets
[Thread] Certifications

A non-comprehensive, non-linear summary of Dr. Craig Wright’s professional certifications.

National Security Training Academy
Security Industry Course and Firearm Certificate of Achievement - Granted in 1992

Brisbane YMCA Youth Club
Best Military Tactics - Granted in 1988

International Systems Security Professional Certification Scheme - Granted in 2005

Read 60 tweets
Would it be helpful to make some materials in OPsec and OSINT techniques for fellow #digitalsoldiers #qanon?
Phone security; disallow these application in having elevated access to your phone.. what apps have access to your GPS? photos? contacts? Camera? Microphone? Health data? Do you have an Android or IPhone? Update your phone last? Applications last? Do you have PWD mgmt? #opsec
Read 9 tweets
In Republican Devin Nunes opening statement, he chose to peddle the insane conspiracy theory that Ukraine helped Hillary lose the election to later then have the ability to smear Trump after he won and pin it on Russia (Say What??) #ImpeachmentHearings #ImpeachmentDay
Rep. Devin Nunes also attacked @AlexandraChalup and (as Democratic stooges) witnesses Amb. Bill Taylor and State Dept's George Kent highly respected professionals who have served numerous presidents of BOTH parties with distinction. #ImpeachmentHearings #ImpeachmentDay
I will remind everyone that while Devin Nunes was the Chairman of the Intelligence Committee of the United States in 2017 we & others alerted him 2 the fact that one of his past campaign websites was breached and infected with Russian SEO spam #ImpeachmentHearings #ImpeachmentDay
Read 15 tweets
Now on the Green Room at #VB2019, @eldracote @anshirokova will present "Geost botnet. The discovery story of a new Android banking trojan from an OpSec error", a work also done with @MaryJo_E !
The Geost botnet was found by investigating the traffic of a different botnet: #htbot also known as proxyback. This htbot botnet offers a proxy service for users in the underground.
The Geost operators were using htbot to access the command and control servers from Geost (thinking they were hiding themselves).
Read 10 tweets
A lightweight domain check in this malicious spreadsheet references the following protected cells:

A101 = ms
A102 = build
A103 = exe
A104 = C:\Users\Public\ptedcod.xml

A100 = MSBuild payload

Shellcode calls back to RFC1918
XLS upload fired on my #GuardrailsOfTheGalaxy VT hunting rules (23/58):…
Note the ⏱️ guardrail
I agree with @buffaloverflow's previous comments that these are very basic implementations of #T1480 Guardrails (that expose your targets).
@buffaloverflow @MITREattack Let me connect the dots:
@JohnLaTwC shared a sample "leav_blackboard_training.xlsm" in June 2018
• Document metadata aligns in both (Company=United States Army 😉) with different authors
• Syntax, builder (@infosecn1nja), and MSBuild payload overlaps
Read 4 tweets
There are so many things wrong with what the #USAF is doing here, that are very much not evident to the casual observer.

1) The RC-135 has changed its unique transponder number to 730000 (hex), an Iranian assigned code. So, the USAF is impersonating an Iranian plane.
2) As @GDarkconrad pointed out, this isn't an accident, the USAF did this with Venezuelan codes off the coast of #Venezuela too. US reconnaissance planes are impersonating the codes of the countries they are conducting reconaissance on, endangering future civilian flights.
3) I'm waiting for someone to tell me it's for #OPSEC. Clearly that doesn't work, as Spanish and Canadian citizens have called them out while we're still in out PJs. The Iranians see them plain as day, they're only hiding their activities from the American (and world) public.
Read 8 tweets
PDF of newly unsealed affidavit in US v Julian Assange…
Manning testified that she did not know who she was chatting with from WikiLeaks in 2010, but DOJ says "evidence demonstrates" it was Julian Assange.
Read 6 tweets
A raíz de futuras charlas que estoy preparando, os dejo un hilo con consejos muy básicos de #OPSEC en viajes. No soy un gurú de nada, y estas recomendaciones puede que no funcionen en tu caso, o pueden no ser las más adecuadas. Espero que sean útiles para alguien. Abro hilo...
No anuncies tu viaje en Redes Sociales, sobre todo si viajas a zonas con alto riesgo de secuestro, si quieres mandar unas fotos hazlo cuando estés de vuelta a tu país de origen, por muy bonito que sea el lugar. No ostentes joyas o dinero en ningún caso.
Si puedes, prepara el viaje con antelación: visados, vacunas, cartas de invitación, etc. Piensa en qué países has estado antes y si esto puede ser un problema. Estudia con detalle los riesgos de seguridad en la web del Ministerio de Exteriores español.…
Read 27 tweets
A few wks ago new words in the wordclouds of our domestic subset of #Hamilton68 Russian sympathizer accnts appeared on the topic of abortion. President Trump has been bleeding support among evangelicals & campaigns #walkaway & #buildthewall have proved ineffective #infosec #osint
It makes sense the #GOP would go back 2 their time tested political issue of abortion. And in this case push the most emotionally charged fringe like late-term abortions. The #Hamilton68 subset focused on Russian geopolitics showed a steady uptick around the topic #infosec #osint
We also looked at another #Hamilton68 subset that focuses on US Politics and contains a high level foreign sourced accounts & saw the same thing. This subset showed a dramatic increase in terms like abortion and late-term abortion. Something we've not seen before #infosec #osint
Read 8 tweets

A few days ago I requested a rug sample from a cute little online homewares retailer based here in Melbourne. They have really adorable stuff. They responded asking me to provide my credit card details for a security deposit. [1/23] #infosec #opsec
The PDF also requested a bunch of personal identification data such as name, age, and address. They wanted me to fill out the PDF and email it back to them. [2/23]
As the default s̶u̶c̶k̶e̶r̶ sys-admin for my parents and extended family, I've seen them become vulnerable to some pretty nasty phishing attacks and malware in recent years. Heck, I've been a target myself. [3/23]
Read 23 tweets
Finally we are able to analyze the most common URL use from a subset of #Hamilton68 accounts. Many many thanks to @Saill for all the scripting work on this. We now have a ton of additional data that can be analyzed. #infosec #opsec #osint
This is the top 25 URLs used by the #Hamilton68 subset of accnts focused on Russian Geopolitics. The most recent 3000 tweets from each of 125 accts were analyzed. 375000 tweets total. Fairly expected results & shows the prominence of Youtube & Facebook use. #infosec #opsec #osint
Further down the list in top 35-56 range revealed more interesting sites being used by these accnts. Ria(.)ru is a fairly new Russian media site housed at the same location as the Russian IRA troll farm. Stalkerzone is well known disinfo site #infosec #opsec #osint #hamilton68
Read 5 tweets
Just ran our #Hamilton68 accounts and here are the top hashtags being promoted over the past 48 hrs by two of the main troll subsets. One focused on US politics and one focused on Russian geopolitics. No big surprise #CovingtonCatholic cracked the list #infosec #opsec #psyops
A friend helped do a quick analysis of last ~3000 tweets from 24 core #Hamilton68 accounts in my US domestic subset -- 73165 tweets in total. Here were the top accounts retweeted. We removed all known Hamilton68 accts from this list. Yellow are known/verified accts. Thx @saill
Guessing a lot of you will recognize some of the accounts on this list. Just because we haven’t been able to reverse engineer them as Hamilton68 accounts doesn’t mean there aren’t a few suspect ones on this list.
Read 12 tweets
Just before Christmas we looked at #Hamilton68 accounts who focus on Russian geopolitics and how they were stoking the #giletsjaunes conflict in France. We noticed a new hashtag #integrityinitiative (red arrow) .. #infosec #osint #opsec
We didn't think much about this over the holidays but revisited it in early January 2019. Turns out the the #integrityinitiative had become even more prominent and prompted additional research .. #infosec #osint #opsec
We did a hoaxy analysis of the #integrityinitiative hashtag on January 5th and noticed two major nodes of well-known #Hamilton68 accounts .. @Ian56789 and @ShoebridgeC ... #infosec #osint #opsec
Read 10 tweets
A fascinating thread ...dont think 4 a minute that the only propaganda / misinformation campaigns come from Russia ... there are plenty of domestic operations going on right now. In this case a Wall Street Hedge Fund manager posing as a #Bernie2020 acolyte
As @HoarseWisperer alertly posted, this Hedge Fund manager is running a disinfo / troll campaign against @ewarren and her supporters. If ur reasonably intelligent, I think you can figure out why a wallstreet Hedge Fund manager might be behind promoting #Bernie2020 #infosec
No idea right now how much of the "we want Bernie" tweets to @ewarren are from trolls, cyborgs and bots. Guessing like ourselves lots of other groups are scrambling to collect the data for analysis. #infosec #opsec #osint
Read 8 tweets
#OPSEC mistakes by ex @CIA Kevin Mallory #spying for China, caught on CCTV having secret documents scanned to micoSD card instead of doing it on his own cheap disposable scanner, useless non-destructive messages covert comms phone App, no #encryption…
#OPSEC #fail ex @CIA Kevin Mallory recruited to spy for #China #MSS via @LinkedIn profile openly pitching #NationalSecurity experience. N.B. all the risks of taking your phone to China, highlighted by US CI official also apply to foreigners visiting USA…
#Privacy activists need to learn from professional #espionage agents & #CounterIntelligence case #OPSEC techniques & failures - #China #MSS agent handlers were unprofessional in mobile #CovertComms & #MoneyLaundering - Kevin Patrick Mallory indictment…
Read 3 tweets
While this is probably a big 4chan joke ...I don't like to underestimate a disinfo campaign even if its a domestic 4chan trolling operation. Here is some #NPC background. I am also not one to suggest u put ur head in the sand & block these #infosec #opsec
As others have pointed out this appears to have developed much like Pepe the frog ...out of the 4chan netherworld of the internet. Reading the timeline of this fake account @BKrassenstein69 they are using to troll the real account @Krassenstein gives u the very racist flavor
Love the tool Hoaxy. Using it we were very quickly able to identify roughly 50 Twitter accounts all very related and most created this month. I am sure there are many more. #NPC #infosec #opsec
Read 14 tweets
On July 22nd Wikileaks released 22000 DNC emails that had been previously hacked by Russian GRU agents. On Oct 7th Wikileaks dumped hacked John Podesta emails soon after the seemingly damaging Access Hollywood tape came out where Donald Trump talked about sexual misconduct @ollie
3million tweets from the Russian Internet Research Agency were recently archived & made available by the site @fivethirtyeight. We wanted to look at particular hashtags related to Green Party Candidate Jill Stein and #DemExit… @ollie #infosec #osint #opsec
In the second wk of July 2016 #DemExit became a social media campaign & political movement in response to Bernie Sanders formally endorsing rival Hillary Clinton 4 president. Bernie Sanders supporters in particular were encouraged to leave the Democratic Party in protest #infosec
Read 14 tweets
So for the first time in quite a while a newcomer hashtag had top spot on the #Hamilton68 Dashboard -- #walkaway. We remembered seeing this hashtag in the past few weeks but didnt really know what it was or follow up on it. #infosec #opsec
The background story on this hashtag #walkaway is a little strange & the number of bots, trolls, & fake testimonial promoting this hashtag is even stranger. Here's an example of a completely fake tweet highlighted by @daveweigel #opsec #infosec
We decided to look retrospectively at our own reverse engineered #Hamilton68 data. This is a wordcloud of 22893 tweets from our main Hamilton68 troll subset going from June 24th until now & #walkaway takes the #1 spot. #infosec #opsec
Read 31 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!