Discover and read the best of Twitter Threads about #hafnium

Most recents (4)

Ok... It's the time of year I treasure. @VZDBIR reading at a coffee shop. This is going to be a live thread of love for DBIR, folks like @alexcpsec and @gdbassett, footnotes, and exciting uses of data visualization. 1/x Image
First: @VZDBIR predictions pre-reading
- Ransomware up! Thus making intrusions up! (Shocker,Malware that tells you you are infected makes for better detection)
- Increased threat to OT (colonial)
- BEC is actually the real threat
- APTs reduced in volume but higher in impact 2/x
Ahhh right off the bat. Can we just do this to begin every ppt, whitepaper, blog and conference talk? Then add definitions of Risk, Vulnerability, and Threat? Would be nice to educate.folks 3/x Image
Read 48 tweets
Next Wednesday @POTUS will travel to #Baltimore, announces @PressSec.
A news conference will be held by @POTUS before the end of this month, announces @PressSec.
"We don't take our advice or counsel from former President Trump on immigration policy," responds @PressSec when asked about latest statement from @POTUS45 contending there's a "spiraling tsunami" at the border with #Mexico.
Read 10 tweets
Thread to help anyone logging to #HAFNIUM / Microsoft Exchange Zero Day and wondering where to start.

CVEs as follows - CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065.

These CVEs are for Exchange Server. Exchange Online users are not affected by this.
Start by reading the following two articles, patching if required and looking for the IOCs provided (they are extensive).

Microsoft Article -…

Volexity Article -…
Further useful reading / detections -

Splunk Queries -

Sigma Rule to detect procdump on lsass.exe -

OSQuery hunt to identify systems that the ProcDump EULA has been accepted-
Read 6 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!