Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
John Lambert Profile picture
@JohnLaTwC
Jan 29, 2020 6 tweets 3 min read Read on X
Would someone use the Olympics to phish? Yes, yes they would.
🆕hxxps://amazingmonkeys.es/tokyo2020comiteeolympic/
🆕hxxps://amazingmonkeys.es/olympiccomitee/
hxxps://154dst.com/comiteeolympic/
hxxps://154dst.com/olympiccomitee/
hxxps://154dst.com/olympicinternationalcomitee/ Image
and
🆕hxxps://amazingmonkeys.es/tokyo2020portal/
@Olympics, you might want to check the Referrer in your weblogs to see non-Olympics sites loading stillmed.olympic.org/media/Images/O…
Could help discover phishing sites like these.
@Olympics 🆕hxxps://transnesia.co.id/olympicfencingtoshiromutotokyo2020/
@Olympics 🆕hxxps://byteout.xyz/olympic/ad/index.html
They aren't loading the rings logo from the olympics.org website. Where did it go? #CyberChef reveals all! ImageImageImage
@Olympics 🆕hxxps://www.oscl.gr/olympicmesage/ Image

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Lambert

John Lambert Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @JohnLaTwC

John Lambert Profile picture
Oct 20, 2023
I spoke at @MSFTBlueHat last week.
➡️
I will follow up with a link to the recording when it is posted.

Some highlights from my talk below👇👇👇github.com/JohnLaTwC/Shar…
I talked about how incidents can teach powerful lessons and contain important truths for defenders. Image
I talked about while it is often romanced that offense has a richer toolset compared to the singular metaphor for defense ("the shield"). Defense has many creative ideas within it as well.
Image
Image
Read 12 tweets
John Lambert Profile picture
Apr 9, 2022
If you work with event logs, here are 2 GREAT utilities:

Parse an EVTX file into JSO: github.com/omerbenamram/e…

Query a JSON stream: stedolan.github.io/jq/tutorial/

Combined with Sysmon and some built-in logs, there is a lot of power at your fingertips 💪
First, export a log to EVTX:
1⃣wevtutil epl Microsoft-Windows-Sysmon/Operational sysmonlog.evtx
2⃣wevtutil epl Security Security.evtx /ow:true
3⃣wevtutil epl "Microsoft-Windows-DNS-Client/Operational" DNS.evtx
List hashes of programs that ran:

evtx_dump-v0.7.2.exe sysmonlog.evtx -o json --dont-show-record-number | jq ".Event | select (.System.EventID == 1) | .EventData | {Hashes} | .Hashes " | sort /unique

(PROTIP: Did you know sort has an undocumented /unique switch?)
Read 6 tweets
John Lambert Profile picture
Mar 13, 2022
I am preparing for an internal talk on career advice learned from working security crises. My notes 🧵
The fastest way to accomplish things is to build trust
You're always on stage. At work, there really is no way to be different in private v. public.
Read 24 tweets
John Lambert Profile picture
Sep 26, 2021
My favorite story about VBS files is not the I Love You worm, but one that happened in building 40 at Microsoft.
VB Script files are associated with WScript.exe by default. This is an important detail. The other host for VB Script files is CScript.exe.
CScript is a console program. This allows your VBS to write to StdOut and it shows up in console window like cmd.exe.
Read 10 tweets
John Lambert Profile picture
Sep 24, 2021
I've had a lot of neat employee moments at Microsoft. here's one of them.
👇
It was Feb 4, 2014. The board had just named @satyanadella as CEO.
📎news.microsoft.com/2014/02/04/mic…
An email said he was going to make some remarks in a building across campus in like 30 minutes. I jumped in my car.
The crowd filled all available space. Ballmer was high energy as usual. It was 2014 so, you know, I had my Windows Phone with me. ImageImage
Read 6 tweets
John Lambert Profile picture
Sep 19, 2021
Found one of my Microsoft notebooks 📔 from 2005. Here are a few pages on what was on my mind then.
The Longhorn (aka Windows Vista) security plan.
Parsers were having many issues. I put this slide together to create awareness about the pattern we were seeing in MSRC at the time.
Occasionally I printed small versions of my slides and inserted them into my notebooks so I could easily socialize to people in 1-1 conversations.
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(