Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Émilio Gonzalez @res260@infosec.exchange Profile picture
Émilio Gonzalez @res260@infosec.exchange
@res260
Cybersecurity blue team analyst with a strong interest in DFIR, red teaming, Windows, automating stuff and urbanism. YIMBY. Mastodon: @res260@infosec.exchange
Mar 4, 2022 10 tweets 7 min read
#ContiLeak 🧵! This time, management/developpers documentation 📄 CODING PRINCIPLES
Those are surprisingly good principles. "The wrong choice will grow in the code forever!" ✅✅✅✅✅ FACTS
Mar 3, 2022 17 tweets 7 min read
Another #ContiLeaks 🧵This one should be smaller 😂 In the rocketchat logs, a channel "manuals_team_c" contained 16 procedures from reconnaissance to exfiltration. I translated (with the help of @sys6x) them, here they are: github.com/Res260/conti_2… INITIAL ACTIONS
This one details the general ideas and the steps most cases will require. Reconnaissance using AD, enum shares, privesc, creds dumping using known techniques, etc. I found interesting that they inject a TLS listener. I wonder if it yields good results.
Feb 28, 2022 72 tweets 30 min read
So, Conti chat logs were leaked, I got my hand on a google-translated version of it, I'll document what I found interesting 🧵 March 2021: They tried to get ahold of a @vmw_carbonblack license, detailing their roadblocks and options: Image