Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
M.O.M.O. (momo@mk.absturztau.be)'s status on Sunday, 28-Jul-2024 00:52:03 JST M.O.M.O.
- Kevin Beaumont
@GossiTheDog@cyberplace.social I looked it up. Everything but that subheader seems to be fine, the author was pointing out tactics.
WinRAR corresponds to this: https://attack.mitre.org/techniques/T1560/
In conversation about a year ago from mk.absturztau.be permalink
Attachments
1. Domain not in remote thumbnail source whitelist: attack.mitre.org
  
  Archive Collected Data, Technique T1560 - Enterprise | MITRE ATT&CK®
- Embed this notice
  Alex (alex02@cyberplace.social)'s status on Sunday, 28-Jul-2024 03:32:25 JST Alex
  - Kevin Beaumont
  @GossiTheDog missing 7zip.
  
  In conversation about a year ago permalink
- Embed this notice
  Jason Haar :laserkiwi: (jhaar@mastodon.nz)'s status on Sunday, 28-Jul-2024 06:16:07 JST Jason Haar :laserkiwi:
  in reply to
  - Kevin Beaumont
  - Pär Björklund
  @Paxxi @GossiTheDog as was mentioned earlier, these tools are TACTICS, not declared as malware. They are commonly used by criminals during compromises, so it is prudent for orgs to track such activity. Of course that means dealing with false positives when your staff include people like those in this thread...
  
  In conversation about a year ago permalink
- Embed this notice
  Pär Björklund (paxxi@hachyderm.io)'s status on Sunday, 28-Jul-2024 06:16:08 JST Pär Björklund
  - Kevin Beaumont
  @GossiTheDog procdump is kinda funny since it's Microsofts own tool
  
  In conversation about a year ago permalink

Public

Conversation

Notices

Feeds