Stephan Berger

@malmoeb

Head of Investigations @InfoGuardAG • #DFIR • Threat Hunting • Azure & Active Directory Fanboy • OSCP, GXPN, GCIA, GCFA, GSE @malmoeb@infosec.exchange

t.co Joined Oct 2012

View on 𝕏

Threads

views

14.3K

Followers

1.5K

Tweets

Threads

Recent Most Read Most Liked

1/ "They tried to stay stealthy and used the sysinternal's procdump tool, renamed in error.log to bypass Windows Defender detection and dump lsass process memory" [1] A similar t...

Stephan Berger

@malmoeb

Real-World #PingCastle Finding #8: Non-admin users can add computers to a domain. A customer called us because he discovered two new computer objects. Such new computer objects can...

Stephan Berger

@malmoeb

Stephan Berger

Threads

Unroll Thread