Martin Boller

@[email protected]
14 Followers
396 Following
58 Posts
He/Him, Ol' Fart, Father, Forensics, Blue Team, Offensive Security Gadfly, Cyber Security Architect, Sailor, CrowdSec fan
PronounsHe/Him/His
Websitehttps://blog.infosecworrier.dk
Martin BollerNov 6, 2022
1njected Nov 6, 2022
CMLoot is a tool I wrote to make it easier to extract interesting content from #SCCM / Microsoft Configuration Manager content library shares. It has been successfully used on pentest gigs and red teams to pwn environments. Check it out:
https://github.com/1njected/CMLoot
Martin BollerNov 6, 2022
Jerry 🦙💝🦙Nov 6, 2022
Reminder: I’ve started posting helpful FAQs here: https://wiki.infosec.exchange/doku.php?id=wiki:faqs
wiki:faqs [Infosec.Exchange Wiki]

Martin BollerNov 6, 2022
Matthew GreenNov 6, 2022
I’m really excited about the idea of someone deploying encrypted DMs on this thing. Need a good plan for key distribution and identity binding (makes me sad Keybase got eaten by Zoom, oops) and then the rest is just Signal protocol?
Martin BollerNov 6, 2022
Show threadChristoffer S.Nov 6, 2022

@martinboller @singe

That's what I'm thinking. Will be exploring the idea/concept with a few customers to see what to make of it. I'll report back when the time is ripe :-)

Martin BollerNov 6, 2022
Chapin BryceNov 6, 2022
1-Minute Canaries - How to increase visibility in 1 minute or less. https://blog.pythonicforensics.com/1-minute-canaries-16e66d079272
Martin BollerNov 6, 2022
atlasNov 6, 2022

Occasionally I write some tools and scripts for #security testing purposes, mainly in Python. You can find there here: https://github.com/aatlasis

Among them, Chiron, a security assessment tool for #IPv6.

aatlasis - Overview

A security researcher and practitioner with a special interest in network protocols insecurities. - aatlasis

GitHub
Martin BollerNov 6, 2022
jacquelines 🌟Nov 5, 2022
everyone is jeering at elon musk, but whom amongst us can say that they’ve never spent too much money on domain name that they don’t know what to do with?
Martin BollerNov 6, 2022
Christoffer S.Nov 6, 2022

Trying to figure out the general attitude towards Deception/Honeypots as production level ready systems to glean information about attackers?

I'm personally convinced of the value they could bring when deployed appropriately and leveraged intelligently, i.e used to answer specific questions about potential attackers and their methods.

What's your take?

#deception #threatintelligence #honeypots

Martin BollerNov 6, 2022
Show threadChristoffer S.Nov 6, 2022

@singe the idea is very much the same as intelligence led Threat Hunting. Hunting without a purpose is really nothing more than expecting to find evil because you want to.

Hypothesis driven hunting should translate equally well to Deception and Threat Intelligence. What question do you want answered? If you made an assumption about where initial access might occur, deception/Honeypots should ideally be placed close to these assumptions.

Hypothesis driven deception I guess you could say.

Martin BollerNov 6, 2022
Show threadDominic WhiteNov 6, 2022
@cstromblad I’m a deception maximalist - so no argument there. But can you elaborate on the specific hypothesis approach you mentioned?