Favorite tweets

Microsoft has uncovered a supply chain attack by North Korean threat actor Diamond Sleet (ZINC) involving the modification of an installer file from software maker CyberLink. The payload calls back to attacker infrastructure for instructions. Learn more: https://t.co/iKatpcMN7G

— Microsoft Threat Intelligence (@MsftSecIntel) Nov 22, 2023

from Twitter https://twitter.com/MsftSecIntel

November 22, 2023 at 05:10PM
via IFTTT

Microsoft has uncovered a supply chain attack by North Korean threat actor Diamond Sleet (ZINC) involving the modification of an installer file from software maker CyberLink. The payload calls back to attacker infrastructure for instructions. Learn more: https://t.co/iKatpcMN7G

MsftSecIntel

https://twitter.com/MsftSecIntel/status/1727373881206296891

https://ift.tt/pdLnF2g

Favorite tweets

🔥Malware Analysis with @HuntressLabs 🔥 Watch as we analyse a bloated (1.5GB) Golang file and dynamically extract an Xworm payload. We'll touch on Procmon, Process Hacker, Entropy Analysis, Debloating, Breakpoints, Debuggers and lots more🤠 [1/14] 🧵 #Malware #Golang https://t.co/NCs1Eh6mTt

— Matthew (@embee_research) Aug 24, 2023

from Twitter https://twitter.com/embee_research

August 24, 2023 at 09:00AM
via IFTTT

🔥Malware Analysis with @HuntressLabs 🔥 Watch as we analyse a bloated (1.5GB) Golang file and dynamically extract an Xworm payload. We'll touch on Procmon, Process Hacker, Entropy Analysis, Debloating, Breakpoints, Debuggers and lots more🤠 [1/14] 🧵 #Malware #Golang https://t.co/NCs1Eh6mTt

embee_research

https://twitter.com/embee_research/status/1694635899903152619

https://twitter.com/embee_research/status/1694635899903152619/photo/1

Favorite tweets

Here is a list of researchers and offensive security accounts I recommend following, based on their consistently excellent content and objective, respectful interactions: @wdormann @HackingLZ @FuzzySec @mariuszbit @0gtweet @ippsec

— Florian Roth (@cyb3rops) Nov 19, 2023

from Twitter https://twitter.com/cyb3rops

November 19, 2023 at 09:00PM
via IFTTT

Here is a list of researchers and offensive security accounts I recommend following, based on their consistently excellent content and objective, respectful interactions: @wdormann @HackingLZ @FuzzySec @mariuszbit @0gtweet @ippsec

cyb3rops

https://twitter.com/cyb3rops/status/1726344841540346183

Favorite tweets

US Treasuries Trading Affected by Ransomware Hack via ⁦@MihirBagwe⁩ & ⁦@daveperera⁩ https://t.co/DHwWu4gI0J

— Allan “Ransomware Sommelier🍷” Liska (@uuallan) Nov 10, 2023

from Twitter https://twitter.com/uuallan

November 10, 2023 at 07:47PM
via IFTTT

US Treasuries Trading Affected by Ransomware Hack via ⁦@MihirBagwe⁩ & ⁦@daveperera⁩ https://t.co/DHwWu4gI0J

uuallan

https://twitter.com/uuallan/status/1723064796071821760

https://ift.tt/MqhVSZN

Favorite tweets

I just learned that apps like Snapchat are giving push notifications WHEN SOMEBODY IS TYPING and all I want to know is why the product manager that decided this was a great idea is still alive with all 4 limbs intact.

— Wim Remes TR (@wimremes) Nov 9, 2023

from Twitter https://twitter.com/wimremes

November 09, 2023 at 06:00PM
via IFTTT

I just learned that apps like Snapchat are giving push notifications WHEN SOMEBODY IS TYPING and all I want to know is why the product manager that decided this was a great idea is still alive with all 4 limbs intact.

wimremes

https://twitter.com/wimremes/status/1722675526077165897

Favorite tweets

NEW BLOG: Common mistakes during Microsoft Defender for Endpoint (MDE) deployments. What are typical common mistakes during Defender for Endpoint deployment? In this blog, I will explain common mistakes/misconfigurations. Blog: https://t.co/hJqm6OD1UP #MDE #M365D

— Jeffrey Appel | Microsoft MVP (@JeffreyAppel7) Sep 14, 2023

from Twitter https://twitter.com/JeffreyAppel7

September 14, 2023 at 06:11PM
via IFTTT

NEW BLOG: Common mistakes during Microsoft Defender for Endpoint (MDE) deployments. What are typical common mistakes during Defender for Endpoint deployment? In this blog, I will explain common mistakes/misconfigurations. Blog: https://t.co/hJqm6OD1UP #MDE #M365D

JeffreyAppel7

https://twitter.com/JeffreyAppel7/status/1702384606798860696

https://ift.tt/tMzDJpE

Favorite tweets

Since February 2023, Microsoft has observed password spray activity by Iranian threat actor Peach Sandstorm (HOLMIUM) against thousands of orgs, likely an attempt to collect intelligence to support Iranian interests. Get TTPs, mitigation, hunting guidance: https://t.co/Qdz3JIsIzc

— Microsoft Threat Intelligence (@MsftSecIntel) Sep 14, 2023

from Twitter https://twitter.com/MsftSecIntel

September 14, 2023 at 04:33PM
via IFTTT

Since February 2023, Microsoft has observed password spray activity by Iranian threat actor Peach Sandstorm (HOLMIUM) against thousands of orgs, likely an attempt to collect intelligence to support Iranian interests. Get TTPs, mitigation, hunting guidance: https://t.co/Qdz3JIsIzc

MsftSecIntel

https://twitter.com/MsftSecIntel/status/1702359807095673106

https://ift.tt/dYv8Kgt

Favorite tweets

Happy to announce the release of my JADX dynamic scripting plugin, JADXecute. Now you write and share scripts to automate your Android APK analysis! #ReverseEngineering https://t.co/J3cNWZ1lBT https://t.co/aJDLbKPSao

— LaurieWired (@lauriewired) Mar 22, 2023

from Twitter https://twitter.com/lauriewired

March 22, 2023 at 03:39PM
via IFTTT

Happy to announce the release of my JADX dynamic scripting plugin, JADXecute. Now you write and share scripts to automate your Android APK analysis! #ReverseEngineering https://t.co/J3cNWZ1lBT https://t.co/aJDLbKPSao

lauriewired

https://twitter.com/lauriewired/status/1638566067198128128

https://ift.tt/XRjHOxv

Favorite tweets

I tried ChatGPT-4 and I am not impressed. https://t.co/WLidBjW78b

— Halvar Flake (@halvarflake) Jun 8, 2023

from Twitter https://twitter.com/halvarflake

June 08, 2023 at 08:56AM
via IFTTT

I tried ChatGPT-4 and I am not impressed. https://t.co/WLidBjW78b

halvarflake

https://twitter.com/halvarflake/status/1666730978482462728

https://ift.tt/zwA9IeK

Favorite tweets

Microsoft Threat Actor Naming for Office 365 https://t.co/UBp8O9ljX8

— x0rz (@x0rz) Apr 19, 2023

from Twitter https://twitter.com/x0rz

April 19, 2023 at 06:17AM
via IFTTT

Microsoft Threat Actor Naming for Office 365 https://t.co/UBp8O9ljX8

x0rz

https://twitter.com/x0rz/status/1648571522750070787

https://twitter.com/x0rz/status/1648571522750070787/photo/1

Favorite tweets

At the beginning of the infection chain, the victim receives an invisible iMessage attachment with a zero-click exploit. https://t.co/Tqq7HsCcyT

— Stefan Tanase (@stefant) Oct 23, 2023

from Twitter https://twitter.com/stefant

October 23, 2023 at 09:33AM
via IFTTT

At the beginning of the infection chain, the victim receives an invisible iMessage attachment with a zero-click exploit. https://t.co/Tqq7HsCcyT

stefant

https://twitter.com/stefant/status/1716447708376924266

https://t.co/Tqq7HsCcyT

Favorite tweets

Although I have permanently transitioned to vulnerability research, I have plans to release new versions of Malwoverview and continue maintaining it after I finish writing the five pending articles: https://t.co/SfVTmQUgEC There've been 91K downloads so far. #threathunting https://t.co/RZF8eJ7fXa https://t.co/Ari00pdL9w

— Alexandre Borges (@ale_sp_brazil) Oct 22, 2023

from Twitter https://twitter.com/ale_sp_brazil

October 22, 2023 at 05:09PM
via IFTTT

Although I have permanently transitioned to vulnerability research, I have plans to release new versions of Malwoverview and continue maintaining it after I finish writing the five pending articles: https://t.co/SfVTmQUgEC There've been 91K downloads so far. #threathunting https://t.co/RZF8eJ7fXa https://t.co/Ari00pdL9w

ale_sp_brazil

https://twitter.com/ale_sp_brazil/status/1716200038244794547

https://t.co/SfVTmQUgEC

Favorite tweets

Do you want to start the RemoteRegistry service without Admin privileges? Just write into the "winreg" named pipe 👇 https://t.co/1XkxK0FfbU

— Antonio Cocomazzi (@splinter_code) Oct 21, 2023

from Twitter https://twitter.com/splinter_code

October 21, 2023 at 07:43PM
via IFTTT

Do you want to start the RemoteRegistry service without Admin privileges? Just write into the "winreg" named pipe 👇 https://t.co/1XkxK0FfbU

splinter_code

https://twitter.com/splinter_code/status/1715876413474025704

https://t.co/1XkxK0FfbU

Favorite tweets

Palo Alto Networks' Unit 42 researchers analyse Munchkin, a new utility that allows BlackCat operators to propagate the payload to remote machines and shares on a victim organization network. https://t.co/3l0QwWep1Y https://t.co/jYK8ure5el

— Virus Bulletin (@virusbtn) Oct 19, 2023

from Twitter https://twitter.com/virusbtn

October 19, 2023 at 05:09AM
via IFTTT

Palo Alto Networks' Unit 42 researchers analyse Munchkin, a new utility that allows BlackCat operators to propagate the payload to remote machines and shares on a victim organization network. https://t.co/3l0QwWep1Y https://t.co/jYK8ure5el

virusbtn

https://twitter.com/virusbtn/status/1714931643025072379

https://t.co/3l0QwWep1Y

Favorite tweets

🧵Pentesting from windows is sometimes like.. Step 1. Login Step 2. Open Explorer Step 3. Open file share Step 4. Search file share for “vmdk” Step 5. Download the sam system and security hive using volumiser (cc @_EthicalChaos_) Step 6. Extract hashes with secretsdump 1/3

— spencer (@techspence) Oct 19, 2023

from Twitter https://twitter.com/techspence

October 18, 2023 at 09:08PM
via IFTTT

🧵Pentesting from windows is sometimes like.. Step 1. Login Step 2. Open Explorer Step 3. Open file share Step 4. Search file share for “vmdk” Step 5. Download the sam system and security hive using volumiser (cc @_EthicalChaos_) Step 6. Extract hashes with secretsdump 1/3

techspence

https://twitter.com/techspence/status/1714810607684206623

https://ift.tt/VwLfJZW

Favorite tweets

I really believe that if your infrastructure can’t survive a user clicking a link, you are doomed. I’m the director of cybersecurity at NSA and you can definitely craft and email link I will click… https://t.co/O2IzrMcXuM https://t.co/tkwSKmK3VV

— Rob Joyce (@NSA_CSDirector) Oct 17, 2023

from Twitter https://twitter.com/NSA_CSDirector

October 17, 2023 at 12:08PM
via IFTTT

I really believe that if your infrastructure can’t survive a user clicking a link, you are doomed. I’m the director of cybersecurity at NSA and you can definitely craft and email link I will click… https://t.co/O2IzrMcXuM https://t.co/tkwSKmK3VV

NSA_CSDirector

https://twitter.com/NSA_CSDirector/status/1714312343461482562

https://t.co/O2IzrMcXuM

Favorite tweets

Ransomware Tracker https://t.co/NUHXP8HDUg https://t.co/3qIGDMaQal

— Florian Roth (@cyb3rops) Oct 17, 2023

from Twitter https://twitter.com/cyb3rops

October 17, 2023 at 05:01AM
via IFTTT

Ransomware Tracker https://t.co/NUHXP8HDUg https://t.co/3qIGDMaQal

cyb3rops

https://twitter.com/cyb3rops/status/1714204895476068689

https://t.co/NUHXP8HDUg

Favorite tweets

⚡ The NTLM Protocol Animated! 🔴 Quick & Simple Explanation: 🔻 NTLM_NEGOTIATE You type your credentials on your machine (called Client💻), it sends a request containing your username to the Server🏛 you want to authenticate to. 🔻 NTLM_CHALLENGE The Server🏛 generates a… https://t.co/7ydb3Fr3EX https://t.co/QBaf5kgMlk

— Narek Kay (@0xNarek) Oct 16, 2023

from Twitter https://twitter.com/0xNarek

October 16, 2023 at 11:36AM
via IFTTT

⚡ The NTLM Protocol Animated! 🔴 Quick & Simple Explanation: 🔻 NTLM_NEGOTIATE You type your credentials on your machine (called Client💻), it sends a request containing your username to the Server🏛 you want to authenticate to. 🔻 NTLM_CHALLENGE The Server🏛 generates a… https://t.co/7ydb3Fr3EX https://t.co/QBaf5kgMlk

0xNarek

https://twitter.com/0xNarek/status/1713942045201412451

https://t.co/7ydb3Fr3EX

Favorite tweets

Just read amazing blog on webp CVE-2023-4863. creating poc for this: https://t.co/UizhHq1um5 have required lot of efforts and many might have just given up or frustrated with this!

— Hardik Shah (@hardik05) Oct 14, 2023

from Twitter https://twitter.com/hardik05

October 14, 2023 at 11:32AM
via IFTTT

Just read amazing blog on webp CVE-2023-4863. creating poc for this: https://t.co/UizhHq1um5 have required lot of efforts and many might have just given up or frustrated with this!

hardik05

https://twitter.com/hardik05/status/1713216139545760099

https://t.co/UizhHq1um5

Favorite tweets

With Microsoft #Graph Activity Log now in public preview let's talk about reconnaissance detection. 📢In my latest blog post I dive deep into the logs and show how you can detect tools like #bloodhound and #PurpleKnight using this new log source. https://t.co/xPY5wyBEdN

— Fabian Bader (@fabian_bader) Oct 14, 2023

from Twitter https://twitter.com/fabian_bader

October 14, 2023 at 05:40AM
via IFTTT

With Microsoft #Graph Activity Log now in public preview let's talk about reconnaissance detection. 📢In my latest blog post I dive deep into the logs and show how you can detect tools like #bloodhound and #PurpleKnight using this new log source. https://t.co/xPY5wyBEdN

fabian_bader

https://twitter.com/fabian_bader/status/1713127552762433746

https://t.co/xPY5wyBEdN

Favorite tweets

There are a lot of hacktivist groups and known adversaries engaged in the cyber conflict around the #IsraelPalestineConflict. @CrowdStrike pulled together a graphic to highlight some of what we're seeing. https://t.co/emX92SI0EL

— adam_cyber (@Adam_Cyber) Oct 13, 2023

from Twitter https://twitter.com/Adam_Cyber

October 13, 2023 at 04:18PM
via IFTTT

There are a lot of hacktivist groups and known adversaries engaged in the cyber conflict around the #IsraelPalestineConflict. @CrowdStrike pulled together a graphic to highlight some of what we're seeing. https://t.co/emX92SI0EL

Adam_Cyber

https://twitter.com/Adam_Cyber/status/1712925728344268849

https://t.co/emX92SI0EL

Favorite tweets

Finally, Microsoft Graph Activity log in public preview!! https://t.co/kI67unx9A8

— Dr. Nestori Syynimaa (@DrAzureAD) Oct 13, 2023

from Twitter https://twitter.com/DrAzureAD

October 13, 2023 at 12:43PM
via IFTTT

Finally, Microsoft Graph Activity log in public preview!! https://t.co/kI67unx9A8

DrAzureAD

https://twitter.com/DrAzureAD/status/1712871802538807457

https://t.co/kI67unx9A8

Favorite tweets

When deploying Defender for Identity, have you been doing Install-ADServiceAccount for the gMSA? I have good news - it does absolutely nothing! 🥳 The note is both correct (no need to install) and incorrect (this has nothing to do with password rotation) https://t.co/EEapJICfgq https://t.co/HuhMRQAkk8

— Nathan McNulty (@NathanMcNulty) Oct 12, 2023

from Twitter https://twitter.com/NathanMcNulty

October 12, 2023 at 07:59PM
via IFTTT

When deploying Defender for Identity, have you been doing Install-ADServiceAccount for the gMSA? I have good news - it does absolutely nothing! 🥳 The note is both correct (no need to install) and incorrect (this has nothing to do with password rotation) https://t.co/EEapJICfgq https://t.co/HuhMRQAkk8

NathanMcNulty

https://twitter.com/NathanMcNulty/status/1712619034322337952

https://t.co/EEapJICfgq

Favorite tweets

Our latest research into the #ToddyCat APT group shows they’re evolving their already honed strategies as well as introducing new loaders. We’ve also found that the group has developed new malware, designed to exfiltrate files from devices. Learn more ⇒ https://t.co/VkIn7BDLw8 https://t.co/z9kcihc92B

— Securelist (@Securelist) Oct 12, 2023

from Twitter https://twitter.com/Securelist

October 12, 2023 at 08:59AM
via IFTTT

Our latest research into the #ToddyCat APT group shows they’re evolving their already honed strategies as well as introducing new loaders. We’ve also found that the group has developed new malware, designed to exfiltrate files from devices. Learn more ⇒ https://t.co/VkIn7BDLw8 https://t.co/z9kcihc92B

Securelist

https://twitter.com/Securelist/status/1712452965636637169

https://t.co/VkIn7BDLw8

Favorite tweets

APIs for OSINT As a reminder, I have a Github repo with over a hundred APIs for automating dozens of different #osint tasks: collecting information about people, companies, etc. https://t.co/3LZWDWm17D If you don't know how to use APIs, read this: https://t.co/ZEHjKxiwRJ https://t.co/i5T8f2HQwB

— Cyber Detective💙💛 (@cyb_detective) Oct 12, 2023

from Twitter https://twitter.com/cyb_detective

October 12, 2023 at 06:37AM
via IFTTT

APIs for OSINT As a reminder, I have a Github repo with over a hundred APIs for automating dozens of different #osint tasks: collecting information about people, companies, etc. https://t.co/3LZWDWm17D If you don't know how to use APIs, read this: https://t.co/ZEHjKxiwRJ https://t.co/i5T8f2HQwB

cyb_detective

https://twitter.com/cyb_detective/status/1712417192178778204

https://t.co/3LZWDWm17D

Favorite tweets

Bugs happen but it's rare you see a bug that grabs you so hard and makes you nod like a little dog.. CVE-2023-44487 did that for me good god what a bug and here's why

— Daniel Cuthbert (@dcuthbert) Oct 11, 2023

from Twitter https://twitter.com/dcuthbert

October 11, 2023 at 04:45AM
via IFTTT

Bugs happen but it's rare you see a bug that grabs you so hard and makes you nod like a little dog.. CVE-2023-44487 did that for me good god what a bug and here's why

dcuthbert

https://twitter.com/dcuthbert/status/1712026660608827888

https://ift.tt/V1dsip4

Favorite tweets

The only bottleneck is server processing speed, which makes this an extreme load-test for the victim. Our monitoring measured one attack, coming into our global network via a global network of open proxies, at 398M requests per second! https://t.co/7yrtbbQAEE 2/3

— Damian Menscher (@menscher) Oct 10, 2023

from Twitter https://twitter.com/menscher

October 10, 2023 at 08:10AM
via IFTTT

The only bottleneck is server processing speed, which makes this an extreme load-test for the victim. Our monitoring measured one attack, coming into our global network via a global network of open proxies, at 398M requests per second! https://t.co/7yrtbbQAEE 2/3

menscher

https://twitter.com/menscher/status/1711715945339859298

https://t.co/7yrtbbQAEE

Favorite tweets

🦊 How To Use SOCKS Proxy With BurpSuite 🔴 Step 1 — Browser > Burp Proxy: First, you want to route your browser’s traffic to the Burp Proxy server. On Firefox, go to the network settings and add localhost:8080 as the local proxy (pro-tip: install FoxyProxy). On Chrome, (1/8) https://t.co/iCkZUuRzcF

— Narek Kay (@0xNarek) Oct 10, 2023

from Twitter https://twitter.com/0xNarek

October 10, 2023 at 04:52AM
via IFTTT

🦊 How To Use SOCKS Proxy With BurpSuite 🔴 Step 1 — Browser > Burp Proxy: First, you want to route your browser’s traffic to the Burp Proxy server. On Firefox, go to the network settings and add localhost:8080 as the local proxy (pro-tip: install FoxyProxy). On Chrome, (1/8) https://t.co/iCkZUuRzcF

0xNarek

https://twitter.com/0xNarek/status/1711666072687112644

https://t.co/iCkZUuRzcF

Favorite tweets

This is a pretty nice graphic explaining how Kerberos Auth takes place. Useful to have as a reference when you have to explain and visualize attacks such as Pass The Ticket, Kerberoasting and AS-REP Roasting. Credit: @0xNarek 🙏🙏 https://t.co/wgyXSQvNFY

— Kostas (@Kostastsale) Oct 10, 2023

from Twitter https://twitter.com/Kostastsale

October 10, 2023 at 04:15AM
via IFTTT

This is a pretty nice graphic explaining how Kerberos Auth takes place. Useful to have as a reference when you have to explain and visualize attacks such as Pass The Ticket, Kerberoasting and AS-REP Roasting. Credit: @0xNarek 🙏🙏 https://t.co/wgyXSQvNFY

Kostastsale

https://twitter.com/Kostastsale/status/1711656782802874728

https://t.co/wgyXSQvNFY

Favorite tweets

SecAnalyst Sylvain Heiniger (@sploutchy) loves NTLM relay. Dive into his latest blog post to learn how it can be used against Microsoft SQL servers. Discover misconfigurations in your infrastructure and fortify your defenses today. 🛡️ #MSSQL #NTLMrelay https://t.co/xur8aAZDOq https://t.co/BG7Wg9qIg9

— Compass Security (@compasssecurity) Oct 10, 2023

from Twitter https://twitter.com/compasssecurity

October 10, 2023 at 03:45AM
via IFTTT

SecAnalyst Sylvain Heiniger (@sploutchy) loves NTLM relay. Dive into his latest blog post to learn how it can be used against Microsoft SQL servers. Discover misconfigurations in your infrastructure and fortify your defenses today. 🛡️ #MSSQL #NTLMrelay https://t.co/xur8aAZDOq https://t.co/BG7Wg9qIg9

compasssecurity

https://twitter.com/compasssecurity/status/1711649012820869159

https://t.co/xur8aAZDOq

Favorite tweets

Been thinking about access control checks in AD a lot lately. How they're fairly simple, but fairly misunderstood & overly simplified in a lot of contexts. This post by @tiraniddo and the resources in it are a goldmine for this topic. https://t.co/xWXOB93oZa

— Jim Sykora (@JimSycurity) Oct 7, 2023

from Twitter https://twitter.com/JimSycurity

October 07, 2023 at 06:44PM
via IFTTT

Been thinking about access control checks in AD a lot lately. How they're fairly simple, but fairly misunderstood & overly simplified in a lot of contexts. This post by @tiraniddo and the resources in it are a goldmine for this topic. https://t.co/xWXOB93oZa

JimSycurity

https://twitter.com/JimSycurity/status/1710788207485276333

https://t.co/xWXOB93oZa

Favorite tweets

What's a #CyberSecurity #infosec myth that (appears to be) widely believed that you wish would die? Mine is that CIA conducted a supply chain attack on Russia resulting in a pipeline explosion

— Joe Słowik 🌻 (@jfslowik) Oct 2, 2023

from Twitter https://twitter.com/jfslowik

October 02, 2023 at 09:00AM
via IFTTT

What's a #CyberSecurity #infosec myth that (appears to be) widely believed that you wish would die? Mine is that CIA conducted a supply chain attack on Russia resulting in a pipeline explosion

jfslowik

https://twitter.com/jfslowik/status/1708829289888854433

https://ift.tt/1OmsFlR

Favorite tweets

Use silent #SMS messages to track LTE users’ locations An attacker sends silent SMS messages with a defined pattern and analyze LTE traffic to verify the victim location. All you need is just: SDR + SIM cards + LTESniffer software https://t.co/fFfiBmmGgs https://t.co/VPgj8XOARv

— Mobile Hacker (@androidmalware2) Oct 2, 2023

from Twitter https://twitter.com/androidmalware2

October 02, 2023 at 03:48AM
via IFTTT

Use silent #SMS messages to track LTE users’ locations An attacker sends silent SMS messages with a defined pattern and analyze LTE traffic to verify the victim location. All you need is just: SDR + SIM cards + LTESniffer software https://t.co/fFfiBmmGgs https://t.co/VPgj8XOARv

androidmalware2

https://twitter.com/androidmalware2/status/1708750817811996683

https://t.co/fFfiBmmGgs

Favorite tweets

If you have just started learning reverse engineering and malware analysis, you should pay attention to simple and well-known tricks that still have been used by adversaries when analyzing the resulting assembly code. #idapro #reversing https://t.co/p9wpRRyhaR

— Alexandre Borges (@ale_sp_brazil) Oct 2, 2023

from Twitter https://twitter.com/ale_sp_brazil

October 01, 2023 at 09:59PM
via IFTTT

If you have just started learning reverse engineering and malware analysis, you should pay attention to simple and well-known tricks that still have been used by adversaries when analyzing the resulting assembly code. #idapro #reversing https://t.co/p9wpRRyhaR

ale_sp_brazil

https://twitter.com/ale_sp_brazil/status/1708662951110992279

https://t.co/p9wpRRyhaR

Favorite tweets

My old girl has been in critical condition since Friday morning. My eyes are swollen from all the tears. The ER clinic sent me this photo, it might be the last photo I have of her. https://t.co/5l9aJc7az3

— Malware Unicorn (@malwareunicorn) Oct 1, 2023

from Twitter https://twitter.com/malwareunicorn

October 01, 2023 at 11:42AM
via IFTTT

My old girl has been in critical condition since Friday morning. My eyes are swollen from all the tears. The ER clinic sent me this photo, it might be the last photo I have of her. https://t.co/5l9aJc7az3

malwareunicorn

https://twitter.com/malwareunicorn/status/1708507647614628067

https://t.co/5l9aJc7az3

Favorite tweets

AD Miner Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses. https://t.co/isZKjeZqcp #cybersecurity #infosec #pentesting https://t.co/tW8JwxtE2g

— HackGit (@hack_git) Sep 30, 2023

from Twitter https://twitter.com/hack_git

September 30, 2023 at 02:04AM
via IFTTT

AD Miner Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses. https://t.co/isZKjeZqcp #cybersecurity #infosec #pentesting https://t.co/tW8JwxtE2g

hack_git

https://twitter.com/hack_git/status/1707999958543020221

https://t.co/isZKjeZqcp

Favorite tweets

Tip: How to come to the stage when you have a large audience. https://t.co/aaz3rlYv9u

— @mikko (@mikko) Sep 29, 2023

from Twitter https://twitter.com/mikko

September 29, 2023 at 10:40AM
via IFTTT

Tip: How to come to the stage when you have a large audience. https://t.co/aaz3rlYv9u

mikko

https://twitter.com/mikko/status/1707767313779286035

https://t.co/aaz3rlYv9u

Favorite tweets

I feel like 40% is low based on my experience. If you want to check if your AD CS is vulnerable, check out Locksmith. https://t.co/Ur2Ldeofi2 Locksmith will also help you fix the insecure misconfgurations it finds. https://t.co/JCZiWDJDvL

— Jim Sykora (@JimSycurity) Sep 27, 2023

from Twitter https://twitter.com/JimSycurity

September 27, 2023 at 01:50PM
via IFTTT

I feel like 40% is low based on my experience. If you want to check if your AD CS is vulnerable, check out Locksmith. https://t.co/Ur2Ldeofi2 Locksmith will also help you fix the insecure misconfgurations it finds. https://t.co/JCZiWDJDvL

JimSycurity

https://twitter.com/JimSycurity/status/1707090419433996777

https://t.co/Ur2Ldeofi2

Favorite tweets

Firmware attacks in the wild! 🔥 https://t.co/rqmETyq4QS

— Ryan Naraine (@ryanaraine) Sep 27, 2023

from Twitter https://twitter.com/ryanaraine

September 27, 2023 at 01:24PM
via IFTTT

Firmware attacks in the wild! 🔥 https://t.co/rqmETyq4QS

ryanaraine

https://twitter.com/ryanaraine/status/1707083793017041229

https://t.co/rqmETyq4QS

Favorite tweets

My team and I will release a 78-page CTI report this Wednesday, focusing on a threat actor we've linked to China. The entity tied to this actor was registered in Hong Kong by a Chinese national. High confidence and the report will explain the steps we took to arrive to this… https://t.co/artzsKP6it

— taha (@lordx64) Sep 25, 2023

from Twitter https://twitter.com/lordx64

September 25, 2023 at 04:49PM
via IFTTT

My team and I will release a 78-page CTI report this Wednesday, focusing on a threat actor we've linked to China. The entity tied to this actor was registered in Hong Kong by a Chinese national. High confidence and the report will explain the steps we took to arrive to this… https://t.co/artzsKP6it

lordx64

https://twitter.com/lordx64/status/1706410657808080954

https://t.co/artzsKP6it

Favorite tweets

SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) https://t.co/Baf8SWongW

— Marius Avram (@securityshell) Sep 25, 2023

from Twitter https://twitter.com/securityshell

September 25, 2023 at 10:19AM
via IFTTT

SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) https://t.co/Baf8SWongW

securityshell

https://twitter.com/securityshell/status/1706312473517662445

https://t.co/Baf8SWongW

Favorite tweets

💥 Malware Unpacking MindMap 💥 👇🏽 Covers some basic unpacking techniques 👇🏽 👉🏻 Run and Dump 👉🏻 Self Unpacker 👉🏻 Remote Hollow Process Injection 👉🏻 Import Address Table Construction #malware #reverseenginnering #malwareanalysis https://t.co/je584EBZhC https://t.co/Ql3UrVEV8G

— Raashid Bhat (@raashidbhatt) Sep 25, 2023

from Twitter https://twitter.com/raashidbhatt

September 25, 2023 at 10:03AM
via IFTTT

💥 Malware Unpacking MindMap 💥 👇🏽 Covers some basic unpacking techniques 👇🏽 👉🏻 Run and Dump 👉🏻 Self Unpacker 👉🏻 Remote Hollow Process Injection 👉🏻 Import Address Table Construction #malware #reverseenginnering #malwareanalysis https://t.co/je584EBZhC https://t.co/Ql3UrVEV8G

raashidbhatt

https://twitter.com/raashidbhatt/status/1706308411141329060

https://t.co/je584EBZhC

Favorite tweets

Today's pre-release of YARA 4.4 also contains performance improvements provided by my team It should significantly improve scan speed when you apply large rule sets, because it skips the condition evaluation for rules needing a string match when none of the strings are found… https://t.co/yP4CO7XZeC https://t.co/5V5mc4lfm2

— Florian Roth (@cyb3rops) Sep 19, 2023

from Twitter https://twitter.com/cyb3rops

September 19, 2023 at 10:57AM
via IFTTT

Today's pre-release of YARA 4.4 also contains performance improvements provided by my team It should significantly improve scan speed when you apply large rule sets, because it skips the condition evaluation for rules needing a string match when none of the strings are found… https://t.co/yP4CO7XZeC https://t.co/5V5mc4lfm2

cyb3rops

https://twitter.com/cyb3rops/status/1704147677489807492

https://t.co/yP4CO7XZeC

Favorite tweets

YARA 4.4.0-rc1 is out! https://t.co/czSEhn0Erb

— Victor M. Alvarez (@plusvic) Sep 19, 2023

from Twitter https://twitter.com/plusvic

September 19, 2023 at 06:26AM
via IFTTT

YARA 4.4.0-rc1 is out! https://t.co/czSEhn0Erb

plusvic

https://twitter.com/plusvic/status/1704079420967796986

https://t.co/czSEhn0Erb

Favorite tweets

It's that time of the year again - time to block off a weekend or two and watch videos from #defcon31 on #YouTube! https://t.co/zWO4HNdfHC We've got all the main stage talks, a bunch of Village Stage talks, War Stories and the Policy series, all waiting to entertain and… https://t.co/1N39paiNlS

— DEF CON (@defcon) Sep 15, 2023

from Twitter https://twitter.com/defcon

September 15, 2023 at 05:37PM
via IFTTT

It's that time of the year again - time to block off a weekend or two and watch videos from #defcon31 on #YouTube! https://t.co/zWO4HNdfHC We've got all the main stage talks, a bunch of Village Stage talks, War Stories and the Policy series, all waiting to entertain and… https://t.co/1N39paiNlS

defcon

https://twitter.com/defcon/status/1702798812782465036

https://t.co/zWO4HNdfHC

Favorite tweets

Ever struggled with pointers in C? Now you can struggle even more! Check out my new LaurieWired video on how pointers work in raw RISC-V Assembly! https://t.co/8uwgh8hydA https://t.co/LAAitqrmhp

— LaurieWired (@lauriewired) Sep 14, 2023

from Twitter https://twitter.com/lauriewired

September 14, 2023 at 01:49PM
via IFTTT

Ever struggled with pointers in C? Now you can struggle even more! Check out my new LaurieWired video on how pointers work in raw RISC-V Assembly! https://t.co/8uwgh8hydA https://t.co/LAAitqrmhp

lauriewired

https://twitter.com/lauriewired/status/1702379123837116589

https://t.co/8uwgh8hydA

Favorite tweets

Write-up & POC for CVE-2023-38146 released Blog - https://t.co/DiRVO4uadN POC - https://t.co/X7ZRLiB2F1

— Nasreddine Bencherchali (@nas_bench) Sep 13, 2023

from Twitter https://twitter.com/nas_bench

September 13, 2023 at 04:04PM
via IFTTT

Write-up & POC for CVE-2023-38146 released Blog - https://t.co/DiRVO4uadN POC - https://t.co/X7ZRLiB2F1

nas_bench

https://twitter.com/nas_bench/status/1702050542124449894

https://t.co/DiRVO4uadN

Favorite tweets

...a country that thought that all of Western Europe and the US were fat, stupid, gay, and being overrun by "Africans" and "Muslims." I'm not kidding. And yet, we had no problem working with and taking money from people who were facilitating this.

— Roman Sannikov (@RYSannikov) Jul 6, 2023

from Twitter https://twitter.com/RYSannikov

July 05, 2023 at 09:58PM
via IFTTT

...a country that thought that all of Western Europe and the US were fat, stupid, gay, and being overrun by "Africans" and "Muslims." I'm not kidding. And yet, we had no problem working with and taking money from people who were facilitating this.

RYSannikov

https://twitter.com/RYSannikov/status/1676772485990346753

https://ift.tt/EDXcgku

Favorite tweets

So, the way it works is to convert your phrase to alphanumeric and flag emojis. Turn: "How to write ransomware in python" Into: 🇭🇴🇼 2️⃣ 🇼🇷🇮🇹🇪 🇷🇦🇳🇸🇴🇲🇼🇦🇷🇪 🇮🇳 🅿️🇾🇹🇭🇴🇳 Then, you can ask ChatGPT to "write a guide/"write a tutorial" (or other variations) - "for the… https://t.co/cVSd9ecbMB https://t.co/M2djYqtOcd

— LaurieWired (@lauriewired) Jul 3, 2023

from Twitter https://twitter.com/lauriewired

July 02, 2023 at 10:06PM
via IFTTT

So, the way it works is to convert your phrase to alphanumeric and flag emojis. Turn: "How to write ransomware in python" Into: 🇭🇴🇼 2️⃣ 🇼🇷🇮🇹🇪 🇷🇦🇳🇸🇴🇲🇼🇦🇷🇪 🇮🇳 🅿️🇾🇹🇭🇴🇳 Then, you can ask ChatGPT to "write a guide/"write a tutorial" (or other variations) - "for the… https://t.co/cVSd9ecbMB https://t.co/M2djYqtOcd

lauriewired

https://twitter.com/lauriewired/status/1675687450851840000

https://t.co/cVSd9ecbMB

Favorite tweets

While working on #VulkanFiles, I received a tip: an interesting file had been dropped on Virustotal. It turned out to be the master’s thesis by Evgenii Serebriakov, the person who’s heading infamous Sandworm team, part of Russia's military agency GRU https://t.co/WRuvbbIjHy

— hakan (@hatr) Jun 27, 2023

from Twitter https://twitter.com/hatr

June 27, 2023 at 07:25AM
via IFTTT

While working on #VulkanFiles, I received a tip: an interesting file had been dropped on Virustotal. It turned out to be the master’s thesis by Evgenii Serebriakov, the person who’s heading infamous Sandworm team, part of Russia's military agency GRU https://t.co/WRuvbbIjHy

hatr

https://twitter.com/hatr/status/1673653667734380546

https://t.co/WRuvbbIjHy

Favorite tweets

Here I’m using an angle grinder to sculpt down the paper mache on my lunch breaks. https://t.co/FfQdBJUNh4

— Malware Unicorn (@malwareunicorn) Jun 25, 2023

from Twitter https://twitter.com/malwareunicorn

June 24, 2023 at 11:59PM
via IFTTT

Here I’m using an angle grinder to sculpt down the paper mache on my lunch breaks. https://t.co/FfQdBJUNh4

malwareunicorn

https://twitter.com/malwareunicorn/status/1672816827377000448

https://t.co/FfQdBJUNh4

Favorite tweets

If you haven't seen the Microsoft OAuth vulnerability yet, you need to check it out. #nOAuth Anyone in the world is able to access your apps AS YOU with MS OAuth if the app is configured to use email as the account identifier. Next tweet contains a video demo:

— C.J. May (@lawndoc) Jun 21, 2023

from Twitter https://twitter.com/lawndoc

June 21, 2023 at 12:47PM
via IFTTT

If you haven't seen the Microsoft OAuth vulnerability yet, you need to check it out. #nOAuth Anyone in the world is able to access your apps AS YOU with MS OAuth if the app is configured to use email as the account identifier. Next tweet contains a video demo:

lawndoc

https://twitter.com/lawndoc/status/1671560540290953217

https://ift.tt/HFydnph

Favorite tweets

I found the SALTWATER sample from the #Barracuda ESG report on CVE-2023-2868 on VT The funny thing is: s/o appended a 0x00 so that it got a different hash (not the one from the IOC list) PS: I don't have the orig file. I found out by removing 1 byte. https://t.co/Sz3p4dAyYN https://t.co/blpUQ71bbS

— Florian Roth (@cyb3rops) Jun 8, 2023

from Twitter https://twitter.com/cyb3rops

June 08, 2023 at 04:39AM
via IFTTT

I found the SALTWATER sample from the #Barracuda ESG report on CVE-2023-2868 on VT The funny thing is: s/o appended a 0x00 so that it got a different hash (not the one from the IOC list) PS: I don't have the orig file. I found out by removing 1 byte. https://t.co/Sz3p4dAyYN https://t.co/blpUQ71bbS

cyb3rops

https://twitter.com/cyb3rops/status/1666726658806521857

https://t.co/Sz3p4dAyYN

Favorite tweets

We published a joint advisory about a People’s Republic of China (PRC) state-sponsored cyber actor who is living off the land using built-in network administration tools to evade detection while compromising networks and conducting malicious activity: https://t.co/M3xjTSKsxj https://t.co/xUSx1IyEqm

— Cybersecurity and Infrastructure Security Agency (@CISAgov) May 24, 2023

from Twitter https://twitter.com/CISAgov

May 24, 2023 at 03:47PM
via IFTTT

We published a joint advisory about a People’s Republic of China (PRC) state-sponsored cyber actor who is living off the land using built-in network administration tools to evade detection while compromising networks and conducting malicious activity: https://t.co/M3xjTSKsxj https://t.co/xUSx1IyEqm

CISAgov

https://twitter.com/CISAgov/status/1661459027983826948

https://t.co/M3xjTSKsxj

Favorite tweets

Teaser: Since I'm on vacation I started working on private project named "Cyber Security Hub", a Github project that lists and promotes cyber security training providers from around the world PS: github pages is still a mystery to me and I could need some help https://t.co/e8DrmQpK3S

— Florian Roth 🏝️ (@cyb3rops) May 24, 2023

from Twitter https://twitter.com/cyb3rops

May 24, 2023 at 05:12AM
via IFTTT

Teaser: Since I'm on vacation I started working on private project named "Cyber Security Hub", a Github project that lists and promotes cyber security training providers from around the world PS: github pages is still a mystery to me and I could need some help https://t.co/e8DrmQpK3S

cyb3rops

https://twitter.com/cyb3rops/status/1661299166465720320

https://t.co/e8DrmQpK3S

Favorite tweets

BREAKING: sexual abuse suit against Rudy Giuliani includes bombshell allegation Giuliani told alleged victim he was "SELLING PARDONS" for $2,000,000 each "which he and Trump would split" AND SHE HAS RECORDINGS AND EMAILS https://t.co/WxyEPaJamK https://t.co/Yqhc44s6du

— Keith Olbermann↙️ (@KeithOlbermann) May 15, 2023

from Twitter https://twitter.com/KeithOlbermann

May 15, 2023 at 04:02PM
via IFTTT

BREAKING: sexual abuse suit against Rudy Giuliani includes bombshell allegation Giuliani told alleged victim he was "SELLING PARDONS" for $2,000,000 each "which he and Trump would split" AND SHE HAS RECORDINGS AND EMAILS https://t.co/WxyEPaJamK https://t.co/Yqhc44s6du

KeithOlbermann

https://twitter.com/KeithOlbermann/status/1658201258656759809

https://t.co/WxyEPaJamK

Favorite tweets

Well, 12 years ago I warned about the security risks of the new top level domains. People said I’m an old fart defending obsolete ideas. Once again I’m sad to see that my prediction was spot on. Thanks for making things worse. It could have been prevented. https://t.co/7W5XmMnCyc

— Marc Ruef 𖢥 (@mruef) May 13, 2023

from Twitter https://twitter.com/mruef

May 13, 2023 at 11:45AM
via IFTTT

Well, 12 years ago I warned about the security risks of the new top level domains. People said I’m an old fart defending obsolete ideas. Once again I’m sad to see that my prediction was spot on. Thanks for making things worse. It could have been prevented. https://t.co/7W5XmMnCyc

mruef

https://twitter.com/mruef/status/1657411872201613312

https://t.co/7W5XmMnCyc

Favorite tweets

Hunting Havoc C2 🎯 Sometimes Threat Actors change certificates from defaults to custom ones, for example👇 165.227.106.175 <- Our hypothesis this could be Havoc C2 Looks like this IP is running with the LetsEncrypt certificate Now let's investigate this case🕵️‍♂️ https://t.co/vYPjhbkYLS

— Michael Koczwara (@MichalKoczwara) May 1, 2023

from Twitter https://twitter.com/MichalKoczwara

May 01, 2023 at 06:41AM
via IFTTT

Hunting Havoc C2 🎯 Sometimes Threat Actors change certificates from defaults to custom ones, for example👇 165.227.106.175 <- Our hypothesis this could be Havoc C2 Looks like this IP is running with the LetsEncrypt certificate Now let's investigate this case🕵️‍♂️ https://t.co/vYPjhbkYLS

MichalKoczwara

https://twitter.com/MichalKoczwara/status/1652986620658761729

https://t.co/vYPjhbkYLS

Favorite tweets

Twitter blue checkmarks is like the experiments they perform on children, assigning them arbitrarily to team A and team B, and suddenly the teams hate each other, and some want to be on the other team. All the blue checkmark verifies is that you have blue checkmark. It doesn't… https://t.co/jflNtHSMAE https://t.co/47iR7Ip06X

— Robᵉʳᵗ Graham (@ErrataRob) Apr 24, 2023

from Twitter https://twitter.com/ErrataRob

April 24, 2023 at 04:10AM
via IFTTT

Twitter blue checkmarks is like the experiments they perform on children, assigning them arbitrarily to team A and team B, and suddenly the teams hate each other, and some want to be on the other team. All the blue checkmark verifies is that you have blue checkmark. It doesn't… https://t.co/jflNtHSMAE https://t.co/47iR7Ip06X

ErrataRob

https://twitter.com/ErrataRob/status/1650411812284710916

https://t.co/jflNtHSMAE

Favorite tweets

🐀 AsyncRAT 🐀 - Defeating Obfuscation Using CyberChef An overview of some advanced CyberChef tricks for decoding malware [1/12] 🧵 #AsyncRAT #Decoding #CyberChef #Malware https://t.co/rL0aFyKqyf

— Matthew (@embee_research) Mar 22, 2023

from Twitter https://twitter.com/embee_research

March 22, 2023 at 04:50AM
via IFTTT

🐀 AsyncRAT 🐀 - Defeating Obfuscation Using CyberChef An overview of some advanced CyberChef tricks for decoding malware [1/12] 🧵 #AsyncRAT #Decoding #CyberChef #Malware https://t.co/rL0aFyKqyf

embee_research

https://twitter.com/embee_research/status/1638463073441972225

https://t.co/rL0aFyKqyf

Favorite tweets

Finally! My new book "Arm Assembly Internals & Reverse Engineering" is up for pre-order! Save the date for the official launch on May 9th. Can't wait for you to dive into the world of Arm Assembly! Check out the official book website for more info: https://t.co/ZdtfY6GwoK

— Azeria (@Fox0x01) Mar 21, 2023

from Twitter https://twitter.com/Fox0x01

March 21, 2023 at 12:21PM
via IFTTT

Finally! My new book "Arm Assembly Internals & Reverse Engineering" is up for pre-order! Save the date for the official launch on May 9th. Can't wait for you to dive into the world of Arm Assembly! Check out the official book website for more info: https://t.co/ZdtfY6GwoK

Fox0x01

https://twitter.com/Fox0x01/status/1638214314237603840

https://t.co/ZdtfY6GwoK

Favorite tweets

r/t "Kaspersky released a new decryptor for Conti-based ransomware" https://t.co/6zBJ7ShGwp

— Riccardo Pau (@profxeni) Mar 18, 2023

from Twitter https://twitter.com/profxeni

March 18, 2023 at 06:47PM
via IFTTT

r/t "Kaspersky released a new decryptor for Conti-based ransomware" https://t.co/6zBJ7ShGwp

profxeni

https://twitter.com/profxeni/status/1637224251638816769

https://t.co/6zBJ7ShGwp

Favorite tweets

📭We've added a PoC exploit msg file for CVE-2023-23397 here (UNC path is localhost!): https://t.co/hvESLwNDNC 🔍 There's also a yara rule in our detections repo that identifies the PidLidReminderFileParameter set in a msg Appointment file: https://t.co/2rxQfMaVCY https://t.co/Na1qJSBiaz https://t.co/Uyf7TTlwHw

— delivr.to (@delivr_to) Mar 15, 2023

from Twitter https://twitter.com/delivr_to

March 15, 2023 at 02:37PM
via IFTTT

📭We've added a PoC exploit msg file for CVE-2023-23397 here (UNC path is localhost!): https://t.co/hvESLwNDNC 🔍 There's also a yara rule in our detections repo that identifies the PidLidReminderFileParameter set in a msg Appointment file: https://t.co/2rxQfMaVCY https://t.co/Na1qJSBiaz https://t.co/Uyf7TTlwHw

delivr_to

https://twitter.com/delivr_to/status/1636074273478459395

https://t.co/hvESLwNDNC

Favorite tweets

A typical @thor_scanner finding and my level 1 analyst attempt to let ChatGPT explain the command line to me. Which part of #ChatGPT's answer is wrong? https://t.co/gq5uJyP01N https://t.co/9BdpON6Z0j

— Florian Roth (@cyb3rops) Mar 2, 2023

from Twitter https://twitter.com/cyb3rops

March 02, 2023 at 08:25AM
via IFTTT

A typical @thor_scanner finding and my level 1 analyst attempt to let ChatGPT explain the command line to me. Which part of #ChatGPT's answer is wrong? https://t.co/gq5uJyP01N https://t.co/9BdpON6Z0j

cyb3rops

https://twitter.com/cyb3rops/status/1631284623006224384

https://t.co/gq5uJyP01N

Favorite tweets

Unsurprising contrast. https://t.co/w8BwAx3L3b

— Brian Liston (@brianjliston) Feb 20, 2023

from Twitter https://twitter.com/brianjliston

February 20, 2023 at 09:20AM
via IFTTT

Unsurprising contrast. https://t.co/w8BwAx3L3b

brianjliston

https://twitter.com/brianjliston/status/1627674646463102976

https://t.co/w8BwAx3L3b

Favorite tweets

Brand new blogpost from @snowfl0w Excellent summaries & references "Malware Arsenal used by Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, & DEV-0586) in attacks targeting UA (samples)" https://t.co/Lp71AzExPq

— Andre M. DiMino (@sempersecurus) Feb 18, 2023

from Twitter https://twitter.com/sempersecurus

February 18, 2023 at 06:18PM
via IFTTT

Brand new blogpost from @snowfl0w Excellent summaries & references "Malware Arsenal used by Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, & DEV-0586) in attacks targeting UA (samples)" https://t.co/Lp71AzExPq

sempersecurus

https://twitter.com/sempersecurus/status/1627085109391413248

https://t.co/Lp71AzExPq

Favorite tweets

I got a chance to really dig into a malware sample stemming from a malicious Google ad, and finally finished a full write-up for it. To summarize: Google ad --> fake PuTTY download site --> loader --> dropper --> SectopRAT https://t.co/0x9CpvSmdu h/t @rmceoin h/t @dr4k0nia

— mithrandir (@rerednawyerg) Feb 17, 2023

from Twitter https://twitter.com/rerednawyerg

February 17, 2023 at 07:32AM
via IFTTT

I got a chance to really dig into a malware sample stemming from a malicious Google ad, and finally finished a full write-up for it. To summarize: Google ad --> fake PuTTY download site --> loader --> dropper --> SectopRAT https://t.co/0x9CpvSmdu h/t @rmceoin h/t @dr4k0nia

rerednawyerg

https://twitter.com/rerednawyerg/status/1626560293756076033

https://t.co/0x9CpvSmdu

Favorite tweets

@Unit42_Intel Kudos to my Palo Alto Networks colleagues who found and reported this #Buhti #Ransomware ELF binary! Sample now available at https://t.co/Jm0zOdQhrA. Payment page uses SatoshiDisk[.]com, a bitcoin payment support site currently hosted on Cloudflare IP. https://t.co/wL6qr78tVA

— Brad (@malware_traffic) Feb 16, 2023

from Twitter https://twitter.com/malware_traffic

February 16, 2023 at 04:19PM
via IFTTT

@Unit42_Intel Kudos to my Palo Alto Networks colleagues who found and reported this #Buhti #Ransomware ELF binary! Sample now available at https://t.co/Jm0zOdQhrA. Payment page uses SatoshiDisk[.]com, a bitcoin payment support site currently hosted on Cloudflare IP. https://t.co/wL6qr78tVA

malware_traffic

https://twitter.com/malware_traffic/status/1626330366700146688

https://t.co/Jm0zOdQhrA

Favorite tweets

r/t "Enigma info-stealing malware targets the cryptocurrency industry" https://t.co/VFTqUebtrm

— Riccardo Pau (@profxeni) Feb 14, 2023

from Twitter https://twitter.com/profxeni

February 13, 2023 at 08:47PM
via IFTTT

r/t "Enigma info-stealing malware targets the cryptocurrency industry" https://t.co/VFTqUebtrm

profxeni

https://twitter.com/profxeni/status/1625310776176087040

https://t.co/VFTqUebtrm

Favorite tweets

I think I have a new favorite tool 😍 #malcat @malcat4ever https://t.co/nCfiQklx5o

— RussianPanda 🐼 🇺🇦 (@AnFam17) Feb 13, 2023

from Twitter https://twitter.com/AnFam17

February 13, 2023 at 09:23AM
via IFTTT

I think I have a new favorite tool 😍 #malcat @malcat4ever https://t.co/nCfiQklx5o

AnFam17

https://twitter.com/AnFam17/status/1625138722185388033

https://t.co/nCfiQklx5o

Favorite tweets

Devs targeted by W4SP Stealer malware in malicious PyPi packages - @billtoulas https://t.co/FFHVZkL3u9

— BleepingComputer (@BleepinComputer) Feb 12, 2023

from Twitter https://twitter.com/BleepinComputer

February 12, 2023 at 10:14AM
via IFTTT

Devs targeted by W4SP Stealer malware in malicious PyPi packages - @billtoulas https://t.co/FFHVZkL3u9

BleepinComputer

https://twitter.com/BleepinComputer/status/1624788966493806592

https://t.co/FFHVZkL3u9

Favorite tweets

Does anyone have any idea what is WRONG with Marjorie Taylor Greene?

— Nathalie Jacoby (@nathaliejacoby1) Feb 8, 2023

from Twitter https://twitter.com/nathaliejacoby1

February 08, 2023 at 03:50PM
via IFTTT

Does anyone have any idea what is WRONG with Marjorie Taylor Greene?

nathaliejacoby1

https://twitter.com/nathaliejacoby1/status/1623423931020451842

https://ift.tt/K0hJ4gT

Favorite tweets

WHY DIDN'T ANYONE TELL ME ABOUT THIS TOOL!?!? MSFT Threat Modeling Tool https://t.co/E4HvUOXH1D Also, if you're mad at me for not sharing... I **just** learned about this. MSFT Threat Modeling team, I want to hug all y'all.

— Mick Douglas 🇺🇦🌻 (@bettersafetynet) Feb 2, 2023

from Twitter https://twitter.com/bettersafetynet

February 02, 2023 at 01:50PM
via IFTTT

WHY DIDN'T ANYONE TELL ME ABOUT THIS TOOL!?!? MSFT Threat Modeling Tool https://t.co/E4HvUOXH1D Also, if you're mad at me for not sharing... I **just** learned about this. MSFT Threat Modeling team, I want to hug all y'all.

bettersafetynet

https://twitter.com/bettersafetynet/status/1621219641979805699

https://t.co/E4HvUOXH1D

Favorite tweets

Over the weekend, a svelte, mouth-breathing, Trump sported two makeup covered bandaids across the top of his hands. What do you think those were for? 🩹 https://t.co/V0OIePRLvX

— The Clear Cider (@TheClearCider) Jan 31, 2023

from Twitter https://twitter.com/TheClearCider

January 31, 2023 at 12:36AM
via IFTTT

Over the weekend, a svelte, mouth-breathing, Trump sported two makeup covered bandaids across the top of his hands. What do you think those were for? 🩹 https://t.co/V0OIePRLvX

TheClearCider

https://twitter.com/TheClearCider/status/1620294923441537024

https://t.co/V0OIePRLvX

Favorite tweets

r/t "Sandworm APT group hit Ukrainian news agency with five data wipers" https://t.co/SEOP9baqym

— Riccardo Pau (@profxeni) Jan 30, 2023

from Twitter https://twitter.com/profxeni

January 30, 2023 at 06:49AM
via IFTTT

r/t "Sandworm APT group hit Ukrainian news agency with five data wipers" https://t.co/SEOP9baqym

profxeni

https://twitter.com/profxeni/status/1620026515722326017

https://t.co/SEOP9baqym

Favorite tweets

r/t Yaralyzer - Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors https://t.co/RgUA8PQtlv https://t.co/jln6NLhuzE

— Riccardo Pau (@profxeni) Jan 29, 2023

from Twitter https://twitter.com/profxeni

January 29, 2023 at 08:37AM
via IFTTT

r/t Yaralyzer - Visually Inspect And Force Decode YARA And Regex Matches Found In Both Binary And Text Data, With Colors https://t.co/RgUA8PQtlv https://t.co/jln6NLhuzE

profxeni

https://twitter.com/profxeni/status/1619691108967264256

https://t.co/RgUA8PQtlv

Favorite tweets

We've decided to share the #YARA rules to detect malicious #OneNote documents / attachments (.one) - as seen in #Phishing attacks - with the community It's the output of today's 2h research session with my team and covers many in-the-wild samples https://t.co/O1hAv6Ai50 https://t.co/LNO2Fhp0lP

— Florian Roth ⚡ (@cyb3rops) Jan 27, 2023

from Twitter https://twitter.com/cyb3rops

January 27, 2023 at 11:09AM
via IFTTT

We've decided to share the #YARA rules to detect malicious #OneNote documents / attachments (.one) - as seen in #Phishing attacks - with the community It's the output of today's 2h research session with my team and covers many in-the-wild samples https://t.co/O1hAv6Ai50 https://t.co/LNO2Fhp0lP

cyb3rops

https://twitter.com/cyb3rops/status/1619004667186511873

https://t.co/O1hAv6Ai50

Favorite tweets

Interesting .eml > .vhdx > .rar > .lnk > .hta phishing targeting Russia - interesting VHDX attachment - mounts with double click, just like .iso Sample https://t.co/la2YtZkvUG https://t.co/ROkUSaokhP Related https://t.co/Jq2VSB0UQn https://t.co/2fX3EHoeYP

— Florian Roth ⚡ (@cyb3rops) Jan 24, 2023

from Twitter https://twitter.com/cyb3rops

January 24, 2023 at 10:38AM
via IFTTT

Interesting .eml > .vhdx > .rar > .lnk > .hta phishing targeting Russia - interesting VHDX attachment - mounts with double click, just like .iso Sample https://t.co/la2YtZkvUG https://t.co/ROkUSaokhP Related https://t.co/Jq2VSB0UQn https://t.co/2fX3EHoeYP

cyb3rops

https://twitter.com/cyb3rops/status/1617909598727409665

https://t.co/la2YtZkvUG

Favorite tweets

@cyb3rops :) in MDE #KQL something like this would work https://t.co/06gswweDbb

— mRr3b00t (@UK_Daniel_Card) Jan 24, 2023

from Twitter https://twitter.com/UK_Daniel_Card

January 24, 2023 at 07:40AM
via IFTTT

@cyb3rops :) in MDE #KQL something like this would work https://t.co/06gswweDbb

UK_Daniel_Card

https://twitter.com/UK_Daniel_Card/status/1617864794459230211

https://t.co/06gswweDbb

Favorite tweets

This is how we can write a simple filename IOC pattern with filter in the format I use in THOR and LOKI scanners pattern;score;filter This can be used to trigger on files located in unusual folders ADModule tweet https://t.co/RFtpJlOzgF https://t.co/3J8fagZjTm

— Florian Roth ⚡ (@cyb3rops) Jan 24, 2023

from Twitter https://twitter.com/cyb3rops

January 24, 2023 at 07:34AM
via IFTTT

This is how we can write a simple filename IOC pattern with filter in the format I use in THOR and LOKI scanners pattern;score;filter This can be used to trigger on files located in unusual folders ADModule tweet https://t.co/RFtpJlOzgF https://t.co/3J8fagZjTm

cyb3rops

https://twitter.com/cyb3rops/status/1617863397504057344

https://t.co/RFtpJlOzgF

Favorite tweets

#Kremlin propagandist decided to visit #Soledar in #Ukraine to prove the town is under full Russian control. https://t.co/PiaEWBFLH2

— Igor Sushko (@igorsushko) Jan 21, 2023

from Twitter https://twitter.com/igorsushko

January 21, 2023 at 03:11PM
via IFTTT

#Kremlin propagandist decided to visit #Soledar in #Ukraine to prove the town is under full Russian control. https://t.co/PiaEWBFLH2

igorsushko

https://twitter.com/igorsushko/status/1616891317203922944

https://t.co/PiaEWBFLH2

Favorite tweets

SilentHound. tool to quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. https://t.co/IRml1YggV9

— DirectoryRanger (@DirectoryRanger) Jan 20, 2023

from Twitter https://twitter.com/DirectoryRanger

January 20, 2023 at 10:21AM
via IFTTT

SilentHound. tool to quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. https://t.co/IRml1YggV9

DirectoryRanger

https://twitter.com/DirectoryRanger/status/1616455806416818177

https://t.co/IRml1YggV9

Favorite tweets

That’s handy https://t.co/lGIEQqQ7dl

— Florian Roth ⚡ (@cyb3rops) Jan 19, 2023

from Twitter https://twitter.com/cyb3rops

January 19, 2023 at 03:30PM
via IFTTT

That’s handy https://t.co/lGIEQqQ7dl

cyb3rops

https://twitter.com/cyb3rops/status/1616171180997623825

https://t.co/lGIEQqQ7dl

Favorite tweets

YARA rule to detect the exploitation of ManageEngine ServiceDesk CVE-2022-47966 Rule https://t.co/u5qFRMXTUN Report by @Horizon3Attack https://t.co/GMA0EVMa5b https://t.co/KX7YJH4H8H

— Florian Roth ⚡ (@cyb3rops) Jan 19, 2023

from Twitter https://twitter.com/cyb3rops

January 19, 2023 at 11:32AM
via IFTTT

YARA rule to detect the exploitation of ManageEngine ServiceDesk CVE-2022-47966 Rule https://t.co/u5qFRMXTUN Report by @Horizon3Attack https://t.co/GMA0EVMa5b https://t.co/KX7YJH4H8H

cyb3rops

https://twitter.com/cyb3rops/status/1616111305299038208

https://t.co/u5qFRMXTUN

Favorite tweets

r/t DragonCastle - A PoC That Combines AutodialDLL Lateral Movement Technique And SSP To Scrape NTLM Hashes From LSASS Process https://t.co/5M5bL2YyOE https://t.co/LILhQ4NBYO

— Riccardo Pau (@profxeni) Jan 19, 2023

from Twitter https://twitter.com/profxeni

January 19, 2023 at 07:37AM
via IFTTT

r/t DragonCastle - A PoC That Combines AutodialDLL Lateral Movement Technique And SSP To Scrape NTLM Hashes From LSASS Process https://t.co/5M5bL2YyOE https://t.co/LILhQ4NBYO

profxeni

https://twitter.com/profxeni/status/1616052242007883780

https://t.co/5M5bL2YyOE

Favorite tweets

r/t LATMA - Lateral Movement Analyzer Tool https://t.co/SIB8PPJmAB https://t.co/I6n0Zd2Thc

— Riccardo Pau (@profxeni) Jan 16, 2023

from Twitter https://twitter.com/profxeni

January 16, 2023 at 08:29AM
via IFTTT

r/t LATMA - Lateral Movement Analyzer Tool https://t.co/SIB8PPJmAB https://t.co/I6n0Zd2Thc

profxeni

https://twitter.com/profxeni/status/1614978163779702784

https://t.co/SIB8PPJmAB

Favorite tweets

Office 365 Security Testing Tools https://t.co/6trcxrU0vE

— mRr3b00t (@UK_Daniel_Card) Jan 11, 2023

from Twitter https://twitter.com/UK_Daniel_Card

January 11, 2023 at 07:01AM
via IFTTT

Office 365 Security Testing Tools https://t.co/6trcxrU0vE

UK_Daniel_Card

https://twitter.com/UK_Daniel_Card/status/1613144183283269632

https://t.co/6trcxrU0vE

Favorite tweets

r/t ExchangeFinder - Find Microsoft Exchange Instance For A Given Domain And Identify The Exact Version https://t.co/HeKWNf6yaU https://t.co/aq8Bkt7g7C

— Riccardo Pau (@profxeni) Jan 5, 2023

from Twitter https://twitter.com/profxeni

January 05, 2023 at 08:17AM
via IFTTT

r/t ExchangeFinder - Find Microsoft Exchange Instance For A Given Domain And Identify The Exact Version https://t.co/HeKWNf6yaU https://t.co/aq8Bkt7g7C

profxeni

https://twitter.com/profxeni/status/1610988773537611777

https://t.co/HeKWNf6yaU