Favorite tweets

I 💙 xlsxgrep. Here, I'm searching for Bitcoin addresses in a bunch of Excel files: xlsxgrep -i -P ^(bc1|[13])[a-zA-HJ-NP-Z0-9]{25,39}$ * "xlsxgrep is a CLI tool to search text in XLSX, XLS, CSV, TSV and ODS files. It works similarly to Unix/GNU Linux grep." [1] Go and get it:… https://t.co/5jVL8loy4d https://t.co/ySAzrQT5R9

— Stephan Berger (@malmoeb) Mar 31, 2024

from Twitter https://twitter.com/malmoeb

March 31, 2024 at 08:54AM
via IFTTT

I 💙 xlsxgrep. Here, I'm searching for Bitcoin addresses in a bunch of Excel files: xlsxgrep -i -P ^(bc1|[13])[a-zA-HJ-NP-Z0-9]{25,39}$ * "xlsxgrep is a CLI tool to search text in XLSX, XLS, CSV, TSV and ODS files. It works similarly to Unix/GNU Linux grep." [1] Go and get it:… https://t.co/5jVL8loy4d https://t.co/ySAzrQT5R9

malmoeb

https://twitter.com/malmoeb/status/1774359704757583967

https://twitter.com/i/web/status/1774359704757583967

Favorite tweets

[https://t.co/otlIKKsosi] ⚠️ Resources for responding to #CVE-2024-3094 1. Detection script https://t.co/CAwuKKaZ62 2. Detailed analysis along with exploit code and detection https://t.co/y7mzyeHzS0 3. #ThreatHunt query https://t.co/uZn6OTFuTW #threatintel #DFIR https://t.co/iOfzQdzdIl

— Malwar3Ninja | Threatview.io 💻 (@Malwar3Ninja) Mar 30, 2024

from Twitter https://twitter.com/Malwar3Ninja

March 30, 2024 at 12:00PM
via IFTTT

[https://t.co/otlIKKsosi] ⚠️ Resources for responding to #CVE-2024-3094 1. Detection script https://t.co/CAwuKKaZ62 2. Detailed analysis along with exploit code and detection https://t.co/y7mzyeHzS0 3. #ThreatHunt query https://t.co/uZn6OTFuTW #threatintel #DFIR https://t.co/iOfzQdzdIl

Malwar3Ninja

https://twitter.com/Malwar3Ninja/status/1774043981208301749

http://Threatview.io

Favorite tweets

Check if impacted by CVE-2024-3094 ❓ ❌ xz -V ✔️ strings /usr/local/bin/xz | grep "(XZ Utils)" ✔️strings `which xz` | grep "(XZ Utils" ✔️for xz_p in $(type -a xz | awk '{print $NF}' | uniq); do strings "$xz_p" | grep "xz (XZ Utils)" || echo "No match found for $xz_p"; done https://t.co/jDxSi2n5wQ

— Malwar3Ninja | Threatview.io 💻 (@Malwar3Ninja) Mar 30, 2024

from Twitter https://twitter.com/Malwar3Ninja

March 30, 2024 at 03:41PM
via IFTTT

Check if impacted by CVE-2024-3094 ❓ ❌ xz -V ✔️ strings /usr/local/bin/xz | grep "(XZ Utils)" ✔️strings `which xz` | grep "(XZ Utils" ✔️for xz_p in $(type -a xz | awk '{print $NF}' | uniq); do strings "$xz_p" | grep "xz (XZ Utils)" || echo "No match found for $xz_p"; done https://t.co/jDxSi2n5wQ

Malwar3Ninja

https://twitter.com/Malwar3Ninja/status/1774099755381170340

https://twitter.com/Malwar3Ninja/status/1774043981208301749

Favorite tweets

Here is my first set of #YARA rules to detect the backdoored XZ packages Report https://t.co/jc7kA4tFsv Rules https://t.co/0k8gqZxHF9 #XZ #XZutil https://t.co/XYhGW1FSGt

— Florian Roth (@cyb3rops) Mar 30, 2024

from Twitter https://twitter.com/cyb3rops

March 30, 2024 at 10:41AM
via IFTTT

Here is my first set of #YARA rules to detect the backdoored XZ packages Report https://t.co/jc7kA4tFsv Rules https://t.co/0k8gqZxHF9 #XZ #XZutil https://t.co/XYhGW1FSGt

cyb3rops

https://twitter.com/cyb3rops/status/1774024044288806987

https://ift.tt/pXRHEbq

Favorite tweets

Using ChatGPT to Deobfuscate Malicious Scripts https://t.co/a8y73V8qKb

— SANS.edu Internet Storm Center (@sans_isc) Mar 13, 2024

from Twitter https://twitter.com/sans_isc

March 13, 2024 at 08:31AM
via IFTTT

Using ChatGPT to Deobfuscate Malicious Scripts https://t.co/a8y73V8qKb

sans_isc

https://twitter.com/sans_isc/status/1767830794704175324

https://i5c.us/d30740

Favorite tweets

I wrote a YARA rule designed to identify emails attempting to exploit CVE-2024-21413, a vulnerability in Microsoft Outlook that permits the unauthorized acquisition of NTLM credentials #100daysofYARA #YARA https://t.co/RhIcyltkKV https://t.co/rSATinTuhk

— Florian Roth (@cyb3rops) Feb 17, 2024

from Twitter https://twitter.com/cyb3rops

February 17, 2024 at 09:57AM
via IFTTT

I wrote a YARA rule designed to identify emails attempting to exploit CVE-2024-21413, a vulnerability in Microsoft Outlook that permits the unauthorized acquisition of NTLM credentials #100daysofYARA #YARA https://t.co/RhIcyltkKV https://t.co/rSATinTuhk

cyb3rops

https://twitter.com/cyb3rops/status/1758792873254744344

https://ift.tt/JaIsboy

Favorite tweets

#How to PCAP without wireshark on Windows #start a capture pktmon start -c -f PktMon.etl #view the stats pktmon counters #sleep for 60 seconds sleep 60 #Stop the Capture pktmon stop #convert it to PCAP pktmon etl2pcap PktMon.etl --out capture.pcap https://t.co/vFzFuE01f3

— mRr3b00t (@UK_Daniel_Card) Feb 16, 2024

from Twitter https://twitter.com/UK_Daniel_Card

February 16, 2024 at 10:17AM
via IFTTT

#How to PCAP without wireshark on Windows #start a capture pktmon start -c -f PktMon.etl #view the stats pktmon counters #sleep for 60 seconds sleep 60 #Stop the Capture pktmon stop #convert it to PCAP pktmon etl2pcap PktMon.etl --out capture.pcap https://t.co/vFzFuE01f3

UK_Daniel_Card

https://twitter.com/UK_Daniel_Card/status/1758435515563446606

https://twitter.com/UK_Daniel_Card/status/1758435515563446606/photo/1

Favorite tweets

Nate White @Ipitythepoorfo1 https://t.co/zbkjjpQDTN

— Tarquin 🇺🇦 (@Tarquin_Helmet) Feb 9, 2024

from Twitter https://twitter.com/Tarquin_Helmet

February 09, 2024 at 09:20PM
via IFTTT

Nate White @Ipitythepoorfo1 https://t.co/zbkjjpQDTN

Tarquin_Helmet

https://twitter.com/Tarquin_Helmet/status/1756065557621690390

https://twitter.com/Tarquin_Helmet/status/1756065557621690390/photo/1

Favorite tweets

We just released our latest REsearch insights on exploiting UEFI spec vulnerabilities on ARM and x86 CPUs. Our Binarly Transparency Platform discovered all these bugs. All the related ARM tools and PoCs are out now. Check it: https://t.co/SQe26R9BO0 https://t.co/jIb5BlkW67

— Alex Matrosov (@matrosov) Feb 9, 2024

from Twitter https://twitter.com/matrosov

February 09, 2024 at 08:38PM
via IFTTT

We just released our latest REsearch insights on exploiting UEFI spec vulnerabilities on ARM and x86 CPUs. Our Binarly Transparency Platform discovered all these bugs. All the related ARM tools and PoCs are out now. Check it: https://t.co/SQe26R9BO0 https://t.co/jIb5BlkW67

matrosov

https://twitter.com/matrosov/status/1756054958028300630

https://ift.tt/DCl3wbG

Favorite tweets

"DFIR Team Support" (2024, colorized) https://t.co/on05AfnVfB

— Florian Roth (@cyb3rops) Jan 29, 2024

from Twitter https://twitter.com/cyb3rops

January 29, 2024 at 08:33AM
via IFTTT

"DFIR Team Support" (2024, colorized) https://t.co/on05AfnVfB

cyb3rops

https://twitter.com/cyb3rops/status/1751886277195022666

https://twitter.com/cyb3rops/status/1751886277195022666/photo/1

Favorite tweets

#100DaysofYara Day 7 and Day 8: Going a little easy this time... For these two days, we will cover the rules for #IllyrianStealer (another mundane .NET stealer) and the most recent version of #RaccoonStealer (v2.3.1.1) IllyrianStealer: https://t.co/RIJ8wmyO5A RaccoonStealer:… https://t.co/u9e6SOIR8x https://t.co/5zGBzZtIhu

— RussianPanda 🐼 🇺🇦 (@AnFam17) Jan 8, 2024

from Twitter https://twitter.com/AnFam17

January 08, 2024 at 06:39AM
via IFTTT

#100DaysofYara Day 7 and Day 8: Going a little easy this time... For these two days, we will cover the rules for #IllyrianStealer (another mundane .NET stealer) and the most recent version of #RaccoonStealer (v2.3.1.1) IllyrianStealer: https://t.co/RIJ8wmyO5A RaccoonStealer:… https://t.co/u9e6SOIR8x https://t.co/5zGBzZtIhu

AnFam17

https://twitter.com/AnFam17/status/1744247453119910228

https://ift.tt/rlPhwB2

Favorite tweets

Happy New Year! I have for you a new #PEbear (v0.6.7) with some of the requested features, such as strings, and patterns searching. Plus other improvements & bugfixes. Check it out! https://t.co/AsAbJGR9nb 🐻💙 https://t.co/fuPQoqANva

— hasherezade (@hasherezade) Jan 8, 2024

from Twitter https://twitter.com/hasherezade

January 08, 2024 at 03:50PM
via IFTTT

Happy New Year! I have for you a new #PEbear (v0.6.7) with some of the requested features, such as strings, and patterns searching. Plus other improvements & bugfixes. Check it out! https://t.co/AsAbJGR9nb 🐻💙 https://t.co/fuPQoqANva

hasherezade

https://twitter.com/hasherezade/status/1744386167976423700

https://ift.tt/StfLmaV

Favorite tweets

Update https://t.co/4XVNgNrxgr https://t.co/cZkh63HFpZ

— Ange (@angealbertini) May 5, 2023

from Twitter https://twitter.com/angealbertini

May 05, 2023 at 10:13AM
via IFTTT

Update https://t.co/4XVNgNrxgr https://t.co/cZkh63HFpZ

angealbertini

https://twitter.com/angealbertini/status/1654429033042411523

https://twitter.com/angealbertini/status/1654429033042411523/photo/1

Favorite tweets

Most PE executables only have a DOS stub, but Robert Xiao combined DOOM Dos and Windows executables into a single universal file. Advanced merge of genuine Dos headers, relocations, DOS4/GW headers and PE file. https://t.co/RfMejxAJK4 https://t.co/lR5IILcyKs

— Ange (@angealbertini) Dec 19, 2023

from Twitter https://twitter.com/angealbertini

December 19, 2023 at 02:42PM
via IFTTT

Most PE executables only have a DOS stub, but Robert Xiao combined DOOM Dos and Windows executables into a single universal file. Advanced merge of genuine Dos headers, relocations, DOS4/GW headers and PE file. https://t.co/RfMejxAJK4 https://t.co/lR5IILcyKs

angealbertini

https://twitter.com/angealbertini/status/1737121148368810169

https://ift.tt/ouFi4bZ

Favorite tweets

#100DaysOfYara Day 6: Yara can be used to access specific data at a given position. 👇 This feature is often used to identify Magic Numbers (used to determine the file format) to match your rule against a specific file type, such as a PE (0x4D5A), for example. Today, no… https://t.co/6O7Ld9iLce https://t.co/ST0vIJc1q4

— Thomas Roccia 🤘 (@fr0gger_) Jan 6, 2024

from Twitter https://twitter.com/fr0gger_

January 06, 2024 at 05:28AM
via IFTTT

#100DaysOfYara Day 6: Yara can be used to access specific data at a given position. 👇 This feature is often used to identify Magic Numbers (used to determine the file format) to match your rule against a specific file type, such as a PE (0x4D5A), for example. Today, no… https://t.co/6O7Ld9iLce https://t.co/ST0vIJc1q4

fr0gger_

https://twitter.com/fr0gger_/status/1743504876745998655

https://twitter.com/i/web/status/1743504876745998655