TL;DR News

In the voting booth, women still have the right to choose. New and important ad from @VoteCommon featuring Julia Roberts reminds women that...

The True Alpha Pet…🐈 https://t.co/CSFeY20CCw — Why you should have a cat (@ShouldHaveCat) Oct 19, 2024 from Twitter https://twitter.com...

Kamala Harris: Oh, you guys are at the wrong rally. I think you meant to go to the smaller one down the street https://t.co/tjhbDB9m3R — A...

.@bunsofwrath12 shared some incredibly useful PowerShell scripts with us for working with @thor_scanner in a forensic lab setting https://t...

🗒️ Ransomware Tool Matrix A resource containing all the tools each ransomware gangs uses By @BushidoToken https://t.co/64lhoLsW3P https://...

@MSFT365Status Microsoft Defender Quarantine for email is false flagging pictures from email signatures as malware any reason why? — Д U М...

Tonight, @KamalaHarris showed the world what I have known to be true. She is ready on day one to be President and represents the best of Am...

the woman meeting obama (in 2011) is the little girl from the painting https://t.co/8KQEvs3xZ0 https://t.co/uvkUX33gc4 — Maia (@maiamindel...

Earlier this week, Michelle and I called our friend @KamalaHarris. We told her we think she’ll make a fantastic President of the United Sta...

I feel so completely grateful to have been asked to open the Paris @Olympics 2024 this year. I am also humbled to be asked by the Olympics ...

BREAKING: This Kamala Harris ad from 2020 still goes hard. Retweet to ensure every American sees it. https://t.co/PM1SZLcMG7 — Harris’ Win...

Today was not a security or cyber incident. Our customers remain fully protected. We understand the gravity of the situation and are deeply...

Uh, I was not aware that there is a terminal version of #Wireshark called termshark. Nice. Much easier to troubleshoot small stuff compared...

Get started with CTFs related to Satellites hacking (resources collection) Satellite Hacking Demystified: https://t.co/hGDo9jKO7W Hack-a-sa...

Taking a break from reverse engineering twitch streams for the next week or so, because I'll be presenting at REcon 2024! Here's a ...

The sprawling gyre now entering the southern Gulf of Mexico has been labeled "Invest #91L" by @NHC_Atlantic. The system will move...

@Mandiant It’d be useful to know whether the compromised accounts already had effective admin access (ACCOUNTADMIN or similar) or not. The ...

Prolific Russian influence actors tracked by Microsoft as Storm-1679 and Storm-1099 have pivoted their operations since June 2023 to focus ...

YARA-X - The pattern matching swiss knife for malware researchers, and everyone else. https://t.co/6FrUD7fnro YARA is dead, long live YARA-...

We invite author Dmitri Alperovitch to discuss his book, "World on the Brink: How America Can Beat China in the Race for the Twenty-Fi...

"YARA is dead, long live YARA-X!" 🎉 After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, a...

Yesterday at George Washington University's All Eyes on Rafah Rally, Rafiki Morris of Black Alliance for Peace and the All-African Peop...

🇰🇵Looks like Lazarus (APT38) is well prepared👍 New infra and more fakes on Linkedin🥷 /fenbushi.private-meet.online /private-meet.online...

Russian-speaking man is in shock while observing columns of Western vehicles moving towards Poland, as he claims. https://t.co/5YhpZBBcqN ...

I 💙 xlsxgrep. Here, I'm searching for Bitcoin addresses in a bunch of Excel files: xlsxgrep -i -P ^(bc1|[13])[a-zA-HJ-NP-Z0-9]{25,39}$...

[https://t.co/otlIKKsosi] ⚠️ Resources for responding to #CVE-2024-3094 1. Detection script https://t.co/CAwuKKaZ62 2. Detailed analysis al...

Check if impacted by CVE-2024-3094 ❓ ❌ xz -V ✔️ strings /usr/local/bin/xz | grep "(XZ Utils)" ✔️strings `which xz` | grep "(...

Here is my first set of #YARA rules to detect the backdoored XZ packages Report https://t.co/jc7kA4tFsv Rules https://t.co/0k8gqZxHF9 #XZ #...

Using ChatGPT to Deobfuscate Malicious Scripts https://t.co/a8y73V8qKb — SANS.edu Internet Storm Center (@sans_isc) Mar 13, 2024 from Tw...

I wrote a YARA rule designed to identify emails attempting to exploit CVE-2024-21413, a vulnerability in Microsoft Outlook that permits the...

#How to PCAP without wireshark on Windows #start a capture pktmon start -c -f PktMon.etl #view the stats pktmon counters #sleep for 60 seco...

Nate White @Ipitythepoorfo1 https://t.co/zbkjjpQDTN — Tarquin 🇺🇦 (@Tarquin_Helmet) Feb 9, 2024 from Twitter https://twitter.com/Tarqui...

We just released our latest REsearch insights on exploiting UEFI spec vulnerabilities on ARM and x86 CPUs. Our Binarly Transparency Platfor...

"DFIR Team Support" (2024, colorized) https://t.co/on05AfnVfB — Florian Roth (@cyb3rops) Jan 29, 2024 from Twitter https://twi...

#100DaysofYara Day 7 and Day 8: Going a little easy this time... For these two days, we will cover the rules for #IllyrianStealer (another ...

Happy New Year! I have for you a new #PEbear (v0.6.7) with some of the requested features, such as strings, and patterns searching. Plus ot...

Update https://t.co/4XVNgNrxgr https://t.co/cZkh63HFpZ — Ange (@angealbertini) May 5, 2023 from Twitter https://twitter.com/angealbertin...

Most PE executables only have a DOS stub, but Robert Xiao combined DOOM Dos and Windows executables into a single universal file. Advanced ...

#100DaysOfYara Day 6: Yara can be used to access specific data at a given position. 👇 This feature is often used to identify Magic Numbers...

Microsoft has uncovered a supply chain attack by North Korean threat actor Diamond Sleet (ZINC) involving the modification of an installer ...

🔥Malware Analysis with @HuntressLabs 🔥 Watch as we analyse a bloated (1.5GB) Golang file and dynamically extract an Xworm payload. We...

Here is a list of researchers and offensive security accounts I recommend following, based on their consistently excellent content and obje...

US Treasuries Trading Affected by Ransomware Hack via ⁦@MihirBagwe⁩ & ⁦@daveperera⁩ https://t.co/DHwWu4gI0J — Allan “Ransomware Sommel...

I just learned that apps like Snapchat are giving push notifications WHEN SOMEBODY IS TYPING and all I want to know is why the product mana...

NEW BLOG: Common mistakes during Microsoft Defender for Endpoint (MDE) deployments. What are typical common mistakes during Defender for En...

Since February 2023, Microsoft has observed password spray activity by Iranian threat actor Peach Sandstorm (HOLMIUM) against thousands of ...

Happy to announce the release of my JADX dynamic scripting plugin, JADXecute. Now you write and share scripts to automate your Android APK ...

I tried ChatGPT-4 and I am not impressed. https://t.co/WLidBjW78b — Halvar Flake (@halvarflake) Jun 8, 2023 from Twitter https://twitter...

Microsoft Threat Actor Naming for Office 365 https://t.co/UBp8O9ljX8 — x0rz (@x0rz) Apr 19, 2023 from Twitter https://twitter.com/x0rz ...

At the beginning of the infection chain, the victim receives an invisible iMessage attachment with a zero-click exploit. https://t.co/Tqq7H...

Although I have permanently transitioned to vulnerability research, I have plans to release new versions of Malwoverview and continue maint...

Do you want to start the RemoteRegistry service without Admin privileges? Just write into the "winreg" named pipe 👇 https://t.co...

Palo Alto Networks' Unit 42 researchers analyse Munchkin, a new utility that allows BlackCat operators to propagate the payload to remo...

🧵Pentesting from windows is sometimes like.. Step 1. Login Step 2. Open Explorer Step 3. Open file share Step 4. Search file share for “vm...

I really believe that if your infrastructure can’t survive a user clicking a link, you are doomed. I’m the director of cybersecurity at NSA...

Ransomware Tracker https://t.co/NUHXP8HDUg https://t.co/3qIGDMaQal — Florian Roth (@cyb3rops) Oct 17, 2023 from Twitter https://twitter....

⚡ The NTLM Protocol Animated! 🔴 Quick & Simple Explanation: 🔻 NTLM_NEGOTIATE You type your credentials on your machine (called Client...

Just read amazing blog on webp CVE-2023-4863. creating poc for this: https://t.co/UizhHq1um5 have required lot of efforts and many might ha...

With Microsoft #Graph Activity Log now in public preview let's talk about reconnaissance detection. 📢In my latest blog post I dive dee...

There are a lot of hacktivist groups and known adversaries engaged in the cyber conflict around the #IsraelPalestineConflict. @CrowdStrike ...

Finally, Microsoft Graph Activity log in public preview!! https://t.co/kI67unx9A8 — Dr. Nestori Syynimaa (@DrAzureAD) Oct 13, 2023 from ...

When deploying Defender for Identity, have you been doing Install-ADServiceAccount for the gMSA? I have good news - it does absolutely noth...

Our latest research into the #ToddyCat APT group shows they’re evolving their already honed strategies as well as introducing new loaders. ...

APIs for OSINT As a reminder, I have a Github repo with over a hundred APIs for automating dozens of different #osint tasks: collecting inf...

Bugs happen but it's rare you see a bug that grabs you so hard and makes you nod like a little dog.. CVE-2023-44487 did that for me goo...

The only bottleneck is server processing speed, which makes this an extreme load-test for the victim. Our monitoring measured one attack, c...

🦊 How To Use SOCKS Proxy With BurpSuite 🔴 Step 1 — Browser > Burp Proxy: First, you want to route your browser’s traffic to the Burp P...

This is a pretty nice graphic explaining how Kerberos Auth takes place. Useful to have as a reference when you have to explain and visualiz...

SecAnalyst Sylvain Heiniger (@sploutchy) loves NTLM relay. Dive into his latest blog post to learn how it can be used against Microsoft SQL...

Been thinking about access control checks in AD a lot lately. How they're fairly simple, but fairly misunderstood & overly simplifi...

What's a #CyberSecurity #infosec myth that (appears to be) widely believed that you wish would die? Mine is that CIA conducted a supply...

Use silent #SMS messages to track LTE users’ locations An attacker sends silent SMS messages with a defined pattern and analyze LTE traffic...

If you have just started learning reverse engineering and malware analysis, you should pay attention to simple and well-known tricks that s...

My old girl has been in critical condition since Friday morning. My eyes are swollen from all the tears. The ER clinic sent me this photo, ...

AD Miner Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security w...

Tip: How to come to the stage when you have a large audience. https://t.co/aaz3rlYv9u — @mikko (@mikko) Sep 29, 2023 from Twitter https:...

I feel like 40% is low based on my experience. If you want to check if your AD CS is vulnerable, check out Locksmith. https://t.co/Ur2Ldeof...

Firmware attacks in the wild! 🔥 https://t.co/rqmETyq4QS — Ryan Naraine (@ryanaraine) Sep 27, 2023 from Twitter https://twitter.com/ryan...

My team and I will release a 78-page CTI report this Wednesday, focusing on a threat actor we've linked to China. The entity tied to th...

SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) https://t.co/Baf8SWongW — Marius Avram (@securityshell) Sep 25, 2023 ...

💥 Malware Unpacking MindMap 💥 👇🏽 Covers some basic unpacking techniques 👇🏽 👉🏻 Run and Dump 👉🏻 Self Unpacker 👉🏻 Remote Hollow Pr...

Today's pre-release of YARA 4.4 also contains performance improvements provided by my team It should significantly improve scan speed w...

YARA 4.4.0-rc1 is out! https://t.co/czSEhn0Erb — Victor M. Alvarez (@plusvic) Sep 19, 2023 from Twitter https://twitter.com/plusvic Se...

It's that time of the year again - time to block off a weekend or two and watch videos from #defcon31 on #YouTube! https://t.co/zWO4HNd...

Ever struggled with pointers in C? Now you can struggle even more! Check out my new LaurieWired video on how pointers work in raw RISC-V As...

Write-up & POC for CVE-2023-38146 released Blog - https://t.co/DiRVO4uadN POC - https://t.co/X7ZRLiB2F1 — Nasreddine Bencherchali (@na...

...a country that thought that all of Western Europe and the US were fat, stupid, gay, and being overrun by "Africans" and "...

So, the way it works is to convert your phrase to alphanumeric and flag emojis. Turn: "How to write ransomware in python" Into: ...

While working on #VulkanFiles, I received a tip: an interesting file had been dropped on Virustotal. It turned out to be the master’s thesi...

Here I’m using an angle grinder to sculpt down the paper mache on my lunch breaks. https://t.co/FfQdBJUNh4 — Malware Unicorn (@malwareunic...

If you haven't seen the Microsoft OAuth vulnerability yet, you need to check it out. #nOAuth Anyone in the world is able to access your...

I found the SALTWATER sample from the #Barracuda ESG report on CVE-2023-2868 on VT The funny thing is: s/o appended a 0x00 so that it got a...

We published a joint advisory about a People’s Republic of China (PRC) state-sponsored cyber actor who is living off the land using built-i...

Teaser: Since I'm on vacation I started working on private project named "Cyber Security Hub", a Github project that lists an...

BREAKING: sexual abuse suit against Rudy Giuliani includes bombshell allegation Giuliani told alleged victim he was "SELLING PARDONS...

Well, 12 years ago I warned about the security risks of the new top level domains. People said I’m an old fart defending obsolete ideas. On...