12.
Florian Roth ⛰
@cyb3rops
I think we need a
TLP:DontTellAnyoneThatIToldYouAboutIt
TLP:DontTellAnyoneThatIToldYouAboutIt
13.
Florian Roth ⛰
@cyb3rops
Wow pretty cool, idk who needs it but I'm sharing this site here just in case
explainshell.com pic.twitter.com/OHQGJFZpxg
explainshell.com pic.twitter.com/OHQGJFZpxg
14.
15.
16.
17.
18.
Florian Roth
@cyb3rops
#HuntingTipOfTheDay
️"Something's trying to disable Windows Defender."
"Who cares? We don't run Defende… twitter.com/i/web/status/1…
️"Something's trying to disable Windows Defender."
"Who cares? We don't run Defende… twitter.com/i/web/status/1…
Retweet of status by @JohnLaTwC
Florian Roth
@cyb3rops
[New Blog] Understanding & Detecting C2 Frameworks — BabyShark by @UnkL4b
- Server written in Python / Flask.
-… twitter.com/i/web/status/1…
- Server written in Python / Flask.
-… twitter.com/i/web/status/1…
Retweet of status by @nas_bench
Florian Roth
@cyb3rops
Update to macOS 11.3, like now.
Read about, IMHO, the worst macOS bug in recent memory (in terms of its ease… twitter.com/i/web/status/1…
Read about, IMHO, the worst macOS bug in recent memory (in terms of its ease… twitter.com/i/web/status/1…
Retweet of status by @patrickwardle
Florian Roth
@cyb3rops
Facebook services and a bunch of others appear to be down right now
#PrettySureItsStuxnet pic.twitter.com/flNqPhxsn6
#PrettySureItsStuxnet pic.twitter.com/flNqPhxsn6
Retweet of status by @campuscodi
Florian Roth
@cyb3rops
This have a recent sample that looks like Lazarus, uploaded today in VT (only in VT)
virustotal.com/gui/file/868a6… twitter.com/BushidoToken/s…
virustotal.com/gui/file/868a6… twitter.com/BushidoToken/s…
Retweet of status by @Arkbird_SOLG
19.
20.
21.
22.
Florian Roth
@cyb3rops
New loader by #Lazarus - Operation In(ter)ception
Reused decoy and obfuscated macros
Loader compiled on 2021-… twitter.com/i/web/status/1…
Reused decoy and obfuscated macros
Loader compiled on 2021-… twitter.com/i/web/status/1…
Retweet of status by @_CPResearch_
Florian Roth
@cyb3rops
#Ransomware fun idea:
Couldn't we just replace vssadmin.exe with an executable that kills its parent process
Couldn't we just replace vssadmin.exe with an executable that kills its parent process
Florian Roth
@cyb3rops
Simple Security Assessment Metrics No1
Number of Domains Admins > Number of Domain Users / 1000 + 2
if True you… twitter.com/i/web/status/1…
Number of Domains Admins > Number of Domain Users / 1000 + 2
if True you… twitter.com/i/web/status/1…
Florian Roth
@cyb3rops
2020-08-07: #Meterpreter Reverse Shellcode Loader
Golang Crypter Sequence (possible AV detection defeat):
Vir… twitter.com/i/web/status/1…
Golang Crypter Sequence (possible AV detection defeat):
Vir… twitter.com/i/web/status/1…
...but wait! There's more!
12.
fakhright
@fakhright
astaghfirullah peng.krim guaaaaaaaa..............a *salto sambil solat*
