Ariel Jungheit @ArielJT
Life under the sea was so much easier | Lead Cyber Threat Researcher @harfanglab | Maker | Tweets are my own G28 X0 Y0 Z0 Joined March 2009-
Tweets259
-
Followers1K
-
Following289
-
Likes668
We've been tracking MuddyWater campaign abusing Atera Agent, targeting multiple sectors in Israel, but also Europe and Middle East. Read our full analysis: harfanglab.io/en/insidethela…
On March 25, the FBI released an indictment of APT31 hackers. We read it carefully to find new intel, and managed to connect a few dots (including about the RAWDOOR malware family). Full article and IOCs: harfanglab.io/en/insidethela…
We published our in-depth analysis of the I-Soon leak. We detail their offerings, victimology and relationships with known APT activities: harfanglab.io/en/insidethela…
We're working on a huge report. It's coming #isoon.
🇷🇺 Doppelgänger | Russia-Aligned Influence Operation Targets Germany We have been tracking the activities of the suspected Russia-aligned influence operation network Doppelgänger since late November 2023. Here is what we found... 🧵 sentinelone.com/labs/doppelgan… #threatintel
Looks like Edaalate-Ali are set to leak some behind the scenes about the suppression of the 2022-2023 Iran protests in preparation for the upcoming parliament elections on March 1st
Looks like Edaalate-Ali are set to leak some behind the scenes about the suppression of the 2022-2023 Iran protests in preparation for the upcoming parliament elections on March 1st
Following @NicoleFishi19 post, we analysed a very recent campaign impersonating @Israel_Cyber, with ties to Arid Viper. We provide RE and discuss the attribution and Hamas propaganda: harfanglab.io/insidethelab/s…
Today, a malicious campaign impersonating the Israeli National Cyber Directorate (@Israel_Cyber) has been distributing multi-platform malware, including Windows and Android wipers, to distribute anti-war propaganda and an attack ad against Netanyahu. [0]
The abrupt end of TrueCrypt still makes me wonder what really happened
The abrupt end of TrueCrypt still makes me wonder what really happened
Our team's first research piece for 2024 examines a campaign attributed to APT28 by @_CERT_UA, utilizing @Ubiquiti EdgeRouters as infrastructure: harfanglab.io/en/insidethela…
It's not too late to whip out the good old 🔮 Check out our 2024 Threatscape report below: ✅ More direct, official attribution ✅ "Sure we're hacktivist, who's this?" ✅ More IO & FUD ✅ Actors retaliate against Cybersecurity entities ✅ AI goes brrrr harfanglab.io/en/insidethela…
Using public data, we identified hundreds of compromised Ivanti/Pulse Secure gateways online. Critical vulnerabilities (CVE-2023-46805, CVE-2024-21887), revealed by @Volexity, enable unauthenticated remote execution and are actively exploited.
I have to admit, I'm a bit lazy when it comes to organizing my stuff, but I've finally gathered my presentation files, videos, and blogs. Hopefully, this collection comes in handy for someone! 📂 github.com/theseongsu/pre…
#100DaysofYARA I created a web service that allows you to verify on which yara versions your rule compiles. In the past, shipping rules to customers, I wondered if there were limitations but couldn't find out easily. Now I can. yaravalidator.manalyzer.org
🔥 Coming on the pod: Costin Raiu's GReAT exit interview comes with some introspection on exposing certain APT operations @craiu
Hidden gem in @DonnchaC's #37C3 talk on Predator spyware: state actors could generate @letsencrypt certificates for any website by using their MitM capabilities at ISP level to complete verification challenges (both HTTP and DNS I expect). CT may be the only way to detect this.
Thanks to marcan (social.treehouse.systems/@marcan/111655…) and @zhuowei (x.com/zhuowei/status…) now we know the original purpose for this unknown hardware feature. Its MMIO debug registers for GPU L2 cache. I am really excited that we are very close to solving this mystery!
Thanks to marcan (social.treehouse.systems/@marcan/111655…) and @zhuowei (x.com/zhuowei/status…) now we know the original purpose for this unknown hardware feature. Its MMIO debug registers for GPU L2 cache. I am really excited that we are very close to solving this mystery!
Introducing YARA-Forge ⚡️ - Streamlined Public YARA Rule Collection Excited to share my latest project with the community just in time for Christmas! After weeks of hard work, it's finally ready 🎄🎁 Blog Post cyb3rops.medium.com/introducing-ya… Project Page yarahq.github.io
Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇
Ivan Kwiatkowski @JusticeRage
9K Followers 73 Following Lead cyber threat researcher @HarfangLab. Maintainer of Manalyze, Gepetto, and writer. Trolling on a purely personal capacity.
Tyler McLellan @tylabs
3K Followers 599 Following Intrusion aficionado. @Google/@Mandiant Advanced Practices
J. A. Guerrero-Saade @juanandres_gs
15K Followers 255 Following AVP of SentinelLabs @ SentinelOne. Distinguished Fellow @ Hopkins SAIS Alperovitch Institute. LABScon Founder, Cyber Paleontologist, Fourth-Party Collector.
Will @BushidoToken
29K Followers 3K Following Threat Intel & Hunting @Equinix | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | @darknetdiaries #126: REvil
Seongsu Park @unpacker
11K Followers 1K Following Zscaler APT Research | Formerly Kaspersky GREAT | Threat Intelligence Hustler | Tweets are my own | Keybase: @seongsupark | Mastodon: @[email protected]
blackorbird @blackorbird
28K Followers 600 Following Peace and Love. Just Analysis/Hunter. #APT #threatIntelligence #Exploit Need Job
Gabby Roncone 🇺�.. @gabby_roncone
5K Followers 1K Following hunting russian apt cyber ops @Mandiant @GoogleCloud. views expressed here are mine, not my employer’s. she/her.
Silas Cutler // p1nk @silascutler
13K Followers 2K Following Hacker, sometimes researcher @Only_Scans, @mal_share Resident Hacker @InsideStairwell, Adjunct Senior Cyber Threat Researcher @IST_org,
Nick Carr @ItsReallyNick
38K Followers 4K Following Lead, Cyber Crime Intelligence @Microsoft ☠🏛️ Former Incident Response + Threat Research @Mandiant 🦅 Former Chief Technical Analyst @CISAgov 🛡️
Steve YARA Synapse Mi.. @stvemillertime
15K Followers 1K Following cyber-physical intel @google writing & sharing on adversary tradecraft, dfir, malware, threat detection, ics/ot intel and all things #yara
Vitaly Kamluk @vkamluk
3K Followers 456 Following This is a legacy account. Follow me on Mastodon: https://t.co/sKz7VC2unX
Dan Perez @MrDanPerez
4K Followers 1K Following Chief #Threat Aficionado @Mandiant | #Malware Naming Wizard | #Attribution Connoisseur | All tweets are my own. #ThreatIntel #APT
geech 👽👾 @captainGeech42
1K Followers 2K Following cybercrime connoisseur and synapse fanboy | hax @OSUSEC | tweets my own | @[email protected]
Félix Aimé @felixaime
6K Followers 2K Following Threat Intelligence stakhanovite ⛏️ and proud dad. Former @Kaspersky & @CERT_FR. Principal CTI researcher at @sekoia_io, focused on state-sponsored stuff.
Matthew @embee_research
12K Followers 1K Following Malware Researcher & Reverse Engineer | Creating and Sharing Educational Cyber Content
M3nj3 @M3nj3130311
5 Followers 216 Following
Marc @snavemarc
2K Followers 5K Following Nerd. Interests: Tech, Privacy, Cybersecurity. Developer. Dating the delightful @Katelouise23981 PGP: https://t.co/dti1RPc5d0
Thanks Always @iTimonPumbaa
9 Followers 368 Following
Gery Stöckli @r1d3th3wav3s
33 Followers 98 Following
Brozales Mertigo @bromenski
0 Followers 94 Following
David Oxley @oxleyio
3K Followers 973 Following Head of #AWS Cyber Threat Intelligence at @Amazon • @CitizenLab Research Fellow • Ex @Yahoo, @RealArmyCID, @NASAOIG • Thoughts my own💡• Storm Chasing: @wxdox
MH @MorpheusH3x
654 Followers 5K Following Co-founder @securinsa & student @ ESNA • CTF @ret2school_fr • „Call My Leg Does Not Exist“ - RFC 2543 • @[email protected] #VForVictory #FreeAssange
Jonatan G. @jo_gwadloup
50 Followers 477 Following
csgaee @csgaee
185 Followers 2K Following Malware researcher @EG_CERT | threat intelligence @nowhere_reallll
German @germansimk
2 Followers 560 Following
do not identify me @donotidentifyme
0 Followers 2K Following
Berk Albayrak @brkalbyrk7
987 Followers 1K Following Threat Research Team Lead @malwation | TI | OSINT | TA2AQX 📡
Naman Devnani @naman_devnani
331 Followers 5K Following Security Researcher | Purple Team | Bug Hunter | CTF Player | Science & Tech Enthusiast | R&D | All-Source Intelligence | CAP | DCSP | TTIA | BCDE
saintX @saintX
853 Followers 786 Following Espionage Intelligence Alchemist. Threat Intel, teller of truths, annoyer of the feeble minded, known to ramble. CyberDad https://t.co/pfkLQ3KFe1
Yossi Dabah @RedRock_On
16 Followers 90 Following
@#𝐸𝑙𝑜𝑛�.. @ElonsGhostWorm
124 Followers 429 Following 𝑁𝑒𝑣𝑒𝑟 𝑚𝑖𝑛𝑑 𝑚𝑒? 𝐼'𝑚 𝑗𝑢𝑠𝑡 𝑤𝑜𝑟𝑚𝑖𝑛𝑔 𝑚𝑦 𝑤𝑎𝑦 𝑎𝑐𝑟𝑜𝑠𝑠 #𝑋 𝑖𝑛𝑐𝘩 𝑏𝑦 𝑖𝑛𝑐𝘩 🐛 (๑ˇεˇ๑)lala•*¨*•.¸¸laa*
Mourya Chenna @ChennaMourya
5 Followers 165 Following
ice @ice98079542
105 Followers 2K Following
dougy @R3dHash
808 Followers 2K Following Cyber Threat Intelligence | OSINT | Misinformation | Threat Hunting
OIHEC hackers @HackersOIHEC
43K Followers 7K Following Hacker mexicano - Fundador de OIHEC antes OMHE - #opensoc #latam #speaker #pentester #blueteam #redteam #criptoanarquista #security
Shahar Madar @Sh4har
367 Followers 708 Following VP, Security & Trust @FireblocksHQ • Countering FIN threat actors with Security, Identity, and Governance solutions • Personal account
karl @iccamant
48 Followers 426 Following
Vega @VegaM1ssile
2 Followers 28 Following
📡 @XamiLofy
340 Followers 3K Following
Serhii Melnyk @semelnyk
86 Followers 120 Following
Greg Walton ⚗️ (B.. @meta_lab
5K Followers 6K Following Senior Investigator, Cyber Threat Intelligence @SecDev | ex-@Ox_CyberSec, @oiioxford, @CitizenLab | @[email protected]
Alice Climent-Pommere.. @AliceCliment
3K Followers 268 Following Malware and EDR stuff @harfanglab 🤓
kovsec @kovsec
16 Followers 69 Following
Smotoor @Smotoor164316
140 Followers 3K Following
Abigail |أبيغيل @Securityswan
1K Followers 620 Following Financial Services #CTI|#middleeast | she/her | not a corporate account
lima @augustintech
3 Followers 1K Following
Vladyslav @4vladik4
12 Followers 88 Following
seeess @see_ess
541 Followers 1K Following Please listen to our menu options as they have changed 🔑 29B265E6E5985C993F29F7816D36FB96289C75F7 One space after sentences. Opinions are not mine.
mue @realmue
253 Followers 5K Following “They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.”
MrNutz / F4HJA @MrNutz17
123 Followers 406 Following Radio enthusiast (@f4kkf) / Enjoy the life ! Open you mind ! 😘 -compte personnel-
vx-underground @vxunderground
291K Followers 211 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇
Ivan Kwiatkowski @JusticeRage
9K Followers 73 Following Lead cyber threat researcher @HarfangLab. Maintainer of Manalyze, Gepetto, and writer. Trolling on a purely personal capacity.
Tyler McLellan @tylabs
3K Followers 599 Following Intrusion aficionado. @Google/@Mandiant Advanced Practices
J. A. Guerrero-Saade @juanandres_gs
15K Followers 255 Following AVP of SentinelLabs @ SentinelOne. Distinguished Fellow @ Hopkins SAIS Alperovitch Institute. LABScon Founder, Cyber Paleontologist, Fourth-Party Collector.
Unit 42 @Unit42_Intel
51K Followers 88 Following The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Will @BushidoToken
29K Followers 3K Following Threat Intel & Hunting @Equinix | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | @darknetdiaries #126: REvil
John Hultquist @JohnHultquist
28K Followers 1K Following Chief Analyst, Mandiant Intelligence @Google. @CYBERWARCON and @SLEUTHCON founder. Johns Hopkins professor. Army vet.
Seongsu Park @unpacker
11K Followers 1K Following Zscaler APT Research | Formerly Kaspersky GREAT | Threat Intelligence Hustler | Tweets are my own | Keybase: @seongsupark | Mastodon: @[email protected]
blackorbird @blackorbird
28K Followers 600 Following Peace and Love. Just Analysis/Hunter. #APT #threatIntelligence #Exploit Need Job
Silas Cutler // p1nk @silascutler
13K Followers 2K Following Hacker, sometimes researcher @Only_Scans, @mal_share Resident Hacker @InsideStairwell, Adjunct Senior Cyber Threat Researcher @IST_org,
Thomas Rid @RidT
54K Followers 1K Following
Nick Carr @ItsReallyNick
38K Followers 4K Following Lead, Cyber Crime Intelligence @Microsoft ☠🏛️ Former Incident Response + Threat Research @Mandiant 🦅 Former Chief Technical Analyst @CISAgov 🛡️
visi stark ( @invisig.. @invisig0th
4K Followers 662 Following Founder @vtxproject Father of the #APT1 Report @mandiant / @fireeye Inventor of synapse, vivisect, UNCs, imphash, ... DEFCON CTF Champion, Founder of Kenshoto
hasherezade @hasherezade
84K Followers 845 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
Steve YARA Synapse Mi.. @stvemillertime
15K Followers 1K Following cyber-physical intel @google writing & sharing on adversary tradecraft, dfir, malware, threat detection, ics/ot intel and all things #yara
James @James_inthe_box
21K Followers 438 Following
Vitaly Kamluk @vkamluk
3K Followers 456 Following This is a legacy account. Follow me on Mastodon: https://t.co/sKz7VC2unX
אוהד חמו @ohadh1
82K Followers 262 Following
ClearSky Cyber Securi.. @ClearskySec
8K Followers 460 Following Cyber security and threat intelligence company
אינטלי טיימ.. @IntelliTimes
46K Followers 878 Following An intelligence research center on Iran nuclear activity and her Terror Proxies in the Middle East. All Writes Reserved! בלוג המודיעין בטלגרם https://t.co/zXKrCWQq1k
Internal Tech Emails @TechEmails
526K Followers 900 Following Internal tech industry emails that surface in public records. 🔍
cedricpernet 🇺🇦 @cedricpernet
5K Followers 320 Following Senior Threat Researcher@Trend Micro. Cybercrime. Metal dude. Guitars, motorcycles fan.Wrote a book in French language on cyberespionage. Ex-Law Enforcement.
Cyber Team @Cyberteam008
911 Followers 50 Following Threat Hunting | APT Tracking | Malware Analysis | Darkweb Monitoring "Unity is Strength"
Gad Saad @GadSaad
882K Followers 388 Following Professor, Evolutionary Behavioral Scientist, Author. Opinions are mine alone. Retweets do not necessarily imply an endorsement.
Perplexity @perplexity_ai
133K Followers 29 Following Our mission is to serve the world’s curiosity. https://t.co/BBZ1kG0TVG
Alice Climent-Pommere.. @AliceCliment
3K Followers 268 Following Malware and EDR stuff @harfanglab 🤓
Bring Me The Horizon @bmthofficial
1.9M Followers 304 Following
Pasquale Stirparo �.. @pstirparo
4K Followers 2K Following #ThreatIntel #ICS #DFIR; ''Learning iOS Forensics'' author; machofile dev; #BSidesZH #PIVOTcon24 organizer; pers.: @pstirparo_pers; https://t.co/AoJV9URXf6
Joseliyo @Joseliyo_Jstnk
2K Followers 556 Following CTI, Hunting & Detection | Ex @McAfee @BlackBerry | Security Engineer at @Google - @VirusTotal | opinions are my own.
Malpedia @malpedia
5K Followers 2 Following A curated, high-quality malware corpus. Zoo keepers: @push_pnx and @steffenenders_
Edaalate Ali Official.. @EdaalateAli1400
228K Followers 0 Following «سکوت شما یعنی حمایت از ظلمِ و ظالم» ~نوید افکاری ارتباط با ما: https://t.co/mZDNKrfWnM… https://t.co/fwQKKStcLD
PIVOTcon @pivot_con
472 Followers 252 Following Threat Research Conference in Europe - Malaga, Spain - May 2024. #StayTuned #ComingSoon #PIVOTcon #PIVOTcon24
WeRedEvilsOG @redevilsog
3K Followers 28 Following We're cybersecurity experts from Israel - aiming to destroy those who are trying to kill us.
Matthew @embee_research
12K Followers 1K Following Malware Researcher & Reverse Engineer | Creating and Sharing Educational Cyber Content
Intl Jrnl of Intellig.. @Intel_IJIC
4K Followers 203 Following Welcome to the Twitter account for the International Journal of Intelligence and CounterIntelligence, a journal for practitioners and scholars of intelligence.
CyberWar - 싸워 @cyberwar_15
5K Followers 117 Following Since. 2001. 8. 8 / 우리는 2001년 8월 8일부터 북한 사이버 공작원과 싸우고 있습니다.
EU DisinfoLab @DisinfoEU
40K Followers 715 Following Independent EU-focused NGO whose mission it is to raise awareness on #disinformation & contribute to a better information landscape. We are not @EUvsDisinfo 😊
Ben Nimmo @benimmo
30K Followers 1K Following Writer, linguist, diver. Investigating, analysing and exposing influence ops. RT ≠ endorsement.
Cyber Israel - מער.. @Israel_Cyber
5K Followers 444 Following Official account of Israel National Cyber Directorate
VIGINUM @Viginum_Gouv
4K Followers 22 Following VIGINUM est le service technique et opérationnel de l’État chargé de la vigilance et de la protection contre les ingérences numériques étrangères.
community notes viola.. @cnviolations
865K Followers 6 Following not affiliated with @x or @communitynotes | DM Submissions
OSINTdefender @sentdefender
1.1M Followers 800 Following Open Source Intelligence Monitor focused on Europe and Conflicts across the World. RT ≠ Endorsement. Want to Support my Work? https://t.co/PcUbewvWPr
Ryan Naraine @ryanaraine
28K Followers 875 Following I write about hackers and the business of cybersecurity. Podcast + newsletter: https://t.co/ZGEyqy2h7g. Columns: @securityweek. Conference: @labscon_io
Is Now on VT! @Now_on_VT
1K Followers 292 Following Get notified when interesting APT/FIN indicators of compromise appear on https://t.co/Sb3PFMresB. A threat intelligence project by @craiu
Gonjeshke Darande @GonjeshkeDarand
2K Followers 1 Following "نغمه گنجشک سرود آزادی است"! صفحه تلگرام: Telegram: https://t.co/fAbrPW0ZQy صفحه دوم توئیتر: Twitter: @darandegonjeshk
sigalpes @sigalpes@in.. @sigalpes
401 Followers 717 Following Security analyst | CERT | #DFIR | malware | #OpenBSD porter | Wine Mastodon account: https://t.co/kcnmgIn9RL
Elon Musk @elonmusk
181.7M Followers 585 Following
ANSSI @ANSSI_FR
81K Followers 1K Following Tous connectés, tous impliqués, tous responsables - Agence nationale de la sécurité des systèmes d'information -
HarfangLab @harfanglab
747 Followers 42 Following The EDR for Next-Gen #CyberSecurity Experts Choose the best technology Capitalize on the expertise of your SOCs Enable agility in threat response
Tanguy de Coatpont @T_de_Coatpont
377 Followers 294 Following Chief Revenue Officer at @HarfangLab , Paris #cybersec #infosec #security #ThreatIntelligence #EDR
The Dudes @DudesFactory
8K Followers 120 Following An offbeat workshop filled with art, design, gastronomy, good times & high culture. Stores in Berlin, London & wherever. Shipping all over.
Kim Zetter @KimZetter
95K Followers 3K Following Journalist - cyber/national security. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. https://t.co/334DzfSL1f
HaxRob @haxrob
16K Followers 378 Following I enjoy breaking things. Telco / mobile and IoT security. Surfing the information super highway one keystroke at a time.
Marta Gómez @Mrs_DarkDonado
2K Followers 1K Following SWE @virustotal. Mom of two black cats. Hobbyist portrait photographer. Inline skater (mostly focused on freestyle slalom). Opinions are my own.
Teslascope @teslascope
59K Followers 133 Following An elegant view of everything about your Tesla vehicle. We are the worldwide drivers' platform, the highest-rated vehicle companion, and always here to help. 🚘
SKII @SethKingHi
1K Followers 597 Following Senior Security Researcher @kaspersky GReAT, tweets and opinions are my own.
Tesla App Updates (iO.. @Tesla_App_iOS
13K Followers 0 Following We monitor the App Store for any new updates to the Tesla app, then tweet about it if we find a new version. We also de-compile new versions. much wow.
I put the domain in the text message posted by @techstarsrk into Validin and in about 30 seconds found 6,588 additional recently-active smishing domains. Full list here: pastebin.com/nKxMGHgG
After my Brother’s iPhone 14 got stolen. His friend received a message stating that his iPhone has been found. A link was given which took him to the find device website. It asked for the Lockscreen pin that was set on stolen iphone. Only thing is, Its a Fake Fraud Website.👇
twitter Infosec charlatans providing incident response updates for a case they aren’t working
Never forget what they took from us
The Big Sur-ification of macOS Icons blog.jim-nielsen.com/2024/big-sur-i…
Hey #100DaysofYARA friends and fans! I am looking for a successor to take up the 100 days of yara mantle. I’ll still participate of course, but I think the challenge has reached a point where it can grow much more under a more organized eye
I don’t know if this is an unpopular opinion, but here it goes: CTI companies shouldn’t promote analysts names working on APT. Especially when said APT is a military unit known for planting bombs and killing people. Bad #opsec kills.
I was able to run #Doom on a HIIDE 4.0 - Handheld Interagency Identity Detection Equipment. Device is also vulnerable to MS03-026.
What is a Threat Cluster? vertex.link/blogs/what-is-…
israelis are hard as fuck dude
A normal request to the website returns HTML content as you would expect (1st screenshot). But if you change your user-agent to TwitterBot (the one used when generating cards), watch what happens (second screenshot). The server sends a second redirect to the legitimate site.
Mit dem deutschen Regierungsnetz haben wir eine Art riesigen Honeypot, bzw. einen "Magnet of threats". Und damit Daten für empirische Threat-Intelligence-Auswertungen. Wie hartnäckig sind APT-Gruppen? Wie häufig kommen sie nach Angriffsversuchen wieder? bsi.bund.de/DE/Themen/Unte…
Plans to literally "hack the planet" foiled due to 500ms of latency that Andres instinctually investigated. The latency was due how the malicious code parsed symbol tables in memory. openwall.com/lists/oss-secu…
After 7.5 incredible years, today marks my last day with the GReAT. It’s been an honor working alongside such amazing colleagues. Thank you for the memories and support throughout this journey. 🙇
The repo for @executemalware does a great job of documenting the infection path. "INJECTED JAVASCRIPT" can be tracked in Validin using "Host Connections" for JS_LINKS (src=<domain>) to find other potentially infected hosts. 58 domains on 68 IPs.
Here are some #fakeupdate #haneymaney IOCs from today: github.com/executemalware…
Internet scanners are bouncing their traffic through Pi Nodes. This screenshot is from the GreyNoise backend which is running JA4+ on Arkime -- JA4T=29200_2-4-8-1-3_1424_7 is an actor that is bouncing their scans with multiple JA4's through devices running Pi Node. The true…
Excited to join @Mandiant (for the third time) and start a new adventure @googlecloud (for the first time), now shifting my focus to ICS/OT intel. I plan to continue learning and sharing about shenanigans in the cyber-physical realm and hopefully find lots of evil left of boom.
There are still so-called opponents who consider nuclear energy to be the right of the Iranian nation. Undoubtedly, nuclear energy, like all other things, is very useful if it is in the right way and in the hands of the righteous, but nuclear energy in the hands of a dictator is…
Scoop: A workshop in Tehran’s Shadabad which was set ablaze in Aug. 2020 was indeed a covert workshop of Iran’s Atomic Energy Organization, which Tehran hadn’t disclosed to IAEA, an investigative report by @IranIntl based on leaked documents shows. content.iranintl.com/how-a-secret-a…
Check out this list of DLL side-loading commonly employed by the Lazarus group lately. Stay on high alert and be cautious of any unusual DLL file loading from suspicious folder paths Missing DLL: spoolsv.exe ➡️ ualapi.dll Side-loaded by legitimate binary: mobsync.exe ➡️…
Trends for United States
You might like
