Medijski sadržaj
- Tweetovi
- Tweetovi i odgovori
- Medijski sadržaj, trenutna stranica.
-
hxxps://byteout.xyz/olympic/ad/index.html
They aren't loading the rings logo from the http://olympics.org website. Where did it go? #CyberChef reveals all!pic.twitter.com/wy0qifLlMX
Prikaži ovu nit -
Amsi bypass by patching memory:
https://www.virustotal.com/gui/file/ec559842189ea2002be386a7e599f120d4a7f28c5e342badcffb5e30cec31f6b …pic.twitter.com/1qfTTzByEa
Prikaži ovu nit -
Unicode VBA for obfuscation purposes:
d7987d5bfcd0d8fd206c45b5a83bc429e22759c414d427c8bf1236e7d573f7c3pic.twitter.com/pKeGqOEWqb
Prikaži ovu nit -
Running unexpected things via manage-bde.wsf and COMSPEC
https://www.virustotal.com/gui/file/7493b93fbb8125b28e5d2b7b2984b4e3ff9cd90a083286e7b15a06ee1a0612ae …

https://twitter.com/bohops/status/980659399495741441 … @bohopspic.twitter.com/SOTsepgDCI
Prikaži ovu nit -
Maldocs that launch code via CreateShortcut and SendKeys
https://www.virustotal.com/gui/file/6d6301da1fb7768e748e739dfae38b44770f2f8163cb4f96a3e887dd8afe807c …
https://www.virustotal.com/gui/file/654206e45b5740e6df413b0f93059adb83fcd595fb189cf1397662795de50951/detection …pic.twitter.com/y2uCUSSIWI
Prikaži ovu nit -
#FFVT Follow Friday on interesting VT Submitter Ids. My first is ec31b410 uploading from Denmark. Examples in this threadpic.twitter.com/zHCeN0GuW9
Prikaži ovu nit -
Malware that just quits? I think there's more to the formula in this maldoc.
#oletools reveals all cc/@decalage2
https://www.virustotal.com/gui/file/f0bfbad00ca2cb6a09eb2a9975000f6d5d666f6ecf3d0c066543d867f365e7fc …pic.twitter.com/g9vITlJL5j
-
Blue teamers, just watched this webinar by
@MSSPete on how to use#AzureSentinel to hunt over data. Hypothesis formulation, graph investigation,#Jupyter notebooks, and more! https://twitter.com/PrakashAjeet/status/1222950741565853697 …pic.twitter.com/E6l4bdE08X
-
When you can pivot by submitter id, you can quickly find many more relevant samples. Combined with the other VT meta data, it makes perusing samples very easy.pic.twitter.com/gyWueO6L3d
-
Would someone use the Olympics to phish? Yes, yes they would.
hxxps://amazingmonkeys.es/tokyo2020comiteeolympic/
hxxps://amazingmonkeys.es/olympiccomitee/
hxxps://154dst.com/comiteeolympic/
hxxps://154dst.com/olympiccomitee/
hxxps://154dst.com/olympicinternationalcomitee/pic.twitter.com/YSX8sfEXQt
Prikaži ovu nit -
Sometimes seeing chatter about a file on infosec twitter is a signal to add detection. In this case, a benign file went from 4 detections to 12!pic.twitter.com/Cbn5xgsfXY
Prikaži ovu nit -
Wonder why AV has false positives?
Instructions to enable macros
Obfuscated code
Modifies security settings
Hides VBA project
Password protected sheets
Detections on VirusTotal
Benign
https://www.virustotal.com/gui/file/c98f65e955166843e6aea1b3c8c330e02ea3f1afa16ab51585c2cad7655ccc9e/detection …pic.twitter.com/1UawHZwsNb
Prikaži ovu nit -
To find Satan sometimes start with Murphy. In 2007 I became an exploit failure engineer to find 0-days from studying reliability problems.
@DarknetDiaries Ep 57 has the story.
https://github.com/JohnLaTwC/Shared/blob/master/Presentations/2009%20!pwnd%20JohnLa%20Deck.pptx …
https://twitter.com/DarknetDiaries/status/1219646340277440513 …pic.twitter.com/1xmFAWugkw
-
What do you get when you combine Excel, macros, and macOS? A launcher for the Apfell red team framework.
https://www.virustotal.com/gui/file/23d62c4e33d16a2831c93a4e4aeccf2eadfd861e25b5cdb29ec0505512595d70/detection …
https://www.virustotal.com/gui/file/8dee7c45ef514d2306891ec210e5af5cce170b144218b41edb95add48874f750/details …
By @its_a_feature_:
https://github.com/its-a-feature/Apfell …
https://its-a-feature.github.io/posts/2018/07/bare-bones-apfell-server-code-release/ …pic.twitter.com/vEDo8YIZbU
-
You are not fooling us USAA_2020_bonus_calculator.xls with your use of certutil to decode your executable payload.
https://www.virustotal.com/gui/file/7257da9496e127b899ce8bc6f72bff7a4ac478060ae1283f35eb1a20a5d977de/details …
https://gist.github.com/JohnLaTwC/b5f683f7a1d49dfda67af1e581f80263 …
https://twitter.com/cyb3rops/status/1093883643477528576 …pic.twitter.com/nOgzttrLB9
-
It's not often you get to sit down with someone like Sue Gordon. Looking forward to picking her brain on security, intelligence, and how to make the world a safer place. https://twitter.com/TomBurt45/status/1220762332072005632 …pic.twitter.com/7ZVRs8qjaN
-
Here are examples of what I talked about. The first was someone probing the vulnerability. The next two show a bot in the weaponization process.pic.twitter.com/uBjnk1vU97
-
The exploit had succeeded (in another thread) and was downloading the payload from a server in Japan. See the call to urlmon!URLDownloadToFileA: https://github.com/JohnLaTwC/Shared/blob/master/The%20Inside%20Story%20Behind%20MS08-067.md … The attacker popped the box twice (impatience?) and the second attempt crashed the server.pic.twitter.com/Y1Si3Gt0IH
-
When you have Outlook track what files you open, what does it say when most of your work is in PowerPoint (
) instead of Excel (
) or Word (
)?
pic.twitter.com/IkKXnRnTIA
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.