Leandro Velasco

@LeandroNVelasco

Malware Reversing | Programming | Engineering | OSCPing | Cooking | D&D | Bouldering | Threat Intel Analyst @ KPN Security

Vrijeme pridruživanja: ožujak 2017.

Tweetovi

Blokirali ste korisnika/cu @LeandroNVelasco

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @LeandroNVelasco

  1. Prikvačeni tweet
    1. lis 2019.

    Did you know that Kibana allows you to use Regex and Fuzzy search in your queries? Take a look at the blog I just published to know more about this and how to hunt for /malicious sites using and !

    Poništi
  2. Great session of presentations for the RP1 (Research project) quite some interesting results, specially after only a couple of weeks of research! Looking forward for the RP2 presentations 👍

    Poništi
  3. proslijedio/la je Tweet

    macOS 10.15.3 is out, fixing a bunch of nasty (remote) bugs! 🍎🐛 ...go patch! 🛡️

    Poništi
  4. proslijedio/la je Tweet
    28. sij

    So glad that was able to cover the blog. Our blog is long and I'm not a writer. He is and has distilled our ramblings:

    Prikaži ovu nit
    Poništi
  5. proslijedio/la je Tweet
    28. sij
    Poništi
  6. proslijedio/la je Tweet
    28. sij

    Blog: Tracking : our analysis of sample configurations, ransom demands and sinkhole data. The REvil affiliates operate at a huge scale encrypting 1000s of systems at once. And we're only seeing a fraction of the total activity.

    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    27. sij

    In a research to RD Gateways in the Netherlands, I see that about 1/3rd of all 's are vulnerable (CVE-2020-0609 and CVE-2020-0610). Please patch! In my dataset are about 1500 servers that are tested tonight.

    Poništi
  8. proslijedio/la je Tweet
    26. sij

    Log Sources - ordered by priority - with ratings in different categories - personal and highly subjective assessment - from my most recent slide deck on low hanging fruits in security monitoring

    Poništi
  9. proslijedio/la je Tweet
    27. sij

    Presenting our analysis tomorrow @ Explanation on the DGA being used, the sinkhole data that we collected and how we were able to execute on the infected bots. Can't join? Read the blog here:

    Poništi
  10. proslijedio/la je Tweet
    24. sij
    Poništi
  11. proslijedio/la je Tweet

    Defenders will need to look at detecting this tool, there’s a very high chance this will be used in targeted ransomware and such - command line execution over RDP protocol (which is encrypted and security solutions don’t inspect).

    Poništi
  12. proslijedio/la je Tweet

    released a free tool that analyzes available log sources and system forensic artifacts to identify whether an ADC appliance has potentially been compromised using CVE-2019-19781 security flaw. You can find the tool and instructions here:

    Poništi
  13. proslijedio/la je Tweet
    21. sij

    Micropatches disabling jscript.dll (CVE-2020-0674) in Internet Explorer 11 and apps using its browser component are now out for both 32-bit and 64-bit: Windows 7 Windows 10 v1709/v1803/v1809 Windows Server 2008 R2 Windows Server 2019 All included in 0patch FREE.

    Prikaži ovu nit
    Poništi
  14. proslijedio/la je Tweet
    21. sij

    FTCODE: taking over (a portion of) the botnet. A write-up on how we were able to control about 4000 bots in the botnet. :)

    Poništi
  15. proslijedio/la je Tweet

    My analysis of Remote Desktop Gateway RCE bugs CVE-2020-0609 & CVE-2020-0610 is up.

    Poništi
  16. proslijedio/la je Tweet
    20. sij
    Poništi
  17. proslijedio/la je Tweet
    18. sij

    If you are unable to install the patch for RDP vulns CVE-2020-0609 and CVE-2020-0610, points out a workaround

    Poništi
  18. 17. sij

    Day 3/3 of my . RULES: no people, no explanations, and challenge one person every day. Challenged by Today I challenge

    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    16. sij

    Remember that I've set up a Malware & APT related custom google search engine that can help in cases in which your expression is not specific enough APT & Malware CSE Sources that this CSE uses

    Poništi
  20. 15. sij

    Day 2/3 of my . RULES: no people, no explanations, and challenge one person every day. Challenged by Today I challenge

    Prikaži ovu nit
    Poništi
  21. proslijedio/la je Tweet
    15. sij

    Windows Remote Desktop Gateway Remote Code Execution Vulnerability CVE-2020-0610 - please immediately update () or move your RDP servers behind a VPN.

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·