Vitali Kremez

@VK_Intel

Ethical Hacker | Reverse Engineer | "Threat Seeker" by | | Head of Labs

New York, NY
vkremez.com
Vrijeme pridruživanja: kolovoz 2015.
1.358 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @VK_Intel

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @VK_Intel

  1. Prikvačeni tweet
    prije 6 sati

    2020-02-05: [Breaking]🔥🆕 "🇷🇺Pro-Russian CyberSpy Intensifies Ukrainian 🇺🇦 Security Targeting" 🔦The 'Fifth Domain': Gamaredon Wages Silent War with Ukranian Military & Law Enforcement ➡️5k Victim Scope in Ukraine Along 'Separation Line'

    26 proslijeđenih tweetova 39 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. prije 2 sata

    2020-02-05:🔥🆕 🔩Cfg 1⃣"prc":["psexec.exe","system"] 2⃣net":{"use":true,"ignore":{"use":true,"disk":true,"share":["ipc$","admin$"] 3⃣kill":{"use":true,"task":["reboot","restart","shutdown","logoff","back"]} h/t ➡️

    17 proslijeđenih tweetova 30 korisnika označava da im se sviđa
    Poništi
  3. prije 6 sati

    🤔Gamaredon activities serve as a testing ground for Russian to observe the potential of cyber warfare in a contemporary violent conflict or in a state-wide political confrontation. 🛡️🤳While not super tech sophisticated, this (little a)PT group is important to track.

    2 proslijeđena tweeta 12 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  4. prije 9 sati

    2020-02-05:🛸🔥 🔓| 1⃣'Auto decrypt' & 'Manual decrypt' Mode 2⃣RegisterClassW 'netwallker' 3⃣Build:Nov 12 09:57:08 2019 4⃣Resource Name Troll😆:"1337" 'Load keys config'➡️'expand 32-byte kexpand 16-byte k' 6⃣Net MPR.DLL API h/t

    22 proslijeđena tweeta 34 korisnika označavaju da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    prije 10 sati

    So, hearing that Toll Group got hit with ransomware that is caled "Mailto"... But (just as with REvil), we can take a look at the decrypter for it, and then we see they named it "Netwalker Decrypter", instead of "Mailto Decrypter" or anything else... cc

    13 proslijeđenih tweetova 23 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. prije 12 sati

    🔥It is notable Ryuk has 🇰🇷South Korea CLSID in decoder for 'HKLM\SYSTEM\ControlSet001\Control\Nls\Language\InstallLanguage': 1⃣'0x412'/'1042' CLSID 2⃣icalcs /grant Everyone:F /T /C /Q (modify access control) 3⃣'HERMES' usual marker 4⃣usual "8 LAN" arg

    4 proslijeđena tweeta 18 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. prije 12 sati

    2020-02-05:👾 🔒| 🔩Sunday Build: Jan 19 13:24:28 2020 🆕String Dec for ( i = 0; i < len_byt; ++i ) *(_BYTE *)(i + bin) -=*(_BYTE *)(ind + 4 * (iter % arg_div)); Cert 🔽 h/t MD5:31a8623c16177fb3e4619d05d97335fa

    29 proslijeđenih tweetova 57 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. 4. velj

    2020-02-04:🔥🆕(UNK) Powershell Loader➡️ | 🇫🇮[Datasähkö Uusimaa Oy] 🎠Decoy:"Windows is up to date" 🗡️Injection 'RtlCreateUserThread': VirtualAllocEx➡️WriteProcess➡️RtlCreateUserThread h/t MD5: fc3d18547cde73df7ed188ce6e0f4fb0

    24 proslijeđena tweeta 51 korisnik označava da mu se sviđa
    Poništi
  9. 4. velj

    ✅🛡️Block the following servers for this install: 🛑[HTTP] GatewayAddress=GJUAUYFHJHA. CN:443 SecondaryGateway=sasggegzui. cn:443 GSK=FO;H@BEA9I?BCIFO;F?H 🔦Domains are .cn 🇨🇳over port 443

    12 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. 4. velj

    2020-02-04:🔥🆕 Manager 🐀V12.10F8 | 🇺🇦[FAN-CHAI,TOV] NSIS➡️ Script➡️NSM HookKeyboard➡️\.\KeyboardClass|PointerClass0 ftr [nskbfltr.NT.Wdf] KmdfService:nskbfltr,nskbfltr_wdfsect h/t MD5: 603ea83bd595e21d32b87139adf23612

    1 reply 24 proslijeđena tweeta 55 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    4. velj

    Some signed downloader sample from December: 74cd333a24cedc7f0f1f5f1a0a025dc6bcf0d508fd5131fdd33f7756702e15cd It already had much Trump related strings (look at the sample for all), maybe as bypass (different way than here: ) method/attempt? 🤔 cc

    8 proslijeđenih tweetova 17 korisnika označava da im se sviđa
    Poništi
  12. 4. velj

    2020-02-03: 📌🔥[Researcher Pin] 🐍/ Ransomware Analysis & ICS Targeting Perspective 🔦As the ransomware strain was first identified and discovered with myself & hunting for Golang ransomware. 💭Sober outlook & analysis from the intel perspective.

    Dragos initially learned of a new variant, “Snake” or “EKANS,” on January 6, 2020 that has the functionality to forcibly stop a number of processes, including multiple items related to operations. Read the full, public report here:
    28 proslijeđenih tweetova 57 korisnika označava da im se sviđa
    Poništi
  13. 3. velj

    ⚔️⛑️Team, we're looking for your feedback & offering a 10% discount😎as we are working on advanced analysis & reverse engineering course. 📈Our first course attracted ~5,000 global students w/ 100+ certified w/ 7hrs of latest malware/RE content. The form is below.👇

    Since the release of Z2H and my course, and I have had a lot of requests to release a more advanced one, so we've drafted up a possible syllabus! We'd love to hear your opinions on it! Plus we'll be giving 10% off to everyone who completes it!
    15 proslijeđenih tweetova 34 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    3. velj

    Since the release of Z2H and my course, and I have had a lot of requests to release a more advanced one, so we've drafted up a possible syllabus! We'd love to hear your opinions on it! Plus we'll be giving 10% off to everyone who completes it!

    5 replies 19 proslijeđenih tweetova 75 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    3. velj

    DoppelPaymer Ransomware Sells Victims' Data on Darknet if Not Paid - by

    1 reply 29 proslijeđenih tweetova 38 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. 3. velj

    2020-02-03:🉑 🔒 "Logging enabled | Maze" Note: 1⃣Hacked network 2⃣Downloaded a lot of data from network 3⃣Google "Allied Universal Maze Ransomware" 4⃣If paid, the data will be removed & decryptor will be given h/t 🔽🇰🇵:

    1 reply 31 proslijeđeni tweet 53 korisnika označavaju da im se sviđa
    Poništi
  17. 3. velj

    2020-02-03:🆕🔥 Loader➡️ 'HiddenDesktop' 1⃣"FudV"|2⃣Recompiled from Leak| 3⃣AVE_MARIA 🛡️C2: 94.103.81. 79 👾PDB: C:\Users\Administrator\Documents\c++ project\hVNC\Client\Release\FudV.pdb h/t MD5: 6d8d825d00a4a1d8e3f406bad69fa4a7

    37 proslijeđenih tweetova 72 korisnika označavaju da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    3. velj

    Vitali talked me into leaving my malware lab

    2020-02-02:📆[Meetup] I will be in 🇮🇱 Tel Aviv, Israel on the first time trip🙂. 🤗I invite you to join our researher meetup if you're local and/or there for on February 6 @ 6pm. We'll share notable observations from & world.
    2 proslijeđena tweeta 13 korisnika označava da im se sviđa
    Poništi
  19. 2. velj

    2020-02-02:📆[Meetup] I will be in 🇮🇱 Tel Aviv, Israel on the first time trip🙂. 🤗I invite you to join our researher meetup if you're local and/or there for on February 6 @ 6pm. We'll share notable observations from & world.

    5 replies 11 proslijeđenih tweetova 50 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    31. sij

    I hope my last 3 write-ups have covered the subject of filesystem bugs enough. It talks about discovery using procmon, and also poc writing now. You can just copy paste from the poc on github for a lot of bugs I guess. I hope it helps get atleast one person into the field.

    11 replies 11 proslijeđenih tweetova 149 korisnika označava da im se sviđa
    Poništi

@VK_Intel još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·