David Cannings

@edeca

Cyber defense, reverse engineering and network geekery. All views my own.

edeca.net
Vrijeme pridruživanja: rujan 2009.
187 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @edeca

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @edeca

  1. proslijedio/la je Tweet
    prije 21 sat

    Woke up this morning to a message from about a crazy YARA rule he wrote () to look for DLLs where exported functions are at the same RVA. I suggested he look into testing my pending PR (). 1/?

    9 proslijeđenih tweetova 25 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. 29. sij

    A Yara rule to detect RTF & Office documents using controls is available here:

    (Microsoft Terminal Services Client Control) - OnConnecting is a new VBA macro startup method actively being used by latest downloaders. Executes only on W10.
    4 proslijeđena tweeta 1 korisnik označava da mu se sviđa
    Poništi
  3. 10. sij

    Hey - is it acceptable (or responsible) conduct to advertise gambling in this way on ?

    1 reply 2 korisnika označavaju da im se sviđa
    Poništi
  4. 26. pro 2019.

    A tale in two screenshots. You can argue that first name isn’t “personal information”, but I’m sure they’ll happily use it to personalise services as kids age into adults

    1 proslijeđeni tweet
    Poništi
  5. 26. stu 2019.

    A good mixture of technical, strategic content and recommendations. Contact Kris or Jason for more from 🙂

    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. 26. stu 2019.

    “Grouping by campaign code doesn’t always work. Sometimes the threat actor is lazy”, but “around 200 unique campaign codes seen”.

    1 reply 1 korisnik označava da mu se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. 26. stu 2019.

    “MESSAGETAP looks for your IMSI, or phone number, or keywords, and can steal messages. We don’t have 100% coverage to say this is Winnti, but the crossover is interesting” says

    1 reply 5 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  8. 26. stu 2019.

    The Christmas ELF! “A Linux variant that responds in the same way as the Windows Winnti we all know and love”, discovered in late 2017🎄

    1 reply 3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. 26. stu 2019.

    “We noticed a specific Winnti user, a single user, who has been aggressively targeting telcos in 2019, and probably for a few years before that” says

    1 reply 2 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. 26. stu 2019.

    “One of the problems with Winnti is that it refers to the malware but some people also use the name for multiple groups who use it”

    1 reply 3 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. 26. stu 2019.

    Next up at : Kris and Jason from the Cyber Threat Operations team, talking about and some interesting things this group of advanced attackers have been doing in 2019.

    i
    1 reply 2 proslijeđena tweeta 13 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  12. 25. stu 2019.

    “How many of you have heard of ” asks at

    1 reply 1 proslijeđeni tweet 19 korisnika označava da im se sviđa
    Poništi
  13. 25. stu 2019.

    On stage now at - Sveva and Rachel from the threat intelligence team discussing PLEAD and the fun (or challenges) of attribution.

    12 korisnika označava da im se sviđa
    Poništi
  14. 22. stu 2019.

    Had a great time recording a segment for the A-Z of Tech podcast with and . Subscribe at and watch out for December’s issue “J is for Jargon”

    1 reply 2 proslijeđena tweeta 14 korisnika označava da im se sviđa
    Poništi
  15. 19. stu 2019.

    These are not the droids you're looking for... move along...

    4 korisnika označavaju da im se sviđa
    Poništi
  16. 19. stu 2019.

    Starting to see more interesting Sylk files, but still minimal obfuscation 🤡. Note that some of these predate the Outflank blog.

    Screenshot of the contents of a Sylk file, a legacy spreadsheet format that accepts macros. Screenshot shows text like "WriteProcessMemory" and "CreateThread" that are commonly used to load malicious code.
    3 korisnika označavaju da im se sviđa
    Poništi
  17. 22. lis 2019.

    Looks like more YTY (APT-C-35 / Donot) 874d6b4de57892982e06ed5d14025c6b7a89a9a98ec273ad3efe6dd93a6ed355 new to VirusTotal cc

    1 reply 8 proslijeđenih tweetova 14 korisnika označava da im se sviđa
    Poništi
  18. 17. lis 2019.

    Calling comrades, is there a nice way to have (for example) 10 strings where only 3 are required, but these must be in a certain order? e.g. s3,s6,s10 is fine but s7,s1,s4 is not. Paging 🧐

    1 proslijeđeni tweet 3 korisnika označavaju da im se sviđa
    Poništi
  19. 2. lis 2019.

    Another APT-C-35 / sample, new to VT today but unsure if seen before: b3c30e0e20eff19a753b36f053093432afc7983b799c2e4e940c423a274b823d cc

    1 reply 5 proslijeđenih tweetova 8 korisnika označava da im se sviđa
    Poništi
  20. 10. ruj 2019.

    Sad to leave an excellent team , but very excited for a new challenge at PwC with and team.

    10 replies 39 korisnika označava da im se sviđa
    Poništi

@edeca još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·