Jérôme Segura

@jeromesegura

Threat Intelligence . A special interest for web threats.

Vrijeme pridruživanja: veljača 2010.

Tweetovi

Blokirali ste korisnika/cu @jeromesegura

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @jeromesegura

  1. proslijedio/la je Tweet
    prije 4 sata

    Seeing lots of distributing via Word/Excel combo, followed by PowerShell -> fake image Subject: eFAX Message from #[0-9]{8} Payload URL: 107.189.10[.]150/ui/10357780.jpg Payload hash: 7ca62123dabe70a6419aec5cbb2244a5be224789beaf4f4356b6cea9b29df7a7

    Poništi
  2. proslijedio/la je Tweet

    Some light relief? A brand new episode of "Smashing Security" is out now: Episode 163 - "Russian heists and Ring wrongs" with special guest and a featured interview with Enjoy!

    Poništi
  3. proslijedio/la je Tweet
    31. sij

    Malpam with VBS loader fingerprinting the system. * IoCs * Dridex: 635ded83b8e1be3fea6e8899627164f0f983831ce59bb37ddf4a89f86b86b46d

    Poništi
  4. proslijedio/la je Tweet
    29. sij

    💡Le CERT-FR a publié un rapport sur la menace rançongiciel à l'encontre des entreprises et institutions :

    Poništi
  5. proslijedio/la je Tweet
    29. sij

    pushing via CVE-2017-11882 (Equation Editor exploit). * IoCs * f440a587d49886b52586d9dfa8f9a17226b612e10e17cb5b09851ee6abdfdf82 windowsfirewallsecurityauthorise.duckdns[.]org/lvc/svch.exe 7984f74486d3ea0408c80b7474d555b4a2fe5cc9982d8468bd3887a8dbef22b7

    Poništi
  6. proslijedio/la je Tweet
    27. sij

    Our 2019 Website Threat Research Report is live! Catch up on the latest trends in malware and hacked websites in this detailed analysis:

    Poništi
  7. proslijedio/la je Tweet
    27. sij

    Version 0.9.5 - New contextual menus and items - Added as a lookup source - Added 'Force CORS' option (Rules -> Force CORS)

    Poništi
  8. proslijedio/la je Tweet
    27. sij

    Following our investigation into the most sophisticated browser locker campaign to date, a large part of the infrastructure (including the stegano server) was taken down. No new browlock observed since 01/23. Ref:

    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    24. sij

    Thanks to data from we were able to see a new digital skimmer/ loader that's starting to be utilized. It's unique enough that it merits some discussion, even if it's also not fully operational. Let's call it the Prototype loader, I guess.

    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet

    Interested in hunting and making the internet a safer place? We are looking for a passionate threat intelligence to join our team. Apply here:

    Poništi
  11. 22. sij

    WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation

    Poništi
  12. proslijedio/la je Tweet
    21. sij

    changed Webshells for S.A.P v.2.1. The same code logic is being pushed by the same upstream servers via POST queries. My script emotet_webshell_finder.py has been updated to also find those ones

    Poništi
  13. proslijedio/la je Tweet
    21. sij

    My new blog post with is like a mini highlight reel of some of our favorite findings over the past ~6 months. The focus is on clever trickery employed by groups.

    Poništi
  14. proslijedio/la je Tweet
    21. sij

    The servers pushing the payloads to the infected WordPress are running a copy of a deleted Nginx from /tmp/ directory and have ports 31181 (SOCKS) & 31182 (authenticated HTTP Proxy) open, likely to allow forwarding of attackers' queries

    Prikaži ovu nit
    Poništi
  15. proslijedio/la je Tweet
    17. sij

    Want to capture network traffic from the new Microsoft Edge (or Google Chrome)? I've published a short video to show how easy it is to capture traffic using the built-in Net Export feature, and how to analyze it using free tools.

    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    15. sij

    Version 0.9.4.1 - Detection of steganographic payloads and skimmers (disabled by default) - Added elapsed time when running regexes manually (with the run command)

    Poništi
  17. proslijedio/la je Tweet
    13. sij

    Interested in threat hunting and making the internet a safer place? We are looking for a threat intelligence analyst to join our team. Apply here:

    Poništi
  18. proslijedio/la je Tweet
    10. sij

    skimmer stealing from folks donating to Australia's bushfire effort. Skimmer is 'ATMZOW', exfiltration domain vamberlo[.]com was already known.

    Poništi
  19. proslijedio/la je Tweet
    9. sij

    Active hosted on comes from Google Ads malvertising and cloaking. Visit the site directly -> normal blog Visit the site via Google Ad -> browlock IOCs (all domains to block):

    Poništi
  20. proslijedio/la je Tweet
    6. sij

    🧠Research Brain-Dump🧠 Join us for a deep dive into the how’s and why’s of automated malware unpacking. In this video we discuss how we built UnpacMe!

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·