Daniel Lunghi

@thehellu

Threat researcher mostly focused on

Vrijeme pridruživanja: veljača 2011.

Tweetovi

Blokirali ste korisnika/cu @thehellu

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @thehellu

  1. Prikvačeni tweet
    9. lis 2019.

    The slides of our talk are available! The idea is to give examples of cloud service providers being abused by actors, and how, as defenders, we can leverage it to get more information on such threat actors. Video and paper coming later!

    Poništi
  2. 27. sij

    Je donnerai le même talk au Defcon group Paris jeudi soir au Thirsty Mad Cat, comme ça pas de jaloux :-)

    Prikaži ovu nit
    Poništi
  3. 27. sij

    Si vous êtes à Lille pour CorIIN dès ce soir, n'hésitez pas à passer au Dernier Bar avant la fin du monde, je donne une prés sur des groupes utilisant différents services cloud pour des attaques ciblées, et comment en tirer parti en tant que défenseur

    Prikaži ovu nit
    Poništi
  4. 15. sij

    Following ti360 and our own research, wrote new information about the (likely) financially-driven group APT-C-36, targeting mainly South America and particularly Colombia

    Poništi
  5. proslijedio/la je Tweet
    6. sij
    Poništi
  6. proslijedio/la je Tweet
    12. pro 2019.
    Poništi
  7. proslijedio/la je Tweet
    3. pro 2019.

    For months we at and mapped and tracked code-connections between thousands of Russian APT samples we classified. Our talk from is now available online 🥳 Read the full research here >>

    Poništi
  8. proslijedio/la je Tweet
    25. stu 2019.

    In we take the SOCKS problem seriously. Awesome ! \o/

    Poništi
  9. proslijedio/la je Tweet

    Windows isn't a favorite feature, but details a bug submitted by Eduardo Braun Prado that shows how you can use it to escalate from guest to SYSTEM (includes video)

    Poništi
  10. proslijedio/la je Tweet
    14. stu 2019.
    Poništi
  11. proslijedio/la je Tweet
    5. stu 2019.

    Publication de l'état de la menace liée aux par l'équipe de sur le site Internet du : finalités, cycles de vie et perspectives. Un état de l'art stratégique du domaine.

    Poništi
  12. 24. lis 2019.

    Virus Total updated his sandbox. Some interesting points: - the previous in-house VT sandbox was running Windows XP 1. The new one is Windows 7 - they added JA3 hashes, which might help clustering binaries based on their SSL/TLS initialization fingerprint

    Poništi
  13. 23. lis 2019.

    They also referenced our research on threat actor. The low amount of effort this actor puts into changing their tactics is noticeable by comparing the screenshots in our 2018 research with the Philions screenshot in the BlackBerry research

    Prikaži ovu nit
    Poništi
  14. 23. lis 2019.

    BlackBerry research team published a well documented overview of worldwide groups targeting mobile platform . They add some insight regarding a specific target based in our recent research. Nice work !

    Prikaži ovu nit
    Poništi
  15. 21. lis 2019.

    started timidly by deploying tools in computers they had previously owned themselves, then scanned IP addresses looking for Oilrig ASPX shells, and ended up fully compromising Oilrig C2 servers to get victims as well as Oilrig operators data

    Poništi
  16. 17. lis 2019.

    Nice report from ESET about that shows more cloud services providers (Twitter, Reddit, Imgur...) being abused to store C&C server address. Full analysis including encryption and steganography techniques in the paper

    Poništi
  17. proslijedio/la je Tweet
    14. lis 2019.

    From tweet to rootkit, our analysis by of a signed rootkit highlighted by : [EN] [FR]

    Poništi
  18. proslijedio/la je Tweet
    10. lis 2019.

    As people are disclosing how to hunt for free C2s, here are our prez with Justice from related to from tips and tricks. Note that we follow dozens of implants like that since years. It is just few examples.

    Prikaži ovu nit
    Poništi
  19. 7. lis 2019.

    ANSSI (CERT-FR) gives some ideas on how to detect attacks targeting service providers and design offices. Some of them are quite novel and related to VPN connections, others are more common and related to file paths or registry keys

    Poništi
  20. proslijedio/la je Tweet
    3. lis 2019.

    I helped provide input to the YARA Performance Guidelines () by and I've seen it shared in various places again recently. I'd like to add some updates in this thread...

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·