Elmar Nabigaev

@tlp_red

State-sponsored Advanced Persistent Threat Researcher Head of PT ESC threat research 🔥 DFIR 🔍 Threat Intel 🎯 Threat Hunting🕵️‍♂️OSINT👥

Moscow, Russia
linkedin.com/in/elmarnabiga…
Vrijeme pridruživanja: listopad 2015.
12 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @tlp_red

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @tlp_red

  1. 29. sij

    Wait, what? They have so many actors in the network, they actually slow each other down. And this is the UN "well-structured infosec program"... I guess, I've being doing this infosec thing wrong all along.

    A UN spokesperson added, "Fortunately, the sheer number of threat actors within the UN networks caused so much latency that only a small percentage of data was actually taken. At the UN we consider this part of our well-structured information security program."
    1 korisnik označava da mu se sviđa
    Poništi
  2. proslijedio/la je Tweet
    26. sij

    Ladies and gentlemen, I present you a working Remote Code Execution (RCE) exploit for the Remote Desktop Gateway (CVE-2020-0609 & CVE-2020-0610). Accidentally followed a few rabbit holes but got it to work! Time to write a blog post ;) Don't forget to patch!

    47 replies 1.122 proslijeđena tweeta 3.143 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  3. proslijedio/la je Tweet
    24. sij

    My simple script for erase opaque jumps from code. Based on miasm framework.

    2 proslijeđena tweeta 6 korisnika označava da im se sviđa
    Poništi
  4. 21. sij

    Anniversary PHDays CFP is open I'm organizing defense track, which will cover all things If you're doing come join us to kick some ass and chew bubble gum, it's gonna be awesome.

    4 proslijeđena tweeta 4 korisnika označavaju da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    18. sij

    Scared by latest CVE-2020-0601 certificate spoofing vulnerability? We did a detection rule for you. It covers all known exploitations of TLS certificates and executable signing. Find it here:

    34 proslijeđena tweeta 60 korisnika označava da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    19. pro 2019.

    You already know .NET/MSIL imphashes f34d5f2d4577ed6d9ceec516c1f5a744 & dae02f32a21e03ce65412f6e56942daa are fairly useless for detection purposes, but did you know there's also a common imphash for Go/Golang PEs? f0070935b15a909b9dc00be7997e6112 cc:

    14 proslijeđenih tweetova 48 korisnika označava da im se sviđa
    Poništi
  7. proslijedio/la je Tweet
    20. pro 2019.

    Important tip!!! Recovering MFT entries from memory does *NOT* just duplicate what is on disk! You also get: - Entries of deleted files that are overwritten in - Entries from *previously* attached NTFS-formatted removable media - Entries from encrypted stores

    7 replies 78 proslijeđenih tweetova 200 korisnika označava da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    15. pro 2019.

    Release a few lines of Powershell to do some basic reverse TCP shell... and watch how the l33t APT hunters go crazy 😂 IT’S REVERSE TCP... I half want to port it to C# for more hilarity 🤣

    15 replies 20 proslijeđenih tweetova 151 korisnik označava da mu se sviđa
    Poništi
  9. proslijedio/la je Tweet
    16. pro 2019.

    A few fresh and rebuilt samples related to group. The Vigenere encryption for strings remains the same.

    1 reply 7 proslijeđenih tweetova 16 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  10. proslijedio/la je Tweet
    9. pro 2019.

    AV telemetry can be incredibly powerful and in the past has helped with investigations against sophisticated adversaries but when a vendor decides to sell that telemetry to advertisers you're committing a disservice to the rest of the industry. This is why you end up with GDPR.

    Avast, a cybersecurity company, sells its customers' browsing data
    Prikaži ovu nit
    5 replies 54 proslijeđena tweeta 121 korisnik označava da mu se sviđa
    Poništi
  11. proslijedio/la je Tweet
    2. pro 2019.

    New , and so on... ready to be signed for the next year😘 Reminder: is only about authenticity, authoring and to prevent alteration after signing

    50 proslijeđenih tweetova 136 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    2. pro 2019.

    Native support for base64 - accounting for padding (3x) - from 💙 [tagging several tool authors who have included this feature in scripts for defenders]

    Korisnici , , i
    11 proslijeđenih tweetova 52 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  13. proslijedio/la je Tweet
    28. stu 2019.

    Problems with an office document? Nothing after opening? Seems that suspicious? Try to print out it! 27a10e250f846dbfca0f56b12913d60d

    4 proslijeđena tweeta 1 korisnik označava da mu se sviđa
    Poništi
  14. proslijedio/la je Tweet
    19. stu 2019.

    Infrastructure overlaps between and (Codoso/APT19) groups. Both groups are the same or some third actor shares hosts ... copaininfo[.]com gestione6781[.]com

    1 proslijeđeni tweet 1 korisnik označava da mu se sviđa
    Poništi
  15. 17. stu 2019.

    Disgusting to see, used this info to PR his firm. What a dick move. I'm on side. After that kind of thing, you wonder why everyone hesitates to share, even in "trusted" groups.

    To me this is a big takeaway from Sandworm. If this is true, it’s a giant cocksucker move by Lee. People should totally shitlist him regarding any information and samples sharing.
    Poništi
  16. proslijedio/la je Tweet
    14. stu 2019.

    A few more downloaders from targeted attacks in : 46d2045598c6482ce7b58497018230a9 hxxp://185.207.204.210/providers/oracle 545ec86c5c70f63e1921c5e58c9b7050 hxxp://185.207.204.210/media/vlcaddons

    1 reply 4 proslijeđena tweeta 8 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. 15. stu 2019.

    It's up. TL:DR Extract some vmware tools commands from memory dumps such as commands run, files copied etc. Both Linux and Windows vmtools supported. Although, I didn't win, it was a really great learning experience.

    Poništi
  18. 15. stu 2019.

    Did you know, you could extract credentials in plain-text from VMware Tools? Stay tuned for release!

    6 proslijeđenih tweetova 7 korisnika označava da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    13. stu 2019.

    A few signed and parameterized backdoors with AES CBC encoded and LZNT1 compressed main module. Pay attention to a padding part: C&C address is at the end of the module and can be decoded improperly.

    1 reply 1 proslijeđeni tweet
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    6. stu 2019.

    Don't forget that if you host open source security software on or hosting services located in US, you might be bound to US export restrictions. Having localised EU mirror of git repositories can be important for some of your users or contributors.

    22 proslijeđena tweeta 31 korisnik označava da mu se sviđa
    Poništi

@tlp_red još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·