Twitter | Pretraživanje | |
Florian Roth
Nextron Systems | Creator of , Valhalla YARA rule feed, Sigma, LOKI, yarGen & much more
16.792
Tweetovi
3.363
Pratim
43.339
Osobe koje vas prate
Tweetovi
Florian Roth proslijedio/la je tweet
Adnan (xanda) Mohd Shukor 4 h
Malaysia CERT, , released an advisory on espionage campaign targeting Malaysia government officials. .Periscope
Reply Retweet Označi sa "sviđa mi se"
Florian Roth proslijedio/la je tweet
Nick Carr 6 h
VBA Stomping in-the-wild: Title: “STOMP 2 DIS: Brilliance in the (Visual) Basics” 🤣 by A financial attacker (active right now!) with unique tradecraft, the C++ backdoor, and very specific music tastes.
Reply Retweet Označi sa "sviđa mi se"
Florian Roth 4 h
Odgovor korisniku/ci @James_inthe_box @hasherezade
You mean, like in PESieve?
Reply Retweet Označi sa "sviđa mi se"
Florian Roth 7 h
Tycho-based Dashboard to Detect Gandcrab | by - interesting Sigma use case - Syscall process tracing + ELK + Sigma for malware detection
Reply Retweet Označi sa "sviđa mi se"
Florian Roth proslijedio/la je tweet
Mark Russinovich 17 h
Coming soon to Sysmon: clipboard logging for malicious RDP session DFIR, and shredded file recovery for capturing hacking tools
Reply Retweet Označi sa "sviđa mi se"
Florian Roth proslijedio/la je tweet
Catalin Cimpanu 4. velj
Backdoor mechanism discovered (again) in HiSilicon chips —Researcher did not notify HiSilicon due to a lack of trust in the vendor to patch the issue —Backdoor was first reported in 2013, and again in 2017, but inadequately patched all this time
Reply Retweet Označi sa "sviđa mi se"
Florian Roth proslijedio/la je tweet
ScumBots 4. velj
Beacon found at SHA256: 5884a9cefa3fa1f841923eefcf4201c0ffacabc275687fa1d2a7786f5cdaf281 C2: http://iexploreservice[.]com/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,
Reply Retweet Označi sa "sviđa mi se"
Florian Roth 14 h
Odgovor korisniku/ci @JayTHL @GossiTheDog
Yes 😝
Reply Retweet Označi sa "sviđa mi se"
Florian Roth 14 h
Odgovor korisniku/ci @techbytom @PaloAltoNtwks
We already have that However, it could be important to know that a specific process dumper has been used. Some legitimate software also accesses lsass process memory (ask CyberArk). The Dumpert rule can get a level “critical”, others cannot.
Reply Retweet Označi sa "sviđa mi se"
Florian Roth proslijedio/la je tweet
Kevin Beaumont 18. velj
Pretty great YARA rules for Australian parliament hack from (APT_WebShell_Tiny_1 flags other stuff which while malicious may not be directly related)
Reply Retweet Označi sa "sviđa mi se"
Florian Roth proslijedio/la je tweet
Mark Russinovich 17 h
Also coming soon: Process Explorer dark mode
Reply Retweet Označi sa "sviđa mi se"
Florian Roth 23 h
Sigma rule to detect Dumpert password dumper - used by Emissary Panda in recent campaigns Dumpert Rule Report by
Reply Retweet Označi sa "sviđa mi se"
Florian Roth proslijedio/la je tweet
Dino A. Dai Zovi 26. sij
The claim in the FTI forensics report on Bezos’ iPhone that, “due to end-to-end encryption employed by WhatsApp, it is virtually impossible to decrypt the contents of the downloader [.enc file]...” bugged me so much that I coded up how to do it:
Reply Retweet Označi sa "sviđa mi se"
Florian Roth proslijedio/la je tweet
Tal Be'ery 3. velj
1/ I just published Hitting a CurveBall Like a Pro! Using to detect and hunt exploits by following the NSA advisory
Reply Retweet Označi sa "sviđa mi se"
Florian Roth proslijedio/la je tweet
Nicolas Krassas 3. velj
TeamViewer stored user passwords encrypted, not hashed, and the key is now public
Reply Retweet Označi sa "sviđa mi se"
Florian Roth proslijedio/la je tweet
John Lambert 4. velj
If you study maldocs you know the Shell() function. Did you know about Interaction$.Shell@()? This malware does: 🔗 Interesting to see how just calling Interaction$.Shell drops the detection rate: 1⃣ 2⃣
Reply Retweet Označi sa "sviđa mi se"
Florian Roth 4. velj
Actors Still Exploiting SharePoint Vulnerability to Attack Middle East Government Organizations
Reply Retweet Označi sa "sviđa mi se"
Florian Roth proslijedio/la je tweet
Catalin Cimpanu 3. velj
BREAKING: Twitter says a suspected state-sponsored actor used its API to match usernames to phone numbers - Attack took place on December 24, 2019 - Twitter said attack came from IPs in Iran, Israel, and Malaysia
Reply Retweet Označi sa "sviđa mi se"
Florian Roth 3. velj
Guide on upgrading your SSH keys to Ed25519
Reply Retweet Označi sa "sviđa mi se"
Florian Roth proslijedio/la je tweet
Darkoperator 3. velj
Getting DNS Client Cached Entries with CIM/WMI
Reply Retweet Označi sa "sviđa mi se"