Twitter | Search | |
Kafeine
Sleep is a symptom of caffeine deprivation.
1,230
Tweets
547
Following
16,448
Followers
Tweets
Kafeine May 25
Here we go... RIG += CVE-2018-8174 thx and Frank Ruiz.
Reply Retweet Like
Kafeine May 19
Replying to @xme
Hello, internal name of this loader is sLoad. Appeared May 1st. Payload is the UK focused Ramnit ( fB1oN5frGqf ). Example: 2a7c7d440bed3a90ad46450b20c4390753c9fda256d0ab100f7725a6e3bda653
Reply Retweet Like
Kafeine retweeted
Anton Ivanov May 8
Root cause analysis of the latest Internet Explorer zero day – CVE-2018-8174
Reply Retweet Like
Kafeine retweeted
Brian Laskowski Apr 27
Replying to @clamav @spamhaus
Time for a part 2 to malware clean up. After analyzing the malware injections I've put together some yara rules that you can use with to help in cleaning up your site and getting off of the CBL blacklist.
Reply Retweet Like
Kafeine retweeted
Brian Laskowski Apr 19
Have a webserver effected by the recent takedown of the EITest botnet, CBL blacklistings got you down in the dumps? Here's a little writeup for our recent cleanup of the leftovers of EITest on webservers.
Reply Retweet Like
Kafeine Apr 12
Reply Retweet Like
Kafeine Apr 9
Reply Retweet Like
Kafeine Apr 3
Replying to @buffaloverflow
Yes. Announced on underground 2 days ago : -- Добавлен CVE 2018-4878 (бьет системы с установленным flash версий 23-28.0.0.137). Стоимость апдейта 350 USD. Стоимость покупки продукта с нуля 1150 USD.
Reply Retweet Like
Kafeine Apr 1
Magnitude += CVE-2018-4878. Blog: updated. (post-exploitation uses PubPrn.vbs for WSH injection as described by )
Reply Retweet Like
Kafeine Mar 30
SandiFlux: Another (Not Darkcloud/Fluxxy) Fast Flux infrastructure emerges.
Reply Retweet Like
Kafeine Mar 28
Reply Retweet Like
Kafeine Mar 28
Distribution illustrated ( malvertising )
Reply Retweet Like
Kafeine retweeted
Matthew Mesa Mar 26
A new blog post we did on ThreadKit history:
Reply Retweet Like
Kafeine Mar 21
There are multiple similarities but this is not KovCoreG. It's compromised server. You'll find some OSINT on that one here : && (not is chthonic in fact here)
Reply Retweet Like
Kafeine Mar 14
I'd say this is Gomo (aka Fobos). There is confusion because for some reasons Gomo used Ebates (aka HookAds) keitaro as step 2 from 2018-02-28 till 2018-03-12 cc
Reply Retweet Like
Kafeine Mar 13
Reply Retweet Like
Kafeine Mar 10
GreenFlash Sundown += CVE-2018-4878 (Flash Player up to 28.0.0.137) cc/thx
Reply Retweet Like
Kafeine retweeted
Costin Raiu Mar 8
Reply Retweet Like
Kafeine Mar 8
Replying to @kafeine
Let's clarify a bit: 1- I am not the author (just relaying his work) 2- This is not about EITest actor (see image to get an idea where it belongs)
Reply Retweet Like
Kafeine Mar 7
"The King of traffic distribution" by an author who prefers to remain anonymous.
Reply Retweet Like