Twitter | Search | |
Kyle Wilhoit
Causing pain to cyber criminals and state entities worldwide. BR Jiu Jitsu. BH USA Guest Review Board. Co-author on Hacking Exposed- ICS. Thoughts are my own.
1,365
Tweets
1,635
Following
2,078
Followers
Tweets
Kyle Wilhoit May 16
Had a few people ask me what I liked using to help befuddle attackers on honeypots... AND
Reply Retweet Like
Kyle Wilhoit May 8
I think 2a49d29d58d4d962bee5430e40f488bb79ebab92cf13db5bb4708f3eaf95caed is also related.
Reply Retweet Like
Kyle Wilhoit retweeted
Black Hat Apr 24
ANNOUNCEMENT: Parisa Tabriz (), Director of Engineering at Google, responsible for Chrome security and Project Zero, to Keynote 2018.
Reply Retweet Like
Kyle Wilhoit Apr 17
"SquirtDanger: The Swiss Army Knife Malware from Veteran Malware Author TheBottle"
Reply Retweet Like
Kyle Wilhoit retweeted
Tom Lancaster Apr 12
New trend - write a blog saying how you know something, but don't tell anyone about what you know: cc
Reply Retweet Like
Kyle Wilhoit retweeted
roach Apr 6
More on KevDroid, and new downloaders and infrastructure used by the Reaper Group
Reply Retweet Like
Kyle Wilhoit Mar 25
Thank you!!!
Reply Retweet Like
Kyle Wilhoit retweeted
John Hultquist Mar 22
In addition to Guccifer 2.0 APT28 has probably run ops through the personas CyberCaliphate, CyberBerkut, DCLeaks, Fancy Bears Hack Team, Bozkurt Hackers, Anonymous Poland and more. Their efforts mirrored work done by Internet Research Agency.
Reply Retweet Like
Kyle Wilhoit retweeted
Unit 42 Mar 20
uncovers TeleRAT: an Android trojan abusing Telegram’s Bot API for C2 and data exfiltration
Reply Retweet Like
Kyle Wilhoit Mar 5
Reply Retweet Like
Kyle Wilhoit Mar 1
Replying to @YoavfFlint @wandera
I didn't search on the C2 domain itself. I searched on the POST path, since there were over 4k domains (according to Wandera) that were involved in this. This was just the first sample I cam across. Most of the other C2's I've found have the same structure charge.*.com.
Reply Retweet Like
Kyle Wilhoit Mar 1
Replying to @YoavfFlint @wandera
Thanks :) I can send you the sample if you'd like. I plan on posting some additional hashes today (Without help from may I add) that appear to also be . I searched on the URL path from the screenshot in their blog.
Reply Retweet Like
Kyle Wilhoit Feb 28
Replying to @wandera
Dug it out based on the POST path in the screenshot from the blog. Followed so you can DM.
Reply Retweet Like
Kyle Wilhoit Feb 28
Is it just me, or does it seem like no one is posting indicators? 804ff94a3ac91430c4a50d8d991578de13abba6233a7714c664965555a11d36b ?
Reply Retweet Like
Kyle Wilhoit Feb 27
indicators for RedDrop?
Reply Retweet Like
Kyle Wilhoit Feb 27
Replying to @KateKuehn
Indicators?
Reply Retweet Like
Kyle Wilhoit retweeted
KT Feb 19
I've just published a hobby project of mine: , a new programming language / transpiler hybrid. Write code in 11 languages at the same time!
Reply Retweet Like
Kyle Wilhoit Feb 13
Replying to @cedricpernet
Hey dude! No hashes in doc?
Reply Retweet Like
Kyle Wilhoit retweeted
Wesley Shields Feb 6
YARA neighbors: This is working now. ;) // Iutn=morzo|p=~|ssri rule a { strings: = "This program cannot" xor condition: any of them } wxs@mbp yara % ./yara -s xor.yara xor.yara a xor.yara 0x35:$a: This program cannot 0x3:$a_1d: Iutn=morzo|p=~|ssri wxs@mbp yara %
Reply Retweet Like
Kyle Wilhoit Feb 6
Reply Retweet Like