Discover and read the best of Twitter Threads about #APT34
Most recents (3)
In response to increased U.S.-Iran tensions & concerns of retaliatory cyber attacks, Iranian intrusion experts @sj94356 & @QW5kcmV3 are on #StateOfTheHack for the latest on all things Iran: #APT33 #APT34 #APT35 #APT39 #MuddyWater & active UNC groups ๐ฎ๐ท๐จโ๐ป๐ต๏ธโโ๏ธ
@sj94356 @QW5kcmV3 Wait, did @YouTube remove the #StateOfTheHack episode? ๐feye.io/soth ๐
Are we being oppressed? Do they think this is a U.S.-Iran influence operation? ... is it? ๐บ๐ธ๐ฎ๐ทAm I going to get a bunch of weird #MAGA replies to this tweet? I have so many questions ๐ ๐
Are we being oppressed? Do they think this is a U.S.-Iran influence operation? ... is it? ๐บ๐ธ๐ฎ๐ทAm I going to get a bunch of weird #MAGA replies to this tweet? I have so many questions ๐ ๐
For more information on mitigations as well as our public source material supporting the discussion from the show, please check out:
โข APT33 graduation: fireeye.com/blog/threat-reโฆ
brighttalk.com/webcast/10703/โฆ
โข APT33 webinar & examples: fireeye.com/blog/threat-reโฆ
... (more below)
โข APT33 graduation: fireeye.com/blog/threat-reโฆ
brighttalk.com/webcast/10703/โฆ
โข APT33 webinar & examples: fireeye.com/blog/threat-reโฆ
... (more below)
๐จA Tough Outlook for Home Page Attacks
๐fireeye.com/blog/threat-reโฆ
Blog has #APT33 ๐ฎ๐ท, #APT34 ๐ฎ๐ท, and #UNC1194 ๐ด๓ ต๓ ณ๓ ฏ๓ จ๓ ฟ๐ home page persistence & RCE.
๐We talk CVE-2017-11774 patch tampering in-the-wild and made a hardening guide!
๐ฑCool TTPs (pictured) #GuardrailsOfTheGalaxy
๐fireeye.com/blog/threat-reโฆ
Blog has #APT33 ๐ฎ๐ท, #APT34 ๐ฎ๐ท, and #UNC1194 ๐ด๓ ต๓ ณ๓ ฏ๓ จ๓ ฟ๐ home page persistence & RCE.
๐We talk CVE-2017-11774 patch tampering in-the-wild and made a hardening guide!
๐ฑCool TTPs (pictured) #GuardrailsOfTheGalaxy
Here is the #UNC1194 first stage (recon) payload stored in an attacker-controlled @Azure storage blob:
Pretty neat that the attacker (@TrustedSec) can conduct a full intrusion by just swapping the storage blob content for the next stage!
Pretty neat that the attacker (@TrustedSec) can conduct a full intrusion by just swapping the storage blob content for the next stage!
This was a fun one to write with McWhirt & @doughsec. We ended up with 3 registry settings to enforce with Group Policy for CVE-2017-11774 Outlook hardening:
fireeye.com/blog/threat-reโฆ
Final step is to enforce GPO reprocessing.
fireeye.com/blog/threat-reโฆ
Final step is to enforce GPO reprocessing.
More #AdvancedPractices team ๐ฆ
in your timeline: โ ๏ธ follow @stonepwn3000.
He just joined - prob will be great tweets. But also maybe a huge mistake. I guess time will tell.
I've maintained this list if you want to follow (or block) everyone on our team: twitter.com/ItsReallyNick/โฆ
He just joined - prob will be great tweets. But also maybe a huge mistake. I guess time will tell.
I've maintained this list if you want to follow (or block) everyone on our team: twitter.com/ItsReallyNick/โฆ
With every teammate on here, we're one step closer to locking in that #APT34 counterstrike match.
Also @stonepwn3000 designed these and that's just something you're all going to have to live with. Especially our significant others who see them on the wall every day. Sorry, that's business.
