Discover and read the best of Twitter Threads about #APT34

Most recents (3)

In response to increased U.S.-Iran tensions & concerns of retaliatory cyber attacks, Iranian intrusion experts @sj94356 & @QW5kcmV3 are on #StateOfTheHack for the latest on all things Iran: #APT33 #APT34 #APT35 #APT39 #MuddyWater & active UNC groups ๐Ÿ‡ฎ๐Ÿ‡ท๐Ÿ‘จโ€๐Ÿ’ป๐Ÿ•ต๏ธโ€โ™‚๏ธ
@sj94356 @QW5kcmV3 Wait, did @YouTube remove the #StateOfTheHack episode? ๐Ÿ‘‰feye.io/soth ๐Ÿ‘€
Are we being oppressed? Do they think this is a U.S.-Iran influence operation? ... is it? ๐Ÿ‡บ๐Ÿ‡ธ๐Ÿ‡ฎ๐Ÿ‡ทAm I going to get a bunch of weird #MAGA replies to this tweet? I have so many questions ๐Ÿ˜…๐Ÿ™ƒ ImageImage
For more information on mitigations as well as our public source material supporting the discussion from the show, please check out:
โ€ข APT33 graduation: fireeye.com/blog/threat-reโ€ฆ
brighttalk.com/webcast/10703/โ€ฆ
โ€ข APT33 webinar & examples: fireeye.com/blog/threat-reโ€ฆ
... (more below)
Read 9 tweets
๐Ÿ”จA Tough Outlook for Home Page Attacks
๐Ÿ”—fireeye.com/blog/threat-reโ€ฆ
Blog has #APT33 ๐Ÿ‡ฎ๐Ÿ‡ท, #APT34 ๐Ÿ‡ฎ๐Ÿ‡ท, and #UNC1194 ๐Ÿด๓ ต๓ ณ๓ ฏ๓ จ๓ ฟ๐Ÿ˜‰ home page persistence & RCE.
๐Ÿ”’We talk CVE-2017-11774 patch tampering in-the-wild and made a hardening guide!
๐Ÿ˜ฑCool TTPs (pictured) #GuardrailsOfTheGalaxy UNC1194 macros and CVE-2017...Domain guardrail, Azure sto...
Here is the #UNC1194 first stage (recon) payload stored in an attacker-controlled @Azure storage blob:
Pretty neat that the attacker (@TrustedSec) can conduct a full intrusion by just swapping the storage blob content for the next stage!
This was a fun one to write with McWhirt & @doughsec. We ended up with 3 registry settings to enforce with Group Policy for CVE-2017-11774 Outlook hardening:
fireeye.com/blog/threat-reโ€ฆ
Final step is to enforce GPO reprocessing. Image
Read 6 tweets
More #AdvancedPractices team ๐Ÿฆ… in your timeline: โš ๏ธ follow @stonepwn3000.

He just joined - prob will be great tweets. But also maybe a huge mistake. I guess time will tell.

I've maintained this list if you want to follow (or block) everyone on our team: twitter.com/ItsReallyNick/โ€ฆ
With every teammate on here, we're one step closer to locking in that #APT34 counterstrike match.
Also @stonepwn3000 designed these and that's just something you're all going to have to live with. Especially our significant others who see them on the wall every day. Sorry, that's business.
Read 3 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!