Discover and read the best of Twitter Threads about #Malware

Most recents (24)

BREAKING!! New SMS phishing campaign pretending to be from the United States Post Office being pushed out to cell phones today. So far the link in the SMS being used is this domain m9sxv[.]info. Here are a couple of sample texts we have collected. #infosec #malware #smish #osint
The m9sxv[.]info domain was just registered today and here are few sample links we have collected so far. @kyleehmke @RiskIQ @ydklijnsma #infosec #malware #smish #osint
There is a fair amount of victim fingerprinting going on based on the device ect... Here m9sxv[.]info immediately redirects to a jtuzd.rdtk[.]io link. #infosec #malware #smish #osint #phishing
Read 10 tweets
One tactic that needs to be used more often in #malware development is distributed multi-binary components.

Separate each of your components into unique binaries and communicate to them via IPC or something similar.

Each binary is given a single purposes: File IO, Registry etc
There are several advantages to this:

Sandboxes will score each component separately and are more likely to not block a binary that just accesses the File System or registry because essentially it is harmless

Also components can use LOLBins if they are available as substitutes
Also you can recompiled the multi-components individually much easier than recompiling a whole project.

Also dont forget to write garbage to your padding sections / end of binary to easily change your file hashes.
Read 3 tweets
WARNING 🔥 CVE-2020-1350 (CVSS 10)

A critical 17-year-old 'wormable' RCE #vulnerability affects Windows DNS Servers (2013 to 2019 editions) that could let unauthenticated hackers gain 'Domain Admin' privileges on the targeted servers.

Details — thehackernews.com/2020/07/window…

#infosec
Researchers confirm the new #Windows vulnerability, dubbed 'SigRed,' is a wormable bug, allowing attackers to launch #malware attacks that can spread from one vulnerable computer to another without any human interaction.

#cybersecurity #sysadmins #microsoft #informationsecurity
If exploited, #SigRed Windows Server #vulnerability enables hackers to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials, and eventually compromise an organization's entire IT infrastructure.

thehackernews.com/2020/07/window…
Read 8 tweets
Todays #VBALostArts Topic: #Sandbox Detection

So a few hours ago I whipped up a super basic Office #malware whose goal was to extract as much info from sandboxes as possible and send it in the clear so you can gather all the configurations of the sandbox.

I named it Thumper
Thumper does 4 things:
- Built In Office/VBA Info Gathering
- Registry Reading (USER & LM)
- RecentFiles Methods
- Shoots results via HTTP (so you can see)

It does this (by design) with the elegance of a herd of drunken water buffaloes dancing to Russian hard bass in a tea shop.
As the reference to the name, it's meant to call the sandworms hidding in the dunes.

And if you want to detect and avoid almost all of the sandboxes - easiest way is to check the DateTime stamps of RecentFile methods of Word.

Like This: Image
Read 8 tweets
Fabio Ciucci on LinkedIn [1/6]: Police infiltrated the Dutch #Encrochat encrypted phone system, arrested 746 criminals involved in murder & drug trafficking. Seized £54 mln cash, 1.5 tn cocaine, 28 mln pills, drug labs, 55 luxury cars, 80 firearms. 200 potential murders averted.
Fabio Ciucci on LinkedIn [2/6]: About 60,000 users (mostly in Europe and the Middle East) paid £3,000 a year for an #Encrochat modified BQ Aquaris X2 Android phone, the gangster's industry standard. #cybercrime
Fabio Ciucci on LinkedIn [3/6]: In March, the French police uploaded #malware for the X2 device that disabled the data wiping and recorded all before #encryption, enabling the reading of 100 million messages by UK, Dutch, French, etc. investigators.
Read 7 tweets
INFOGRAPHIC🔎Timeline of @FBI’s #FISAAbuse in Trump Campaign Investigation

#EpochTimes provides a comprehensive timeline of details from the #IGReport, describing how the #FBI rushed to #Spy on the Trump campaign and the flaws in its case.

See more: theepochtimes.com/infographic-ti…
In its pursuit of establishing #Surveillance on the Trump campaign, the #FBI turned its attention to @CarterWPage in the spring of 2016, culminating in the issuance of a #FISA warrant—which allows for some of the most intrusive #Spying methods on an US citizen.
As part of this process, the #FBI relied extensively on the flawed #SteeleDossier, leading an @FBI legal counsel to note that this was “essentially a single source FISA.”
Read 207 tweets
#ESETresearch stumbled upon strange samples which use the packer we described in publications on the #Winnti Group. The payload in these samples is an implant attributed to Equation. It is known as PeddleCheap according to the project names seen in the Shadow Brokers leaks. 1/8
Those samples were first seen in 2017, one year before it was used in the compromised games in 2018 (welivesecurity.com/2019/03/11/gam…). They are 8b8d2eb8de66890f4c0950ccb3fff95b0f42b9e1 and b48beb5e49976294287b1d6910d7445db83e5cf2. #ESETresearch @marc_etienne_ 2/8
These particular executables do 3 things: launch the legitimate Adobe Flash installer, copy itself to %TEMP%\micrit.exe and start PeddleCheap. #ESETresearch @marc_etienne_ 3/8
Read 8 tweets
my own ebook library contain hundreds (661) of hacking books and computer science books,i love reading and reading again and again.feel free to ask me about the best hacking books
#Hacking #Pentesting #redteam #bugbountytip #Malware #CyberSecurity
The Best Hacking Books in 2020 part )1(:
-effective-cybersecurity
-Rootkits and Bootkits
-Gray Hat Hacking the Ethical Hacker's Handbook 5
-THE HACKER PLAYBOOK 3
-Black Hat Go
-Practical Binary Analysis
-Hacking Exposed Industrial Control Systems
-Windows Forensics
-Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information
-Hunting Cyber Criminals
-Guide to Computer Forensics and Investigations-Processing Digital Evidence
-Mobile Forensic Investigations: A Guide to Evidence Collection
Read 6 tweets
Stoked to share these free resources to expand your #infosec and technical skill set.

Each is a career path in its own right, the rabbit hole goes down as far as you follow.

Check these out and make 2020 count! 🎊

#30DaysOfThreads #BlackTechTwitter
#latinxintech
Begin your road into #pentesting with this staple book and free VM to practice hacking into 💻

Metasploit The Penetration Testers Guide : archive.org/details/Metasp… via @internetarchive

offensive-security.com/metasploit-unl…
A requirement for all in #dfir is being able to read and understand network traffic. It’s how our systems communicate!

Practical packet analysis: using Wireshark to solve real-world network problems : Sanders, Chris

archive.org/details/Practi…
Read 9 tweets
That was my week in #CyberSecurity that was.

#ICYMI here's a #weekend review of my #infosec output for the past week. (1/9)

Tuesday December 10

#Windows10 #Malware #warning

forbes.com/sites/daveywin…
That was my week in #CyberSecurity that was.

#ICYMI here's a #weekend review of my #infosec output for the past week. (2/9)

Tuesday December 10

#Xmas #toys #stranger #danger #threat

forbes.com/sites/daveywin…
That was my week in #CyberSecurity that was.

#ICYMI here's a #weekend review of my #infosec output for the past week. (3/9)

Tuesday December 10

#NHS #HealthcareIT #Opinion

digitalhealth.net/2019/12/differ…
Read 9 tweets
Solo nel corso di quest'ultima settimana ho dovuto ripulire 3 PC di amici e parenti infettati da #malware di vario tipo: in tutti e tre i casi l'infezione ha avuto origine da una e-mail di #phishing con un file .ZIP allegato, che a sua volta conteneva un trojan.

(thread)
Questo che si sta per chiudere è stato un anno dove il #phishing ha mietuto molte vittime illustri in Italia e in UE, chiaro segnale che sia gli enti pubblici che le aziende private non hanno ancora messo a punto strategie difensive adeguate. /2

privacy.it/2019/10/26/ran…
In cosa consistono queste strategie? Volendo riassumere, in un connubio virtuoso tra difese perimetrali (Firewall, IDS, validazione e-mail tramite SPF, etc.), procedure aziendali adeguate e soprattutto corsi di formazione per i dipendenti volti allo sviluppo di best practices. /3
Read 28 tweets
Around 2000 @GovernmentGeo websites got #hacked earlier this month, but the reports suggested it was a website defacement attack. That may not be the only case, the hacker may have attempted an image-based #malware attack. Follow the thread bit.ly/2KzRKF9
On Oct 28, a @GovernmentGeo website infrastructure gets hacked. The attack was the country's largest cyber-attack (likely) and targeting multiple sectors, from the website of the president, courts, civil society organizations, and others. bit.ly/2raMwJ0
Motive? Not clear yet. But all the websites had Saakashvili’s image with a caption - “I’LL BE BACK” superimposed over a Georgian flag. This made the attack seem a website defacement attack.
Read 10 tweets
In Republican Devin Nunes opening statement, he chose to peddle the insane conspiracy theory that Ukraine helped Hillary lose the election to later then have the ability to smear Trump after he won and pin it on Russia (Say What??) #ImpeachmentHearings #ImpeachmentDay
Rep. Devin Nunes also attacked @AlexandraChalup and (as Democratic stooges) witnesses Amb. Bill Taylor and State Dept's George Kent highly respected professionals who have served numerous presidents of BOTH parties with distinction. #ImpeachmentHearings #ImpeachmentDay
I will remind everyone that while Devin Nunes was the Chairman of the Intelligence Committee of the United States in 2017 we & others alerted him 2 the fact that one of his past campaign websites was breached and infected with Russian SEO spam #ImpeachmentHearings #ImpeachmentDay
Read 15 tweets
After #cyberattack while NPCIL officials have admitted to their administrative system being breached by malware, actual damage assessment is yet to be determined. Meanwhile #cybersecurity community is concerned whether India's #thorium secrets got stolen. greatgameindia.com/did-kudankulam…
@issuemakerslab #cybersecurity experts based out of #SouthKorea who have been monitoring suspicious activity in Indian #cyberspace, have claimed that ‘the possible reason behind the #cyberattack was to obtain information about #thorium based nuclear power. greatgameindia.com/did-kudankulam…
On the morning of October 29, 2019, @GreatGameIndia was the first to report #cyberattack at #KKNPP). #NPCIL after initially claiming it to be ‘false information’ did actually admit next day that their system was indeed breached by the #malware. greatgameindia.com/kudankulam-nuc…
Read 4 tweets
#கூடங்குளம் அணுமின் நிலையம் வடகொரியாவைச் சேர்ந்த 'லாசரசு' எனும் குழுவால் கொந்தப்பட்டுள்ளது ("ஹேக்" செய்யப்பட்டுள்ளது)

இந்த கணினி வைரசின் பெயர் டிடிராக் (#DTRACK)

இது ஏற்கனவே ATMDtrack எனும்‌ பெயரில் இந்தியத் தாமிகளில் (ATM Machines) கண்டறியப்பட்டுள்ளது. மேலும் படிக்கவும்... /1
இதை முதலில் @RungRage செப்டம்பர் 7ஆம் தேதி கண்டறிந்து, அன்றைக்கே அரசிடம் தெரிவித்துள்ளார். நாட்டின் பாதுகாப்பு கருதி பொதுவெளியில் இவ்வாறு மட்டும் பதிவிட்டார்.

ஆனால், பிற நாட்டிலிருந்து @a_tweeter_user & #SecureList தளத்தைச்‌ சேர்ந்த @Mao_Ware என்பவரும் அதை நேற்று பகிர்ந்தனர் /2
#DTRACK வைரசு #கூடங்குளம் அணுக்கரு‌ மின்நிலையக் கணினியில் இருந்து பின்வரும் தகவல்களை அதனை‌ உருவாக்கியவருக்கு அனுப்பியுள்ளது தெரியவந்துள்ளது:

> net use \\\\10.38.1.35\\C$ su.controller5kk /user:KKNPP\\administrator

இதில் #KKNPP என்பது #Koodankulam Neuclear Power Plant 😧

/3
Read 17 tweets
Die #IT-Umgebung des indischen #AKW's Kudankulam wurde nicht nur gehackt, sondern als Command and Control Server benutzt.

Hoffentlich war die #OT nicht auch öffentlich am Netz!

#KRITIS Sektor #Energie #nuclear #nuclearsafety #Resilienz #Cyber #Security

Zur Unterscheidung:

IT sind Informationstechnische Systeme (#PC #Laptop #Windows #Office, #Buchhaltung...)

OT sind Operative Systeme (#ICS #SCADA #SPS #HMI #PLC #Steuertechnik...)
Angemessener Stand der Technik #SdT wie in #KRITIS gefordert wurde offenbar im #AKW nicht eingehalten.

Strikte #Trennung zwischen #OT-Steuersystemen und #IT ist eine wesentliche #Sicherheitsmaßnahme!

Weitere #Maßnahmen und #Forderungen finder Ihr hier.

ag.kritis.info/politische-for…
Read 5 tweets
🌳Victory🌳

Impeachment Inquiry Is Legal, Judge Rules, Giving DEMs a Victory

Judge orders the DOJ to hand over secret GJ evidence from the Mueller inv’n to the HJC by 10/30.

The committee's need for disclosure of the materials "is greater than the need for continued secrecy.”
🌳Victory2🌳

THE GOP IS GETTING DESPERATE . . .

The silence is stunning.

No senator is saying:

📌Openly that Trump’s conduct is not impeachable.

📌The witnesses lack credibility.

📌It is perfectly appropriate for the president to use his powers to aid his campaign effort
🌳Victory3🌳

Cummings remembered as 'fierce champion' & as a “fierce champion of truth, justice & kindness”

“Like the prophet, our Elijah could call down fire from heaven.

But he also prayed & worked for healing.

He weathered storms & earthquakes but never lost his faith.”
Read 56 tweets
Let's go step-by-step and do some basic live process forensics for #Linux. Today's contestant is a bindshell backdoor waiting for a connection on Ubuntu. We saw something odd when we ran:

netstat -nalp

#DFIR #threathunting #forensics
netstat -nalp shows a process named "x7" PID with a listening port that we don't recognize. #DFIR Image
First thing we'll do is list out /proc/<PID> to see what is going on. Our PID is 5805:

ls -al /proc/5805

The current working directory is /tmp. The binary was in /tmp, but was deleted. A lot of exploits work out of /tmp and /dev/shm on Linux. This is a major red flag. #DFIR Image
Read 13 tweets
#BREAKING: Trump asked the President of Ukraine to investigate @Crowdstrike, a now publicly traded company $CRWD that 1st determined state-sponsored Russian hackers hacked the DNC. There is no server in Ukraine .. but that's beside the point #infosec
Here's our thread on @crowdstrike from 07-24-19 documenting the continued propaganda efforts coming from the Kremlin 2 smear & muddy the waters on something that has been fact 4 a number of yrs & confirmed in the Mueller report #infosec #osint #Hamilton68
This is a good breakdown of the Ukraine call with Zelensky and spells out numerous problematic sections #UkraineTranscript
Read 8 tweets
💣Treason💣

Trump Lawyers claim that any criminal inv’n of Trump is unconstitutional.🙄

Chief of the Major Economic Crimes Bureau is involved in the Mazars Subpoena, not Vance

WB Complaint Is Said to Involve Multiple Acts by Trump —Not just a phone call or single convo.
💣Treason2💣

The WBC goes beyond a commitment that Trump was said to have made to world leader(s), one such instance involves Ukraine.

Giuliani traveled to Ukraine to pressure that gov’t outside of formal diplo channels to effectively help the Trump reelection effort
💣Treason3💣

By investigating Hunter Biden about his time on the board of Burisma, a Ukrainian gas company.

8/28/19 Trump holds up Ukraine military aid meant to confront Russia

9/5/19: Trump tries to strong arm Ukraine to meddle in the 2020 election.
Read 61 tweets
⚠️ MALWARE VIA PEC ⚠️

Falso messaggio PEC che simula la trasmissione di una fattura elettronica proveniente da un reale indirizzo certificato @Arubait pec.it con allegato malevolo. Massima attenzione!
#malware #PEC #fatturaelettronica

Dettagli ⤵️ 1/
- Il mittente è un reale indirizzo pec.it: il messaggio arriva senza anomalie e la firma risulta valida;
- l’oggetto e il testo riprendono (quasi) esattamente quelli delle PEC del SDI;
- in allegato viene trasmesso un file .zip contenente un .pdf e un .vbs;
2/
- è presente la dicitura “mail priva di virus - avast.com” con tanto di logo caricato come contenuto remoto dal sito Avast legittimo.
Il messaggio PEC è molto simile a quello con cui vengono effettivamente trasmesse le fatture, salvo alcuni dettagli (v. foto).
3/
Read 8 tweets
THREAD: French company has created lots of fake domains pretending to be some very popular free software and is using these sites to distribute bundled adware and malware. /1 #malware #spoof #adware #opensource
Company name and information. /2
All domains lead to this ip: 185[.]46[.]229[.]39. First activity seen on March 30th. /3 #IoC #malware
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!