Discover and read the best of Twitter Threads about #ThreatIntelligence
Most recents (10)
10 ways to use awk for hackers! π π§΅π 
1οΈβ£ Extracting Specific Columns from a CSV File
Quickly extract email addresses and phone numbers from a huge contact list.
#DataExtraction #EthicalHacking
Quickly extract email addresses and phone numbers from a huge contact list.
#DataExtraction #EthicalHacking
2οΈβ£ Filtering Lines Based on a Pattern
Filter out sensitive information like passwords from log files.
#LogAnalysis #Security
Filter out sensitive information like passwords from log files.
#LogAnalysis #Security
π’I recently investigated a campaign targeting the cryptocurrency industry. I wrote a detailed report that includes TTP, IOC and more. Here is a thread about this attack! π§΅π
@MsftSecIntel @MicrosoftAU #infosec #cryptocurrency #threatintelligence #apt
microsoft.com/en-us/securityβ¦
@MsftSecIntel @MicrosoftAU #infosec #cryptocurrency #threatintelligence #apt
microsoft.com/en-us/securityβ¦
The attack started on Telegram to identify the targets, then they deployed a weaponized Excel document which finally delivered the final backdoor through multiple mechanisms. β β οΈ #infosec #malware #backdoor
π§To identify the targets, the threat actor sought out members of cryptocurrency investment groups on Telegram.
πThey created fake profiles using details from employees of the company OKX. #infosec #Cryptocurency
πThey created fake profiles using details from employees of the company OKX. #infosec #Cryptocurency
Hey there, today we have something special for you.
Here's a list of SPY/INTELLIGENCE agencies across the world. π΅οΈββοΈπ΅ππ
#ThreatHunting #threatintelligence #ThreatIntel #military #OSINT
1. RAW (Research & Analysis Wing), India
Formed: 21 September 1968
Here's a list of SPY/INTELLIGENCE agencies across the world. π΅οΈββοΈπ΅ππ
#ThreatHunting #threatintelligence #ThreatIntel #military #OSINT
1. RAW (Research & Analysis Wing), India
Formed: 21 September 1968
2. CIA (Central Intelligence Agency), USA
Formed: September 18, 1947
#ThreatHunting #threatintelligence #ThreatIntel #military #OSINT
Formed: September 18, 1947
#ThreatHunting #threatintelligence #ThreatIntel #military #OSINT
3. Mossad, Israel
Formed: 13 December 1949 (as the Central Institute for Coordination)
#ThreatHunting #threatintelligence #ThreatIntel #military #OSINT
Formed: 13 December 1949 (as the Central Institute for Coordination)
#ThreatHunting #threatintelligence #ThreatIntel #military #OSINT
Hey #OSINT, you might have heard about @spiderfoot, let's try to learn what it does the best. #ThreatHunting #threatintelligence #recon #infosec
A threadπ
A threadπ
SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more.
#ThreatHunting #threatintelligence #recon #infosec #OSINT
#ThreatHunting #threatintelligence #recon #infosec #OSINT
You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the entities and how they relate to each other.
#ThreatHunting #threatintelligence #recon #infosec #OSINT
#ThreatHunting #threatintelligence #recon #infosec #OSINT
A list of top 10 popular malware reports that every Malware Analyst should check out
Take a look at these excellent Malware analysis reports
#malware #ThreatHunting #threatintelligence #fireye #virus #Talos @TalosSecurity #linux #hacking #networks #rootkits
ππ
Take a look at these excellent Malware analysis reports
#malware #ThreatHunting #threatintelligence #fireye #virus #Talos @TalosSecurity #linux #hacking #networks #rootkits
ππ
1β£ CheckPoint - SpeakUp: A New Undetected Backdoor Linux Trojan
π
research.checkpoint.com/2019/speakup-aβ¦
π
research.checkpoint.com/2019/speakup-aβ¦
Save this list of resources for your future #OSINT Investigations!
intelx.io: Search engine for data breaches
netlas.io: Search & monitor devices connected to the internet
urlscan.io: Scan a website incoming and outgoing links and assets
intelx.io: Search engine for data breaches
netlas.io: Search & monitor devices connected to the internet
urlscan.io: Scan a website incoming and outgoing links and assets
prowl.lupovis.io: Free IP search & identifications of IoC and IoA
fullhunt.io: Identify an attack surface
zoomeye.org: Cyberspace search engine, users can search for network devices
leakix.net: Identify public data leaks
fullhunt.io: Identify an attack surface
zoomeye.org: Cyberspace search engine, users can search for network devices
leakix.net: Identify public data leaks
greynoise.io: Search for devices connected to the internet
search.censys.io: Get information about devices connected to the internet
hunter.io: Search for email addresses
search.censys.io: Get information about devices connected to the internet
hunter.io: Search for email addresses
Facebookβs @ngleicher was right about linking #APT32 to CyberOne and here is why:
As per Group-IB #ThreatIntelligence & #Attribution the domain cbo[.]group had an IP 45[.]61[.]136[.]214 in the A-record. On this IP address, we detected a unique SSH 4b390f0b7125c0d01fe938eb57d24051
As per Group-IB #ThreatIntelligence & #Attribution the domain cbo[.]group had an IP 45[.]61[.]136[.]214 in the A-record. On this IP address, we detected a unique SSH 4b390f0b7125c0d01fe938eb57d24051
According to Group-IB Graph Network Analysis, this fingerprint was also seen on 30 other hosts including on 45[.]61[.]136[.]166 and 45[.]61[.]136[.]65. Both were used to deploy a uniquely configured #CobaltStrike framework, used exclusively by #APT32 aka #OceanLotus
All the listed IPs belong to the autonomous network - AS53667 within the range of 45.61[.]128[.]0 to 45[.]61[.]191[.]255. We've also seen #APT32 hosting #CobaltStrike on the 45[.]61[.]139[.]211, which was indicated in the A-record of feeder[.]blogdns[.]com
Looking for the ultimate list of #CyberSecurity books you should read in 2021?!
Hold on a secon, cause here we go!
Please fav your top entries and comment your own picks bellow. And please please retweet to make this list a huge one. #InfoSec
Hold on a secon, cause here we go!
Please fav your top entries and comment your own picks bellow. And please please retweet to make this list a huge one. #InfoSec
Social Engineering: The Science of Human Hacking, 2nd Edition by the @humanhacker Christopher Hadnagy #socialengineering
amazon.com/-/dp/111943338β¦
amazon.com/-/dp/111943338β¦
Threat Modeling: Designing for Security (Englisch) Taschenbuch by
@adamshostack
#cybersecurity #threatmodelling #stride
amazon.com/-/dp/111880999β¦
@adamshostack
#cybersecurity #threatmodelling #stride
amazon.com/-/dp/111880999β¦
A thread on bad analysis. When #ThreatIntel analysts want to show off their Foreign Policy and Economist subscription status after reading the Russian foreign policy Wikipedia page /n #threatintelligence #cybersecurity #infosec
Most analysts who are "doing attribution" aren't doing good cyber threat intelligence, they're doing poor foreign policy analysis
They neither have neither the data nor the expertise to make even a moderately confident statement on attribution
Threat Hunting In #CyberSecurity : Waiting for an alert can be too dangerous.
Threat hunting means to proactively search for malware or attackers that are hiding in your network β and may have been there for some time.
Most time, the goals of these malware or attackers can be to quietly siphoning off data, patiently listening in for confidential information, or working their way through the network looking for credentials powerful enough to steal key information.
