Share this page!

_Veronica_ Profile picture
Twitter logo
Nov 2 8 tweets 4 min read
Now starting @juanandres_gs at @ekoparty on cyber espionage in #latam. Studying espionage is very interesting: involves knowing the context, the culture, the economic factors. But, how much there really is? #ekoparty
We know hundreds of groups. Not all state-sponsored. The reality is that is not much on how much we know, but how much are we actually looking for. In Latin America we are not looking hard enough. We cannot longer say nothing is happening in #latam. #ekoparty
We are no looking hard enough in many regions. And there’s activity originating in some regions that are being ignored.
The money spent in one threat intelligence subscription in a first world country can create and fund a SOC in our #latam countries easily. There’s so much disparity and needs in every region, which sadly are not contemplated in some industries.
There’s a certain industry limitation. Like number of people doing threat intelligence, the attention of these people and teams, the motivation behind. If everyone was looking at the situation in Ukraine, who was tracking what North Korea, China and other countries were doing?
Crazy but true: no one is coming to rescue us (#latam).
Shoutout to @R3Dmx investigating the activities of #NSO and Pegasus in such a hostile environment and playing as locals.
We think countries in #latam do not have good economies; however they had purchasing power and resources to buy tools from hacking team, NSO and others. #ekoparty #EKO2022

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with _Veronica_

_Veronica_ Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @verovaleros

_Veronica_ Profile picture
Nov 3
Now at @ekoparty, researcher @Netxing presenting on the misuse of apple airtags with project Amini. #EKO2022 #privacy #vigilancia Image
Apple airtags are small, low cost, and have three different technologies that allow for very precise location tracking. #EKO2022 Image
Unfortunately #airtags are used for tracking people without their consent; mostly to track women. They can fit in many places, specially fitting well under vehicles. ImageImage
Read 9 tweets
_Veronica_ Profile picture
Oct 9, 2020
Friday night, playing again with #honeypots <3 Image
The installation was very smooth, and the end result is neat. Don't try to run this with 4GB of memory, because is not gonna work. T-Pot requires at least 8GB (note to self: rtfm). Image
The number of attacks received always impresses me. Less than 45 minutes minutes after installation and the numbers are staggering.
👉🏿5,030 Dionaea attacks
👉🏿1,375 Cowrie attacks
Read 24 tweets
_Veronica_ Profile picture
Jun 3, 2020
How does the traffic of Flexnet looks like? The sample shared below is available on @apklabio along with a nice pcap capture 👉🏿 apklab.io/apk.html?hash=…
From Wireshark Protocol Hierarchy Statistics we can see that most of the traffic is TCP on IPv4. Few UDP. A nice amount of packets.
Next step for me is always look at the conversations. I want to get a feeling of how many things do we need to check and verify. In this case there are only 12 IPs to check (1 IP is local). Easy to discard a few things here knowing this is an Android phone.
Read 20 tweets
_Veronica_ Profile picture
Oct 2, 2019
Now on the Green Room at #VB2019, @eldracote @anshirokova will present "Geost botnet. The discovery story of a new Android banking trojan from an OpSec error", a work also done with @MaryJo_E !
The Geost botnet was found by investigating the traffic of a different botnet: #htbot also known as proxyback. This htbot botnet offers a proxy service for users in the underground.
The Geost operators were using htbot to access the command and control servers from Geost (thinking they were hiding themselves).
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(