Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Silas Cutler // p1nk Profile picture
@silascutler
Jan 10 5 tweets 2 min read Read on X
Here's a link to the original write-up from the Beijing Municipal Justice Bureau (SFJ):
sfj.beijing.gov.cn/sfj/sfdt/ywdt8…
Based on the SFJ's description, sender information was recovered from a recipient device. Sender details were stored in a hash form, which SFJ cracked using rainbow tables of phone numbers and email addresses. Image
Cracking using scoped rainbow tables certainly will reduce the time it takes to crack each set, but I'd be very curious to know how long it takes to crack each. Time and pressure (and 10000 servers) can achieve almost anything.
Something I'm curious about is why is @Apple storing details like phone number and email, instead of a device id or something less identifiable.
It looks like recovering phone numbers is already well documented and a python tool is available for brute forcing the phone number.


gforce4n6.blogspot.com/2022/03/airdro…
github.com/043a7e/airdrop…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Silas Cutler // p1nk

Silas Cutler // p1nk Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @silascutler

Silas Cutler // p1nk Profile picture
Oct 6, 2023
Looks like @socradar crossed a few lines when writing this report.

socradar.io/the-future-of-…
I also disagree with the conclusion that it was a honeypot. Damn Vulnerable Linux, cyrpto mining, multiple command attempts for the same action. Looks more like a student learning pentesting and mining on the side.
Image
Image
@socradar from your analysis, did you see instances of Supershell being deployed without authorization? (And if so, why was it not included in the write-up?)
Read 4 tweets
Silas Cutler // p1nk Profile picture
May 25, 2022
Righto. Lets talk about this data and how to use it. To start, I'm uploading a zip file of all samples as well to allow downloading in bulk. I'll also share out some more parts of this as we go. So, off we go...

🧵(1/14)
For background, #CobaltStrike is an "adversary simulation tool" (pentesting tools vs malware sometimes are only philosophically different #FightMe). It is widely used for legitimate security testing, pre-ransomware operations and other malicious threat actors.

🧵(2/14)
The files provide are called Beacon. It's the malware deployed and controlled by CobaltStrike. While the two names are commonly misused interchangeably (even by myself). @Mandiant did a solid write-up on names. mandiant.com/resources/defi…

🧵(3/14)
Read 14 tweets
Silas Cutler // p1nk Profile picture
Dec 7, 2019
So reading @DrunkBinary's Tweets tonight reminded me of something important - attribution and taxonomy are intrinsically linked. Attribution is about linking and clustering activity - not necessarily doxing and indictments.
@DrunkBinary A lot of #ThreatIntel shops have staunchly started heavily pushing the "we don't do attribution" line - when what they really mean is "We don't want to come up with another name for this activity"
@DrunkBinary In some cases - some shops have taken this line as an excuse to treat every bloody incident / case as completely unique - which makes the job of incident response teams brutal
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(