Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
ET Labs Profile picture
ET Labs
@ET_Labs
ET Labs is the research team of Emerging Threats - Bionic threat intelligence specialists from Fantasia.
𝓙𝓪𝓬𝓴2 Profile picture 1 subscribed
Jan 21, 2023 8 tweets 4 min read
Happy Friday! Powered by #FreeSigFriday today, we've had 120 (!) new #suricata #IDS rules which were added to our ET Open (rules.emergingthreatspro.com/open) ruleset this week. Lets take a look at what was shared with us this week to make this happen... Sigs to enumerate and detection payload requests from the Pyramid framework (SIDs 204307-204315) github.com/naksyn/Pyramid
Mar 12, 2022 11 tweets 6 min read
A quick thread examining the network artifacts of the HermeticWizard spreading. Found an inaccuracy? Plz let us know!
1⃣ WMI Spreading supports SMB1 and SMB2, copies HermeticWizard as a .dll file in the C:\Windows directory via the ADMIN$ share in the format of c[A-F0-9]{12}.dll A screenshot of Wireshark s...Image After it copies the file, HermeticWizard creates a remote service with the same c[A-F0-9]{12} service/display name.The exact process varies between SMB1 & SMB2. The WMI spreader uses the service command line, documented by @welivesecurity to execute the binary on the endpoint.
Dec 14, 2021 7 tweets 5 min read
If you're looking for network indicators of #log4j exploitation - this thread is for you. Every detection in this thread is freely available for use RIGHT NOW.
#snort #suricata #CVE202144228 We have tons of inbound rules that'll hit on scanners and we've tried to cover ITW obfuscation methods, but let's be real, there are more ways to obfuscate these attacks than we can cover.