Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Tyler Hudak Profile picture
Tyler Hudak
@SecShoggoth
Reverse Engineering, IR, InfoSec. Also huge RPG guy. Elder of the Internet. IR Lead @TrustedSec.Tweets and opinions are my own and not the views of my employer.
Oct 7, 2022 6 tweets 1 min read
I'm at a security conference and sat in on an interesting talk. Not interesting as it was good, more interesting as in I can't believe what I was seeing. Let me explain. (1/6) Towards the end of the talk the presenter started talking about their security infrastructure at their company and how it was deployed. No issues there, until... (2/6)
Sep 20, 2022 10 tweets 3 min read
Kudos to the @TrustedSec IR team effort for completing @OSINTDojo's OSINT challenge this week.

The image is a South Korean Internet cafe. There were 0 people in seats on 8/1, but that was not the last screenshot. On 8/10 there were 4 people. How did we find it? (1/X) We initially recognized it as a screen capture from a cam. The most logical place for that was shodan. But there are a lot of images on shodan. (side note, there are some creepy things people have cameras on...) (2/X)
Apr 4, 2022 8 tweets 4 min read
Quick 5 minute on quickly analyzing Linux exes...even if you don't know how to do malware analysis. Hopefully this is helpful to someone.

Got a log4j hit on a Tomcat honeypot I set up. Used cyberchef and it decodes to download malware (1/8)

#dfir After dl'ing it on an analysis system (a mac), my first step is to run file to see what we are dealing with. I always run file - it saves steps and gives valuable info.

A Linux ELF executable, so can't just cat it out to see its contents. (2/8)
Mar 23, 2022 9 tweets 2 min read
Everyone has their hot take on Okta and what is going on. I usually don't comment on these things, but why not.

Here is my take on it based on similar IRs I have worked. THIS IS ALL CONJECTURE AND I HAVE NO INTERNAL KNOWLEDGE! Here's a secret most orgs don't want you to know.

Customer support is outsourced ALOT.

These third parties accounts are social engineered/compromised ALL THE TIME.
Oct 8, 2021 9 tweets 2 min read
Set up a honeypot last night that was vulnerable to CVE-2021-41773 #Apache code execution. Just got compromised. This is what happened.

IOCs in last tweet. Attacker ran the following code through the CVE:
May 4, 2021 11 tweets 2 min read
I've worked a lot of #ransomware incidents and I've found that most companies don't realize what the true cost of a ransomware incident is.

But isn't it just paying the ransom or restoring and you're done? Nope. Here are the (potential) costs (based on my experience): (1/X) Cost 1. Insurance

Wait, won't insurance help me recover money? Yep. But there's a little thing called a deductible. So, while this isn't a direct cost, it's still gonna cost you money. (2/X)