Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Jorge Orchilles 🦄 Profile picture
Jorge Orchilles 🦄
@jorgeorchilles
CTO @scythe_io 🦄 #RedTeam #C2Matrix | #PenTest & #PurpleTeam Framework | Certified SANS Instructor & Author of #SEC564 | #CVSS #EPSS | ISSA & NSI Fellow
Apr 30, 2021 10 tweets 8 min read
🧵on stealing TeamViewer credentials

Many organizations have systems with TeamViewer actively running; some know it and manage it correctly, other have no idea it is running or where. The latter probably have multiple versions #redteam #blueteam #purpleteam #ThreatThursday 1/10 I started looking deeper into TeamViewer when @snlyngaas reported that a Florida water facility had been breached. A malicious actor used TeamViewer to login and change the levels of sodium hydroxide. The plant operator say this and no damage was done cyberscoop.com/florida-water-… 2/10
Aug 16, 2020 6 tweets 2 min read
Reading the NSA and FBI report of Russian GRU 85th GTsSS using the Linux based Drovorub Malware. What stands out to me the most (so far) is the kernel level rootkit (stealth capabilities). All the other features seem pretty simple to emulate for Linux.

media.defense.gov/2020/Aug/13/20… There are 4 modules: server, client, kernel-module, and agent. I like how they differentiate between client and agent where the agent does not include the kernel-module and is more for relaying and data staging. The server uses MySQL back-end, similar to other C2 frameworks.