Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Silas Cutler // p1nk Profile picture
Silas Cutler // p1nk
@silascutler
Hello, I've been trying to reach you about your networks extended breach. #SleevelessEagle -- @InsideStairwell, @IST_org, @Only_Scans, #w00w00, @mal_share
Apr 16 6 tweets 2 min read
Lets take it for a test drive
🧵
Image Login page after registration. 3.6/10. Not great, not terrible. Image
Apr 1 5 tweets 3 min read
Three days later, lets catch up together on the #XZBackdoor in #XZUtils .

Current understanding (2024-04-01) is the malicious code creates a backdoor for remote code execution.
1 / 5🧵

For those looking to get straight to RE: github.com/karcherm/xz-ma…

Image The main channels for updates that I've been following are:
* (High level)
* (Technical)

Both are being regularly updated with analysis in the comments.

2 / 5🧵gist.github.com/thesamesam/223…
gist.github.com/smx-smx/a6112d…
Jan 10 5 tweets 2 min read
Here's a link to the original write-up from the Beijing Municipal Justice Bureau (SFJ):
sfj.beijing.gov.cn/sfj/sfdt/ywdt8…
Based on the SFJ's description, sender information was recovered from a recipient device. Sender details were stored in a hash form, which SFJ cracked using rainbow tables of phone numbers and email addresses. Image
Oct 6, 2023 4 tweets 1 min read
Looks like @socradar crossed a few lines when writing this report.

socradar.io/the-future-of-… I also disagree with the conclusion that it was a honeypot. Damn Vulnerable Linux, cyrpto mining, multiple command attempts for the same action. Looks more like a student learning pentesting and mining on the side.
Image
Image
May 25, 2022 14 tweets 6 min read
Righto. Lets talk about this data and how to use it. To start, I'm uploading a zip file of all samples as well to allow downloading in bulk. I'll also share out some more parts of this as we go. So, off we go...

🧵(1/14) For background, #CobaltStrike is an "adversary simulation tool" (pentesting tools vs malware sometimes are only philosophically different #FightMe). It is widely used for legitimate security testing, pre-ransomware operations and other malicious threat actors.

🧵(2/14)
Dec 7, 2019 8 tweets 4 min read
So reading @DrunkBinary's Tweets tonight reminded me of something important - attribution and taxonomy are intrinsically linked. Attribution is about linking and clustering activity - not necessarily doxing and indictments. @DrunkBinary A lot of #ThreatIntel shops have staunchly started heavily pushing the "we don't do attribution" line - when what they really mean is "We don't want to come up with another name for this activity"