🤩A fantastic opportunity to be the first list of speakers with innovative research for Nullcon's 1st ever Berlin edition 🙌 Forms for each categories of your Talk, Workshop, CTF, Open source 👊Submit your research➡️bit.ly/3CDsg1T #NullconBerlin2022 #CFP

🚨⚠️New #0-day vulnerability tracked under "Log4Shell" and CVE-2021-44228 discovered in Apache Log4j 🌶️‼️ We are observing attacks in our honeypot infrastructure coming from the TOR network. Find Mitigation instructions here: lunasec.io/docs/blog/log4…

Log4j2 RCE Passive Scanner plugin for BurpSuite github.com/whwlsfb/Log4j2…

Funy for Log4j2 RCE It has hacked everything

🍎👾 Just published my annual "Mac Malware of the Year" report, for 2021: objective-see.com/blog/blog_0x6B… An in-depth technical analysis of the year's new Mac malware, covering each: 💉 Infection vector 💾 Persistence mechanism 🛰 Payload and capabilities + samples for download! 🦠

On behalf of Team NULLCON we would like to wish our Con-troller Nesooh #Pwn a very happy birthday. Wish you a wonderful year ahead!

Who remembers jumpers on IDE drives and primary vs secondary and those Cthulhu awful ribbon cables. Never again

ℹ️ Our latest blog covers #Lazarus Group in their most recent campaign. 🚨 New techniques 🚨 ➡️ KernelCallbackTable to hijack control flow and shellcode execution ➡️ Windows Update client for malicious code execution ➡️ GitHub for C2 communication blog.malwarebytes.com/threat-intelli…

⚡Next-Gen security professionals 🙌 Nullcon in collaboration with Intigriti has come up with a Student Scholarship Opportunity 😎Fill up the form & increase your chances to get selected➡️bit.ly/nullconintigri… #NullconBerlin2022 #Infosec #bugbounty #intigriti

We have downloaded and archived everything shared by conti leaks thus far. - Chat logs 2020 - 2022 - Internal software source code - Jabber chat logs 2021 - 2022 - Pony leak - Rocket Chat logs - Screenshots, December 2021 - Trickbot forum Download: share.vx-underground.org

github.com/b1n4r1b01/desc…

PostDump. tool to perform a memory dump (lsass) using several technics to bypass EDR hooking and lsass protection github.com/post-cyberlabs…

Very intriguing report from Pangu Lab about advanced, allegedly NSA's, top-tier backdoor - Bvp47. Features are indeed impressive. The last screenshot is very telling. source: pangulab.cn/files/The_Bvp4… #ShadowBrokers #EquationGroup

Just updated DPRK's APT groups too, mainly based on the latest Mandiant publication. Changes: Added the 6 Bureaus and assigned Mandiant/FireEye's APT groups as they attributed them in their post. xorl.wordpress.com/2021/04/24/nor…

💥We have a 'Secret' & only Stok✌️ STÖK ✌️ knows about it!😎 😉Can you guess? 💬Drop in the comments section 👊Meet us on Stok's 'Bounty Thursdays' Live on 31st March Stay Tuned▶️youtube.com/c/STOKfredrik #Nullcon #bountythursdays #infosec #Conference #Cybersecurity

Russian #APTs are still abusing Cisco SMIs and modifying router configurations to export info out via FTP. Make sure you’re monitoring for untrusted connections to management protocols on network devices… or get rid of SMI…

You can investigate the #Follina incident as a SOC analyst for free. We prepared a SIEM alert about CVE-2022-30190 in the SOC environment Investigation: letsdefend.io

bd-jb: Blu-ray Disc Java Sandbox Escape affecting PS3, PS4, PS5. My talk at hardwear.io will be uploaded in a few weeks. #hardwear_io hackerone.com/reports/1379975

We just pitched a movie idea to Warner Brothers Pictures. It's a cutting edge movie about a Malware Developer - a psychological thriller. The movie is 180 minutes of nothing but a chronically depressed man trying to get his code to compile.

#Malware Analysis and #Reverse #Engineering Workflow Guide. 👩‍🏫 ✅ Establishing a Methodology ✅ Detection ✅ Process Graph ✅ Tips and Tricks ✅ Malicious Intent ✅ Triage ✅ Types of Analysis ✅ Additional Resources I hope you all enjoy! 😘 c3rb3ru5d3d53c.github.io/documents/malw…