whoever at the GCHQ cyberchef team added this thank you!

Fang URL

Beautiful.
One doesn't always get to see how revoking authenticode certs causes an impact, but RussianPanda 🐼 🇺🇦 has great example:
Disrupted malware service delivery.

More about cert abuse: squiblydoo.blog/2023/05/12/cer…

Want to report? github.com/Squiblydoo/cer… makes reporting easy

I didn't remember this but lolz

A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it.

The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo:

🤯 you can upload any file as an attachment in a draft comment on any public GitHub repo, delete the comment but the file download URL remains active, and the repo owner can’t do anything about it

Looking at more than one PANOS support file for CVE-2024-3400 stuff? This might be a useful starting point but very hacky.

github.com/HackingLZ/panr…

Florian Roth already has a good solution using his thor lite scanner

twitter.com/cyb3rops/statu…

Remember when we said that log4shell was a predictable vulnerability?
jetbrains.com/help/teamcity/…

MITRE says state hackers breached its network via Ivanti zero-days bleepingcomputer.com/news/security/…

TIL that TikTok's shell company developed a Rust based EDR agent ... at least that's what it looks like

... probably the last thing I'd like to find on a machine outside of China, but hey, it always depends on your risk profile, right?

We decided to share our #YARA rules to scan for indicators of the exploitation of CVE-2024-3400 in #PaloAlto 's PAN-OS with the community and included some of the generic rules (detect similar attacks)

Three Steps

1. Generate a Tech Support file and extract it

I wrote a python script to decrypt the strings in #WineLoader .
Check it out:
gist.github.com/X-Junior/31e8f…

HelloKitty Ransomware released some decryption keys and rebranded into HelloGookie with a new blog. Gookie, who is the author of this ransomware, sends his regards to LockBit due to possible competition. He also regained access to his lost account on the Exploit forum.

Repeat after me:

Patching an already compromised system won’t solve the problem

#PaloAlto

Florian Roth Looks like your spicy meme was right after all
abyssdomain.expert/@filippo/11228…

This is a long time coming. 🇷🇺APT44: Unearthing Sandworm: services.google.com/fh/files/misc/…

Shoutout to all the analysts that worked on this, past and present.

Full Rapid7 analysis of PAN-OS CVE-2024-3400 now available from Stephen Fewer and our stellar new research teammate ryan emmons! Spoiler: It's a two-vuln exploit chain. attackerkb.com/topics/SSTk336…

PLEASE RT: IMPORTANT
Folks, we are making security changes in Windows Server 2025 such as in Active Directory, File Servers, SMB to name a few. We’ve been messaging these changes, but in case you missed them, this thread is for you.

On March 25, the FBI released an indictment of APT31 hackers. We read it carefully to find new intel, and managed to connect a few dots (including about the RAWDOOR malware family).

Full article and IOCs: harfanglab.io/en/insidethela…