Florian Roth
@cyb3rops
Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇
ID:1538299243
https://linktr.ee/cyb3rops 22-06-2013 08:46:16
32,3K Tweets
179,9K Followers
2,3K Following
Beautiful.
One doesn't always get to see how revoking authenticode certs causes an impact, but RussianPanda 🐼 🇺🇦 has great example:
Disrupted malware service delivery.
More about cert abuse: squiblydoo.blog/2023/05/12/cer…
Want to report? github.com/Squiblydoo/cer… makes reporting easy
Looking at more than one PANOS support file for CVE-2024-3400 stuff? This might be a useful starting point but very hacky.
github.com/HackingLZ/panr…
Florian Roth already has a good solution using his thor lite scanner
twitter.com/cyb3rops/statu…
I wrote a python script to decrypt the strings in #WineLoader .
Check it out:
gist.github.com/X-Junior/31e8f…
Florian Roth Looks like your spicy meme was right after all
abyssdomain.expert/@filippo/11228…
Full Rapid7 analysis of PAN-OS CVE-2024-3400 now available from Stephen Fewer and our stellar new research teammate ryan emmons! Spoiler: It's a two-vuln exploit chain. attackerkb.com/topics/SSTk336…