π™½π™΄πšƒπšπ™΄πš‚π™΄π™² (@netresec) 's Twitter Profile
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²

@netresec

Experts in Network Forensics and Network Security Monitoring. Creators of #NetworkMiner, #CapLoader, #PacketCache, #PolarProxy and #RawCap.

ID: 416995874

linkhttps://www.netresec.com/ calendar_today20-11-2011 11:40:57

3,3K Tweet

8,8K Followers

803 Following

CAPE Sandbox (@capesandbox) 's Twitter Profile Photo
CAPE Sandbox
@capesandbox

4 months ago

It's back πŸŽ‰

Greg Lesnewich (@greglesnewich) 's Twitter Profile Photo
Greg Lesnewich
@greglesnewich

4 months ago

Take π™½π™΄πšƒπšπ™΄πš‚π™΄π™² course if you are interested in learning the dark magic of analyzing PCAPs and understanding malware protocols

RussianPanda 🐼 πŸ‡ΊπŸ‡¦ (@russianpanda9xx) 's Twitter Profile Photo
RussianPanda 🐼 πŸ‡ΊπŸ‡¦
@russianpanda9xx

4 months ago

#AutorunStealer is encrypting the config with ChaCha20 and ZLIB compressionπŸ‘€ Samples: f29bed66484cb23c58302c62b93fcf7d d89ea4a110c36c13ec46e80d0c9bc2ef 2c03124489072c5e0290f6ef138f39c3 39eda0b2986f484abf3567f2f5e1866d ef0e5882c8bcad3643d51d16c2f5500c

#AutorunStealer is encrypting the config with ChaCha20 and ZLIB compressionπŸ‘€ Samples: f29bed66484cb23c58302c62b93fcf7d d89ea4a110c36c13ec46e80d0c9bc2ef 2c03124489072c5e0290f6ef138f39c3 39eda0b2986f484abf3567f2f5e1866d ef0e5882c8bcad3643d51d16c2f5500c
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² (@netresec) 's Twitter Profile Photo
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec

4 months ago

Did you know that NetworkMiner parses the #njRAT protocol? The following artefacts are extracted from njRAT C2 traffic: πŸ–₯️ Screenshots of victim computer πŸ“ Transferred files πŸ‘Ύ C2 commands and replies πŸ”‘ Stolen credentials/passwords ⌨️ Keylog data netresec.com/?b=2541a39

π™½π™΄πšƒπšπ™΄πš‚π™΄π™² (@netresec) 's Twitter Profile Photo
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec

3 months ago

Thank you CISA Cyber, NCSC UK, BSI et al. for publishing the advisory on Russian GRU Targeting Western Logistics Entities and Technology Companies. This list of mocking services is great for threat hunting! infosec.exchange/@netresec/1145…

π™½π™΄πšƒπšπ™΄πš‚π™΄π™² (@netresec) 's Twitter Profile Photo
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec

3 months ago

CapLoader 2.0 released today! πŸ”Ž Identifies over 250 protocols in #PCAP 🎨 Define protocols from example traffic πŸ‡Ά Extracts JA3, JA4 and SNI from QUIC πŸ’» 10x faster user interface netresec.com/?b=256dbbc

MalwareHunterTeam (@malwrhunterteam) 's Twitter Profile Photo
MalwareHunterTeam
@malwrhunterteam

3 months ago

"cup.msi": eb2688341917d739b2048e39c9913c0c5e0e0d82346757970883c5098a0b77f3 From: https://dnsg-microsoftds-data[.]com/sign/cup.msi configedge-assets[.]org lakes-veteran-mpg-stanford.trycloudflare[.]com comprehensive-cabin-spend-organic.trycloudflare[.]com πŸ€”

"cup.msi": eb2688341917d739b2048e39c9913c0c5e0e0d82346757970883c5098a0b77f3 From: https://dnsg-microsoftds-data[.]com/sign/cup.msi configedge-assets[.]org lakes-veteran-mpg-stanford.trycloudflare[.]com comprehensive-cabin-spend-organic.trycloudflare[.]com πŸ€”
π™½π™΄πšƒπšπ™΄πš‚π™΄π™² (@netresec) 's Twitter Profile Photo
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec

2 months ago

Video: Detecting #PureLogs C2 traffic with #CapLoader netresec.com/?b=256a8c4

π™½π™΄πšƒπšπ™΄πš‚π™΄π™² (@netresec) 's Twitter Profile Photo
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec

2 months ago

Are you using Meta Pixel to track visitors on your website? Please stop! Here’s why infosec.exchange/@netresec/1146…

Mohamed Sultan (@msult4n) 's Twitter Profile Photo
Mohamed Sultan
@msult4n

2 months ago

Just published a new blog post on how Microsoft’s β€œMouse Without Borders” can be abused for data exfiltration & lateral movement. Features KAPE Target, C# scripts, and a BOF as a poc: 0xsultan.github.io/dfir/Exfiltrat…

π™½π™΄πšƒπšπ™΄πš‚π™΄π™² (@netresec) 's Twitter Profile Photo
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec

2 months ago

There's some unknown but interesting C2 to 104.16.0.0/13 (@CloudFlare). C2 domains: πŸ”₯event-time-microsoft[.]org πŸ”₯windows-msgas[.]com πŸ”₯event-datamicrosoft[.]live πŸ”₯eventdata-microsoft[.]live Does anyone know malware malware this is? infosec.exchange/@netresec/1147…

π™½π™΄πšƒπšπ™΄πš‚π™΄π™² (@netresec) 's Twitter Profile Photo
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec

2 months ago

CapLoader 2.0.1 Released ⚠️ IP lookup alert πŸ”Ž Better protocol identification πŸ› Bug fixes netresec.com/?b=2571527

π™½π™΄πšƒπšπ™΄πš‚π™΄π™² (@netresec) 's Twitter Profile Photo
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec

2 months ago

πŸ’§ Dropper connects to legitimate website πŸ“„ Fake PDF is downloaded over HTTPS πŸ’Ύ Fake PDF is decrypted to a #PureLogs DLL βš™οΈ InstallUtil.exe or RegAsm.exe is started πŸ’‰ PureLogs DLL is injected into the running process πŸ‘Ύ PureLogs connects to C2 server netresec.com/?b=257eead

π™½π™΄πšƒπšπ™΄πš‚π™΄π™² (@netresec) 's Twitter Profile Photo
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec

2 months ago

IOCs in blog post: πŸ“‘ 91.92.120.101:62520 πŸ“‘ 91.92.120.101:65535 πŸ’Ύ 711d9cbf1b1c77de45c4f1b1a82347e6 πŸ’Ύ 6ff95e302e8374e4e1023fbec625f44b πŸ’Ύ e6d7bbc53b718217b2de1b43a9193786 πŸ’Ύ a9bc0fad0b1a1d6931321bb5286bf6b7 πŸ’Ύ 09bb5446ad9055b9a1cb449db99a7302 πŸ’Ύ 38d29f5ac47583f39a2ff5dc1c366f7d

π™½π™΄πšƒπšπ™΄πš‚π™΄π™² (@netresec) 's Twitter Profile Photo
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec

a month ago

Two more #PureLogs Stealer DLL files found on vastkupan[.]com. The original blog post has been updated.

Two more #PureLogs Stealer DLL files found on vastkupan[.]com. The original blog post has been updated.