This is legit. Might be the easiest DFIR automation workflow tool I've seen yet. Took ~2 minutes to setup with docker compose, and only seconds to generate some Hayabusa outputs. I feel like I am only scratching the surface of what's possible, can't wait to dig in deeper🔥

Getting a Havoc agent past Windows Defender (2024) medium.com/@luisgerardomo…

Thank heavens for community notes

The cycle of the malware researcher: > randomly appears on social media > showcases their research > publishes a few high quality articles > gets offered job > disappears > no more public research We've seen this probably 50 times now, no exaggeration.

This Weaponized Autism is going in the X Hall of Fame

C# program finds Windows Defender folder exclusions using Windows Defender through its command-line tool (MpCmdRun.exe) github.com/Friends-Securi…

What people often overlook in #DetectionEngineering is that there’s no "one-size-fits-all" rule to detect a threat. It depends on your goals. How specific should the rule be? Are you tracking a threat actor, detecting the tool/malware, or focusing on the technique? Should it be

Today, the famous hacker known as USDoD was arrested by the Brazilian police. The FBI had a way to find his identity and home address since at least June 2022. I will show you how. It's OSINT time! ⬇️

A very powerful exploit has been publicly disclosed today pertaining 'BattlEye', following the Call of Duty: Warzone issue. The popular Anti-Cheat solution BattlEye was found to have a severe exploit where you are able to ban any player from any game that uses BattlEye.

„installing Wazuh agents on victims‘ devices“ … I love it 🖤 because the question is: why use a C2 and risk detection when legitimate tools offer 90% of the functionality and usually fly under the radar of AVs/EDRs?

Our talk from DEF CON is now available! In the presented research, we document every EDR bypass technique used in the wild along with how to detect it using new memory forensics techniques and volatility plugins. Feedback appreciated! youtube.com/watch?v=PmqvBe… #DFIR

Data breach at The Club Penguin Experience. Let me take a moment to point out what an awesome job these folks have done with their disclosure: 1. They sent this out the same week as the breach occurred 2. They say exactly what happened and what was exposed 3. They say “hash” and

🔥💀After 40 hours of constant reversing of weird looking c++ and no sleep, I Finally cooked the CVE-2024-47575 fortimanager unauthenticated RCE 🩸

🚨🚨🚨Cyberattack Alert ‼️ 🇪🇺European External Action Service (EEAS) Hunters International ransomware group claims to have breached the European External Action Service (EEAS), the diplomatic service in charge of executing all international relations of the European Union.

For all #KQL fans, I had this list of community repos lying around, the list now consists of 33 repos for you to investigate. Happy hunting! 🏹 Feel free to send a PR if you miss repos! :) github.com/Bert-JanP/Hunt…

Did you know that 7z can browse .VHD and .VMDK files? You can open them right up, and even directly browse ntfs filesystems. On a pentest and find a bunch of disk images? Copy the SAM/SECURITY/SYSTEM hives directly from the images, no mounting, copying, or fussing around.

"Windows inside a Docker container."

🚨🚨 Massive MOVEit Vulnerability Breach: 🚨🚨 Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies infostealers.com/article/massiv…

All the workshop recordings and slides from #r2con2024 are now edited and published. If you didn't had a chance to attend now it's a good time to catch up starting right from the very first day! 👉 radare.org/con/2024/