🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Low detection rate on "WindowsSecurity.dll" - likely crafted for side-loading through WeChat in place of "xweb_elf.dll" virustotal.com/gui/file/89990… THOR APT Scanner #apihashing #rc4 #pebwalking

Releasing a side project of mine: wsuks - automating the WSUS mitm attack🔥 github.com/NeffIsBack/wsu… TL;DR: If the Windows Server Update Service (WSUS) is configured to use HTTP instead of HTTPS, it's possible to take control of any Windows machine on your local network. 1/4🧵

Windows Hello for Business is a FIDO Alliance certified passkey implementation It is also NIST 800-63B compliant as long as you require a minimum of 8 character PIN. You may need to update your policies as it was 6 previously. Either way - use Hello for Business, please

🚨I HAVE LEAKED EVERY SINGLE PASSWORD EVER (4 to 32 chars long)! That is 347 novemdecillion passwords, the largest password leak ever! ALL of your passwords are in here, GUARANTEED! This is a client-side app, so what you search for is all local, never sent anywhere.

Run a Linux virtual machine in your browser,no server needed

A colleague and me wrote an article about EvilConwi -- signed ConnectWise remote access software being abused as malware G DATA Global #GDATATechblog gdatasoftware.com/blog/2025/06/3…

„people often ask why I pivoted from malware” … You may already have guessed that it wasn’t me who asked that question

New Octowave Loader sample > Amatera Stealer. 0 VT. Proofpoint rules detect the traffic. My Yara rule detects the installer. Adobe printer driver sideloads tbb.dll, tbb.dll loads app-2.3.dll which gets stego from blood.wav, uses zxing.presentation.dll. virustotal.com/gui/file/f5c8b…

A fresh FUD (Fully Undetectable) Java-based stealer named Scruffy Stealer has been spotted on @VirusTotal sha256: 180c9f2f6d89217cbc1c50dfe27d0d0b59ed0b568da5ffafdd1e7e2488f3f777 🛠️ Capabilities Overview 📁 File operation - file_delete - file_move - file_send 🔍 System Recon

Wow

Espionage group TA397 (Bitter) is frequently attributed to India (non-publicly), but the reasoning behind this has not been clearly documented... Until now. Read part-one of a two-part in-depth analysis of #TA397, conducted by @Proofpoint and @Threatray. brnw.ch/21wTE4U

CitrixBleed part 2 doublepulsar.com/citrixbleed-2-…

#HuntingTipOfTheDay: there are numerous open-source projects listing cyber threats. Some of these have easily ingestible indicators... how about: 🔵 lots-project.com + LOLBINs 🟠 hijacklibs.net + DLL write events 🟢 lolrmm.io + DNS requests

If you’re wondering how to assess Citrix NetScaler appliances for signs of compromise, we’ve got you covered 📄 How-to: Scan NetScaler with THOR via SSHFS 🔍 Works with THOR Lite & full version 💥 Detects dropped webshells, even generic ones nextron-systems.com/2023/07/20/how… Because

#IncidentResponse #DetectionEngineering