@AttackDetection profile picture
Attack Detection @AttackDetection

Attack Detection Team at @ptsecurity

Joined March 2016
  • Tweets 194
  • Following 19
  • Followers 1,682
8 Photos and videos
🔥 Yep, the hot one in React! We’ve added Suricata signatures for the CVSS 10.0 #React2Shell (#CVE-2025-55182) - a unauth RCE vulnerability in React Server Components 👉 Check it out at rules.ptsecurity.com/view/pt… Stay protected! #suricata #ids #cybersecurity
186
🚨Suricata Rules Update - Android Threats🚨 New Android-focused network detection rules are now live on rules.ptsecurity.com: • SpyNote • SuperCard X • Konfety • DCHSpy • RedHook • LunaSpy • ClayRAT • Brokewell • some generics #Suricata #AndroidMalware #CyberSecurity
100
🚨We have added a #Suricata signature for the recent #SharePoint RCE (#CVE-2025-53770, CVE-2025-49706) exploitation attributes to our open ruleset. It detects signs of successful machine key leakage. 🔗Check it out: rules.ptsecurity.com/view/pt… #cybersecurity #ids
171
🚨We have added #suricata signature for the recent #Fortiweb (CVE-2025-25257) vulnerability in our open ruleset. Check it out: 👉rules.ptsecurity.com/view/pt… #cybersecurity #ids #fortinet

1
1
253
@grok is that great?
1
159
🚨We have added new #suricata signatures for the recent #CitrixBleed2 (CVE-2025-5777) vulnerability in our open ruleset. Not only for an attempt, but for detection of a successful exploitation as well Check it out: 👉rules.ptsecurity.com/view/pt… #cybersecurity #ids #citrix
142
🚨 Malware Suricata Rules Update Available on rules.ptsecurity.com! 🚨 🛑 Remcos, XWorm RAT 🛑 Stealc v2 Stealer 🛑 Filsh Backdoor 🛑 Andromeda Botnet 🛑 PhantomEnigma Banker (see TI Report global.ptsecurity.com/analyt…) #Suricata
137
🚨 We've added a new signature to our Suricata ruleset for the critical vulnerability CVE-2025-49113 in Roundcube, previously reproduced by @ptswarm. This RCE vulnerability potentially exposes millions of hosts worldwide. Update your rules now: rules.ptsecurity.com #Suricata
117
🐍 Suricata rules update ! We’ve added detections for newly disclosed RCE vulns: - Apache Tomcat (CVE-2025-24813) - Ingress NGINX (CVE-2025-1974) 🆕 Detects for tunnel services (tunnelto, Telebit, Pinggy), Rclone and AdaptixC2 activity. See full list → rules.ptsecurity.com
187
We're dropping a massive malware signature update 🎭 Highlights: RustyNet loader, WorldWind stealer, Slam RAT, nasty XWorm, SpyNote, Hydra, Zanubis ...and plenty more! 🔗 rules.ptsecurity.com
2
307
Guess who's back? 🎉 Our Suricata ruleset has found a new home at rules.ptsecurity.com! Enable source ptrules/open in Suricata-Update to stay ahead of threats.

1
3
7
1,273
Spring Core RCE 0day aka Spring4Shell came out recently. Detect exploitation attempts with our #suricata rule: github.com/ptresearch/Attack…

1
3
2
One can get #Zabbix panel admin rights in one request with CVE-2022-23131. But you can detect it easily with our #suricata rule. We worked on possible rule bypasses and false positive rate github.com/ptresearch/Attack…
2
Breaking news, the internet is under fire again! Releasing #suricata detection rule for log4j aka Log4Shell and CVE-2021-44228 as soon as possible. We will update the rule along with the new exploits and bypasses found. github.com/ptresearch/Attack…

2
2
8
Rule updates: our #suricata rules detect all known Log4Shell CVE-2021-44228 bypasses for now. Also added a rule to detect a successful log4j exploitation!
3
3
Good: Use our #suricata rules to detect malicious attempts of the new CVE-2021-41773 #Apache HTTP Server dir traversal. Better: Patch your apache The best: Do both! github.com/ptresearch/Attack…

PT SWARM@ptswarm
5 Oct 2021
🔥 We have reproduced the fresh CVE-2021-41773 Path Traversal vulnerability in Apache 2.4.49. If files outside of the document root are not protected by "require all denied" these requests can succeed. Patch ASAP! httpd.apache.org/security/vu…
1
3
5
How to get a system shell on any windows version? Use #SystemNightmare exploit. How to detect SystemNightmare usage in a network? Use our rules! Oh, here they are: github.com/ptresearch/Attack…
3
2
We released rules for #suricata in order to detect exploitation of a new vuln #PetitPotam. Also detection of a successful attempt inside: github.com/ptresearch/Attack…

topotam@topotam77
18 Jul 2021
Hi all, MS-RPRN to coerce machine authentication is great but the service is often disabled nowadays by admins on most orgz. Here is one another way we use to elicit machine account auth via MS-EFSRPC. Enjoy!! :) github.com/topotam/PetitPota…
1
8
13
Use our #suricata rules to detect both #PrintNightmare (CVE-2021-1675) exploits. Adding printer driver across the network is rare but still possible case, so there might be a few of false alerts. Tell us if you get some. github.com/ptresearch/Attack…

1
5
14
xfreerdp software in your network? It might be some malicious activity! Detect it with our #suricata rule, works for security level rdp only. Good for some other open source clients as well. github.com/ptresearch/Attack…
1
Load more