Joined May 2021
- Tweets 73
- Following 138
- Followers 21
- Likes 256
1 Photos and videos
Chaplin retweeted
Unveiling Ghost-Sender: a widespread and dangerous Microsoft Exchange Online default misconfiguration exposing thousands of targets (incl.F500) to arbitrary mail spoofing.
Read on labs.infoguard.ch/posts/ghos…
Assess yourself ghost-sender.com
1
4
10
461
Chaplin retweeted
Apr 17
New blog post is live: a deep dive into the BravoX ransomware group — covering their TTPs across the attack chain, from initial access to exfiltration and impact, with a closer look at their tooling and notably their negotiation approach.
labs.infoguard.ch/posts/brav…
3
10
449
Chaplin retweeted
Apr 10
In this blog post, we share our research on the #VIPERTUNNEL Python backdoor found during a DragonForce Ransomware Incident. We'll examine infrastructure hunting, its code, and how its obfuscation has evolved (spoiler: it changed a lot).
labs.infoguard.ch/posts/slit…
1
8
25
13,207
Chaplin retweeted
22 Aug 2025
Cracking Compromised Edge Devices
Join Evgen Blohm and Marius Genheimer from SECUINFRA Falcon Team for a deep dive into forensic investigations of compromised edge devices from Cisco, Fortinet, Citrix, and Ivanti. Discover the exploits used, the motives of nation-state and cybercriminal attackers, and creative techniques for analyzing these complex appliances. Gain practical tips to investigate and secure your network equipment in this eye-opening session!
bsidesfrankfurt.org/
3
3
650
Chaplin retweeted
19 Jun 2025
BREAKING! Save the date!
Workshops at BSidesFrankfurt on Thu, August 28, 2025.
First come, first serve. Details soon - block your calendar Thu Fri!
4
10
634
Chaplin retweeted
18 Feb 2025
Exciting News! The date and location for the next BSidesFrankfurt are officially set! Mark your calendars:
Friday, August 29, 2025, at Campus Westend, Goethe University.
Stay tuned for ticket sales and further updates. In the meantime, revisit past recordings and help spread the word!
We’re also looking for sponsors - a great opportunity to support the cybersecurity community and gain valuable exposure. If you're interested, reach out to us!
Recordings (updated monthly): youtube.com/@BSidesFrankfurt
10
20
1,009
Chaplin retweeted
13 Feb 2025
🚨Malware distributed via Steam
Fancy a bit of after work gaming? Beware of infostealer malware distributed via the Steam store!
Using @steamdb we managed to visually identify a very suspicious file in the game files. Luckily, we managed to retrieve a sample for analysis, which will follow in this thread.
A game called PirateFi released on Steam last week and it contained malware. Valve have removed the game two days ago.
Users that played the game have received the following email:
1
24
88
19,771
Chaplin retweeted
8 Mar 2024
This year's #BSidesFrankfurt is bigger and better, now at University Campus Frankfurt. Join us for insightful tracks, international keynotes, and a special kids' track with hands-on hacking courses. Interested in inspiring young minds? We're seeking volunteer teachers!
6
8
1,303
Chaplin retweeted
7 Jul 2023
Great catch @StopMalvertisin #APT29🎣! We created a #Yara hunting rule to look for similar SVGs and found this sample:
test.svg
MD5: 5d327af805d36036c79cca2a027c1168
First seen: 2023-06-10
Uses a b64 encoded payload called test[.]zip, contains a legit procexp64.exe.
1/2🧵
7 Jul 2023
Interesting #APT29 document uploaded to VT yesterday.
Invitation - Santa Lucia Celebration.msg
f29083f25d876bbc245a1f977169f8c2
The email itself is from June 23 2023 and contains an .SVG attachement which drops an .ISO image called "invitation.iso"
3
15
44
10,252
Chaplin retweeted
7 Feb 2023
📰 #ESXiArgs #Ransomware is currently affecting more than 2000 #ESXi #Hypervisors around the world. In our lastest blog post we detail the analysis of the #malware artifacts, new #Yara rules to detect it and recommendations to keep your systems safe.
➡️ secuinfra.com/en/techtalk/hi…
4
11
7,644
Chaplin retweeted
13 Jan 2023
Picking up where we left off yesterday: We created two #Yara rules for the #Magniber #Ransomware delivery method. You can find them in our GitHub Repository and on @abuse_ch Yaraify ⬇️ Have a nice weekend and happy hunting 🔍
github.com/SIFalcon/Detectio…
yaraify.abuse.ch/yarahub/rul…
12 Jan 2023
#Magniber #Ransomware is continuing to spread fake Windows Update installers (.msi), but since yesterday the threat actors are also distributing .iso archives instead of .zip files. You can find our brief analysis of the msi and the lnk file below ⬇️
1/3🧵
4
10
2,408
Chaplin retweeted
4 Jan 2023
Great research! Keep this path in mind if you're having trouble finding evidence of execution:
"C:\Windows\appcompat\pca”
New Windows 11 Pro (22H2) Evidence of Execution Artifact! aboutdfir.com/new-windows-11…
1
44
137
15,687
Chaplin retweeted
5 Jul 2022
We analyzed a recent #Bitter #APT attack from their active campaign against Bangladesh featuring Microsoft Office exploitation, their #ZxxZ 2nd stage #backdoor and a previously undocumented #espionage tool we call #AlmondRAT.
You can read our report here: secuinfra.com/en/techtalk/wh…
3
53
112
Chaplin retweeted
8 Mar 2022
This is super cool!
Idea 💡
Sign up for Defender for Endpoint trial:
aka.ms/MDEtrial
Azure credits:
azure.microsoft.com/en-us/of…
Set up Streaming API to a Storage account:
docs.microsoft.com/en-us/mic…
Generate data with Atomic Red Team and similar. For 30d, expect ~1GB/device.
8 Mar 2022
Not sure if this got enough love when it was announced, but you should 100% sign up to the free Azure Data Explorer instance - aka.ms/kustofree. 100 GB of storage, load up whatever data you want (csv, json, txt) and go ham with it
1
13
39
Chaplin retweeted
17 Feb 2022
Puzzled why a yara rule did or didn't match?
Let me introduce yaradbg.dev, a web-based #yara #debugger!
With #YaraDbg, you can see the:
1⃣ evaluation steps
2⃣ matched strings
3⃣ relationship among the rules
7
223
488
If you're using @elastic agent with the @osquery manager integration, remember that you can run @yararules on demand, or schedule them, or both!
3
36
127
Chaplin retweeted
4 Feb 2022
🚨N-W0rm Analysis Part 2 is now online 🚨
#nw0rm YARA: github.com/SIFalcon/Detectio…
Article Part 1: secuinfra.com/en/techtalk/n-…
Article Part 2: secuinfra.com/en/techtalk/n-…
#DFIR #Malware #infosec #CyberSecurity #YARA #100DaysofYARA
32
57
Chaplin retweeted
1 Feb 2022
🚨N-W0rm Analysis Part 1
This article shows our analysis of a N-W0rm sample. This appears to be a relatively new sample and according to Malware Bazaar the first sample was seen on the 18th January 2022.
secuinfra.com/en/techtalk/n-…
#nw0rm #DFIR #Malware #infosec #CyberSecurity
8
12
Chaplin retweeted
28 Jan 2022
🚨Deep Dive into N-W0rm 🚨
(Article next week, stay tuned)
🚨Hashes:
3d8ff7f298f64d9150a11e61dcbfd87b
9ce8d6f136b95fab140bc8904666003a
e04e4cb7e410b885babba54cd59d5ae9
83dc22a1493e609b8b16f732e909418f
08587e04a2196aa97a0f939812229d2d
#ThreatIntel #Malware #DFIR #nW0rm
1
3
4
Chaplin retweeted
24 Jan 2022
Cobalt Strike, a Defender’s Guide – Part 2
by @TheDFIRReport - thank you for sharing!
thedfirreport.com/2022/01/24…
#DFIR #CobaltStrike
2
3