Malware Hunter / I've already taken the red pill!
Joined November 2010
- Tweets 22,881
- Following 917
- Followers 15,788
- Likes 0
422 Photos and videos
PhysicalDrive0 retweeted
15 Apr 2019
We found one more #zeroday exploit that was used in APT.
securelist.com/new-win32k-ze…
3
189
365
Now, Sibyl can be called from @GHIDRA_RE (github.com/cea-sec/Sibyl/pul…) or use it headless for function address discovering (github.com/cea-sec/Sibyl/pul…) :)
4
58
118
PhysicalDrive0 retweeted
6 Apr 2019
Circumventing Windows Defender ATP's user-mode APC Injection sensor from Kernel-mode : rce4fun.blogspot.com/2019/04…
1
92
208
26 Mar 2019
Operation #ShadowHammer Sample MD5 aa15eb28292321b586c27d8401703494
cape.contextis.com/analysis/… #Asus #Susafone
5
10
24 Mar 2019
WINRAR EXPLOIT BUILDER
Select your malware file and upload it and your malicious RAR-file will be created
hxxp://lofi.stream cve-2018-20250
1
45
84
22 Mar 2019
CVE-2019-5786 Chrome 72.0.3626.119 stable FileReader UaF exploit for Windows 7 x86
github.com/exodusintel/CVE-2…
2
7
PhysicalDrive0 retweeted
14 Mar 2019
Microsoft fixed a Windows 0day (CVE-2019-0808) in Patch Tuesday. Our team constructed the POC and reproduced the vulnerability triggering process. Click here to read more: blogs.360.cn/post/RootCause_…
180
286
PhysicalDrive0 retweeted
13 Mar 2019
One more #zeroday exploit was used in APT attack.
securelist.com/cve-2019-0797…
1
120
209
PhysicalDrive0 retweeted
6 Mar 2019
Google discovered a Chrome RCE #0day in the wild (CVE-2019-5786). Reportedly, a full chain with a sandbox escape: chromereleases.googleblog.co…
In 2019, I expect epic 0days to be found in the wild: Android, iOS, Windows, Office, virtualization, and more. Stay safe and enjoy the show.
5
134
205
24 Feb 2019
19 Feb 2019
Meet #ATMPot - the ATM malware designed to automate the dispensing of cash from a popular range of ATM machines.
The designers even went to the trouble of making the interface look like that of a slot-machine.
Learn more: kas.pr/t4w6
2
12
13
8 Feb 2019
#KerrDown Sample SHA256 e56ffcf5df2afd6b151c24ddfe7cd450f9208f59b5731991b926af0dce24285a cape.contextis.com/analysis/…
#APT32 #OceanLotus
1
5
11
PhysicalDrive0 retweeted
9 Feb 2019
2019-02-08: #ExileRAT Group:
"CVE-2017-8759" altered toolkit "get_robin.py" server thread w/ local logging
{ SHELLCODE1 = 'sc.dat' as JScript | LOG_FILE = 'robins.log' }
h/t @PhysicalDrive0
Original Research 👍 ->
x.com/TalosSecurity/status/1…
4 Feb 2019
We recently observed a malware campaign delivering malicious PowerPoints using a mailing list run by the Central Tibetan Administration. Given the nature of this malware, it's likely designed for espionage purposes. #ExileRAT #LuckyCat cs.co/6016ERz94
1
22
42
PhysicalDrive0 retweeted
1 Feb 2019
CVE-2018-16858 - My writeup about a RCE vulnerability via macro execution in Libreoffice: insert-script.blogspot.com/2…
6
141
264
24 Jan 2019
#Zebrocy MD5 c9e1b0628ac62e5cb01bf1fa30ac8317 cape.contextis.com/analysis/…
24 Jan 2019
details and indicators of Zebrocy's overlap with BlackEnergy/GreyEnergy securelist.com/greyenergys-o…
2
6
PhysicalDrive0 retweeted
22 Jan 2019
Version 1.1 of BinCAT, our static binary code analyzer for reversers, was just released, with long awaited AMD64 support and huge performance improvements. Get it there: github.com/airbus-seclab/bin…
1
145
266
PhysicalDrive0 retweeted
19 Jan 2019
#CVE-2018-8453 deep analysis, from Use After Free to arbitrary memory read/write by 360 Threat Intelligence Center, a follow up of vulnerability being used by #FruityArmor group targeting the Middle East.
ti.360.net/blog/articles/cve…
the video:video.twimg.com/tweet_video/…
1
79
150