Joined May 2012
- Tweets 660
- Following 391
- Followers 306
- Likes 2,081
145 Photos and videos
Pinned Tweet
21 Jun 2021
I finally did a thing and put some #YARA rules in a public GitHub repository now that some of the ransomware I looked at is no longer relevant. Hope to do more and add an eventual analysis repo one day as well. Check it out!
github.com/FirehaK/YARA
2
10
Stephan (@FirehaK@infosec.exchange) retweeted
17 Feb 2023
We've preserved (yet another) lot of eleven test cartridges for the Nintendo DS, DSi, and 3DS! Included are some never-before-seen pieces of test software, as well as new versions of previously discovered ones! Thanks to those who contributed: March42, Kc57, Haifisch, and XX_75.
5
95
685
38,007
Stephan (@FirehaK@infosec.exchange) retweeted
6 Dec 2022
Check out my latest blog post about Cova loader and Nosu stealer. These two went unnoticed... but only until now :) bitsight.com/blog/cova-and-n…
14
29
19 Nov 2022
Wish I knew why my @analogue pocket order has been "processing" at the fullment partner for more than a month now while others who have ordered at the exact same time have gotten theirs a while ago now 😔
1
3
Stephan (@FirehaK@infosec.exchange) retweeted
14 Nov 2022
Everyone: Signs in every day to watch Elon slowly running Twitter into the ground.
Elon:
6
9
88
Stephan (@FirehaK@infosec.exchange) retweeted
11 Nov 2022
Bankrupting Twitter is not an eligible run submission for the second submission period.
153
7,511
47,062
I've joined the cool kids club @Kc57@infosec.exchange
Leave your handle below 👇
#mastodonmigration #Mastodon
1
1
1
Stephan (@FirehaK@infosec.exchange) retweeted
7 Nov 2022
We are also hunting mealybugs(emotet) and other crimeware actors on Mastodon. Come say hello and give us more things to eat. infosec.exchange/@cryptolaem…
1
7
20
Stephan (@FirehaK@infosec.exchange) retweeted
6 Nov 2022
Any infosec professional will tell you the greatest threat to security is speed. The fact Elon is pressuring Twitter engineers to roll out his new verification system in 10 days, to meet his day before the election deadline—under threat of firing— is about as bad as this gets.
65
233
1,141
Stephan (@FirehaK@infosec.exchange) retweeted
5 Nov 2022
Main concern w/ the new Twitter Blue offering is the verified logo has been a marker of trust I.e., “we’ve confirmed the person is who they say they are.” Now it’s “we’re taking their $ & their word for it.” On the cusp of election where source of info is critical, a major risk.
5 Nov 2022
To think that simple payment verifying will pose any sort of meaningful barrier to sophisticated actors on the platform is just not anchored in reality. Agree w/ @ianbremmer
99
385
1,430
Stephan (@FirehaK@infosec.exchange) retweeted
5 Nov 2022
To think that simple payment verifying will pose any sort of meaningful barrier to sophisticated actors on the platform is just not anchored in reality. Agree w/ @ianbremmer
5 Nov 2022
russian govt buying a few thousand verified twitter accounts at $8/pop to promote disinfo feels like a no-brainer.
77
445
1,688
5 Nov 2022
Not if I don't subscribe it won't 😂
2
Stephan (@FirehaK@infosec.exchange) retweeted
24 Jul 2020
You can self-host a Mastodon server
4
77
276
5 Nov 2022
Thanks Pokémon Red and @_Kc57 😉
5 Nov 2022
Video games are a gateway drug to hacking, reverse engineering, and malware development
1
1
Stephan (@FirehaK@infosec.exchange) retweeted
4 Nov 2022
Reminder: We are constantly pushing new C2s/Distro URLs/Payload URL/samples to the abuse.ch ecosystem. Please see our submissions at
bazaar.abuse.ch/
feodotracker.abuse.ch/
threatfox.abuse.ch/
urlhaus.abuse.ch/
for more details and info.
1
18
64
We have been busy and improved MalwareBazaar's archive parsing 🆕⬇️
The password of PW protected archives is now guessed from the tag list provided 🔐 E.g.:
👉 bazaar.abuse.ch/sample/ddfde…
We have also implemented a feature to de-pump pumped files 📄 E.g.:
👉 bazaar.abuse.ch/sample/0819f…
ALT MalwareBazaar's password guessing for PW protected archives in action
ALT MalwareBazaar's de-pumping functionality in action, de-pumping unnecessary large files
7
32
Okay, so a few people have asked how you spot the where your Trust Thermocline is, and how to avoid hitting it. I'll give you the same answer I give senior execs:
I don't know.
But the people working on the ground level in the customer-facing sections of your company do. /1
3 Nov 2022
There's a large and obvious risk Elon will screw up and wreck twitter. But how actionable is this information in general? If the tipping point isn't obvious and there are few signs of trouble before reaching it, how can companies avoid it?
47
473
3,230
One of the things I occasionally get paid to do by companies/execs is to tell them why everything seemed to SUDDENLY go wrong, and subs/readers dropped like a stone.
So, with everything going on at Twitter rn, time for a thread about the Trust Thermocline /1
397
5,915
23,597
Stephan (@FirehaK@infosec.exchange) retweeted
3 Nov 2022
I know what I'm doing, but I also have no idea what I'm doing.
21
33
251
Stephan (@FirehaK@infosec.exchange) retweeted
2 Nov 2022
Rest in peace, Vitali. Our thoughts and prayers are with your family and friends.
Thanks for all you did for the cybersecurity community.
7
77
355