#fastfinder 3.6.0 released! Memory scan capability, cross-architecture (x86/x64/arm), enhanced logging, SIEM log forwarding and tons of optimizations #DFIR #threathunting #IOC #YARA github.com/codeyourweb/fastf…

‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017. Website: copy.fail/ Write-up: xint.io/blog/copy-fail-linux… GitHub: github.com/theori-io/copy-fa… It's a logic flaw in the kernel's crypto code (authencesn via AF_ALG and splice()) that allows a small write into the page cache, which can be used to tamper with a setuid binary like /usr/bin/su. Think how bad this is going to be for shared environments like Kubernetes, CI runners, and cloud sandboxes, where it enables container escape and tenant-to-host compromise. Found by Theori's Xint Code scanner, patched in the mainline kernel, and publicly disclosed on April 29, 2026; if you can't patch right away, the recommended workaround is to disable the algif_aead module.

rzweb : A complete browser-based reverse engineering platform built on Rizin, running entirely client-side via WebAssembly : github.com/indalok/rzweb

Already five years, Time flies so quickly... At the end of 2021, I developed #fastfinder to simplify triage using #YARA. 2026 is an opportunity to reinvest time in this project with a V3 featuring tons of new features #DFIR #CERT #threathunting github.com/codeyourweb/fastf…

New blog post: Tear Down The Castle - Part 2 dfir.ch/posts/tear_down_cast… I analyzed 250 PingCastle Reports, grouping the findings along the categories I used for my 10 AD Commandments series. The number of affected domains is stated within each finding, i.e., in how many domains we found the misconfiguration or the vulnerability.

Many missed this on #BadSuccessor: it’s also a credential dumper. I wrote a simple PowerShell script that uses Rubeus to dump Kerberos keys and NTLM hashes for every principal-krbtgt, users, machines. no DCSync required, no code execution on DC.

And here's a little project to monitor network traffic and logging directly over endpoints interfaces. First proof-of-concept with local pcap and HTTP API forwarder (fully tested on #SEKOIA plaftform). github.com/codeyourweb/lpack… #soc #cybersecurity #networksecurity

Quel génie a fait ça ??? 🤣🤣🤣 #Ukraine #Russie #USA

Microsoft has released its own document parser for LLM use! . . Introducing MarkItDown, a 100% open-source, one-stop solution for effortlessly converting any file to Markdown—perfect for text analysis, indexing, and more! Here’s what makes it special: ↳ Converts PDF, Word, Excel, PPT, images, audio to markdown ↳ Extracts EXIF, OCR, and transcripts automatically ↳ Available via CLI, Python API, or Docker ↳ Offers LLM-based image descriptions ↳ Supports batch conversions Link to the repo in next tweet! _____ Find me → @akshay_pachaar ✔️ For more insights & tutorials on AI and Machine Learning.

Reviews are MOSTLY NEGATIVE - Gray Zone Warfare vid is up on yt #GZW #GrayZoneWarfare

Kudos to @DragosInc for sharing details of a recent event. The adversary compromised a new employee's personal email address and impersonated them to get access. How would you protect against that?

I remember a time when people here in Europe still had issues storing their corporate emails on US mail servers - nowadays you store the master keys to your company on their servers 🎵 … for the times they are a-changin'

Priorities

[Android] Une trentaine de "Privacy Friendly Apps" proposées par @SECUSOResearch qui : - are Open Source (GPLv3) and their source code can be viewed an Github by anybody - used minimal permissions - do not neither tracking mechanisms nor advertisement secuso.aifb.kit.edu/english/…

Unable to extract credentials via DPAPI or Mimikatz? Don't worry. Microsoft got your back. Just use 'rundll32 keymgr.dll, KRShowKeyMgr' to extract all the stored passwords on the host, be it a target server, FTP or chrome's HTTP creds, microsoft has you covered. #redteam

Possibly #Lazarus related #maldoc: "LMCO_Senior Systems Engineer_BR09.doc" virustotal.com/gui/file/8e2f… CnCs: https://monitorr.jamdown[.]co[.]nz/assets/data/css/custom.php http://13.88.245[.]250/admin/install/custom.php http://mantis.binarysemantics[.]com/extra/map/map.php

GitHub - claroty/arya: Arya is a unique tool that produces pseudo-malicious files meant to trigger YARA rules. You can think of it like a reverse YARA. github.com/claroty/arya

New: North Korea has taken a page out of China's cyber playbook to reorganize and consolidate its threat groups within the government - making them “extremely mobile now that they’ve consolidated.” Here's a first look at their new org structure 👇 mandiant.com/resources/mappi…

The 2022 Threat Detection Report is out! Join us in counting down the most prevalent threats we encountered in our customers' environments last year. We'll reveal a new threat every hour in this thread (Or just download the report & see them all now) redcanary.com/resources/guid…