Tweets are my own. Un jour j'irai vivre en théorie, parce qu'en théorie, tout se passe bien.
Joined January 2012
- Tweets 4,163
- Following 938
- Followers 463
- Likes 10,010
79 Photos and videos
💬 « Le CSIRT-PJ a été créé au sein de l'OFAC dans le but d'apporter un appui technique aux enquêtes et renforcer les synergies avec l'écosystème privé mais aussi institutionnel ».
🚓 Découvrez le rôle du #CSIRT-PJ :
cyber.gouv.fr/nous-connaitre…
2
11
36
5,844
Statement from Mullvad Co-Founder regarding the issues with exit IP's as fingerprinting vector:
"As for mitigation, we are already testing a patch of the unintended behavior on a subset of our infrastructure."
Mullvad exit IPs are surprisingly identifying
tmctmt.com/posts/mullvad-exi…
14
127
1,766
124,822
Mullvad exit IPs are surprisingly identifying
tmctmt.com/posts/mullvad-exi…
54
248
2,499
822,287
razaborg retweeted
Apr 28
Huh.
Am I the only one who didn't know that Microsoft makes a tool called EventLogExpert that is supposed to be an improved version of event viewer for IT/helpdesk people?
github.com/microsoft/EventLo…
15
182
889
49,538
razaborg retweeted
LLMs have gotten good enough at reverse engineering to recover source code from obfuscated binaries with real accuracy.
So we asked the obvious next question: how fast and cheap is it to use one to build obfuscation specifically designed to beat it?
We benchmarked Claude Opus 4.6 against the Tigress obfuscator across 20 targets first, to map its strengths and failure modes. 40% solve rate. Phase 3 multi-layer combos hit 0%, with cost explosions that killed the runs.
Then we ran a dev/test/refine loop to build 3 purpose-built obfuscation variants targeting the same crackme, iterating directly against the model's known weaknesses.
The finding: LLM-targeted obfuscation is fast and cheap to develop. Context windows, budget caps, and shortcut biases are all exploitable attack surfaces.
The arms race just shifted.
5
88
319
30,407
razaborg retweeted
For the first time, Mandiant Academy is bringing our Practical Threat Hunting course to you in person.
Join us onsite at the Google Reston office from May 19-21 to master CTI application, the A4 framework, and repeatable hunt methodologies.
bit.ly/4chcazY
4
18
138
15,267
razaborg retweeted
📢 The FLARE team has launched the FLARE Learning Hub - a free resource to hone your malware analysis and reverse engineering skills!
🛠️ github.com/mandiant/flare-le…
The initial launch brings with it:
- An in-depth introduction to time-travel debugging (TTD)
- A comprehensive Go language reference
- An assembly crash course
1
128
514
29,155
The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at github.com/mandiant/flare-le…. Launched with:
- Malware Analysis Crash Course
- Go Reversing Reference
- Intro to TTD
6
401
1,257
65,247
razaborg retweeted
Mar 14
This could be quite interesting and useful for #DFIR, locally on your PC.
Maybe Defender timeline downloader this? 🤔
medium.com/@gribanov.vladimi…
5
46
5,668
razaborg retweeted
Mar 10
📣#PIVOTcon26 Agenda is here 🤟 We are thrilled to announce the lineup for this year's speaker lineup.
2⃣days and 19 talks from leading #ThreatResearch experts.
The agenda link is in the first comment👇, and the talks and speakers are in the thread.🧵
#CTI #ThreatResearch
1/15
1
12
22
3,186
razaborg retweeted
Introducing the new /crawl endpoint - one API call and an entire site crawled.
No scripts. No browser management. Just the content in HTML, Markdown, or JSON.
763
1,664
19,727
10,626,466
razaborg retweeted
24 Apr 2024
This is awesome! Incredibly useful for IR and beats my handmade notes 😆
Thank you to the folks that made this guide public 🙏 🙏
Get the PDF directly from here 🔗 cdn-dynmedia-1.microsoft.com…
2
117
306
23,947
razaborg retweeted
Kaspersky recently produced a podcast on Operation Triangulation, basically a story of the investigation
Things that I haven't seen mentioned elsewhere:
— Triangulation malware existed for >10 years
— Some technical details similar to the Equation Group
youtube.com/watch?v=j4pCKh_0…
3
31
133
31,282
Reverse-engineered Coruna - a nation-state iOS exploit kit - from raw JavaScript. 28 modules, 500 XOR strings decoded, 6,596-line teardown. PAC bypass, JIT cage escape, PACDB hash forgery.
nadsec.online/blog/coruna
nadsec.online/blog/coruna-te…
(technical analysis more interesting, read coruna blog post first, technical analysis looks better on github, link on-site)
11
65
335
46,411
razaborg retweeted
Mar 4
Coruna: a powerful iOS exploit kit containing 23 exploits across five full exploit chains targeting iPhones running iOS 13 through 17.2.1.
The Exploit Kit and implant leave behind plenty of traces. #signature
iverify.io/blog/coruna-insid…
Mar 4
Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
Google Threat Intelligence Group (GTIG) has identified a new and powerful exploit kit targeting Apple iPhone models running iOS version 13.0 (released in September 2019) up to version 17.2.1 (released in December 2023). The exploit kit, named “Coruna” by its developers, contained five full iOS exploit chains and a total of 23 exploits. The core technical value of this exploit kit lies in its comprehensive collection of iOS exploits, with the most advanced ones using non-public exploitation techniques and mitigation bypasses.
cloud.google.com/blog/topics…
A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals
A highly sophisticated set of iPhone hijacking techniques has likely infected tens of thousands of phones or more. Clues suggest it was originally built for the US government.
wired.com/story/coruna-iphon…
3
42
173
59,266
razaborg retweeted
A full iOS exploit toolkit, "Coruna," has been found in the wild, hacking iPhones that visited infected websites, used by Russian spies targeting Ukrainians and thieves targeting Chinese crypto holders. And it may have been created for the US government. wired.com/story/coruna-iphon…
8
298
709
100,946
DFIR analysts who use macOS as their daily driver deserve free and native forensic tooling. So I built one. 🍎
Introducing 𝗜𝗥𝗙𝗹𝗼𝘄 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 — a timeline analysis app built from the ground up for Mac-based DFIR folks, forensic investigators, or SOC analysts. Built in appreciation of, and inspired by, Eric Zimmerman’s Timeline Explorer.
Every feature in this tool was shaped by real IR casework. Handling massive timelines, parsing artifacts here and there, and pivoting across logs during active investigations. I built IRFlow Timeline to be the native macOS timeline analyzer that actually keeps up with a live case. Every button and view is intentional; if it’s in the app, it’s because I needed it mid-case and realized the standard tools fell short.
No dependencies. Zero setup. Just drag, drop, and analyze.
#dfir #incidentresponse #timeline #macos #threathunitng #digitalforensics
20
119
504
39,944