Olivia
Online
0x4143
@0x4143
Purple Teaming by day, Malware Hunter by night 🏴 (All opinions are my own, not of my employer)
::1
Joined September 2012
5K Following
2K Followers
415 Posts
🕵️ Windows Forensic Commands: Investigate, Analyze & Respond 🔍💻
When a security incident occurs on a Windows system, knowing which commands to run can make the difference between guessing and solid digital forensics 🧠⚖️
⤵️ Blue Team ⤵️
Unknown(?) golang ransomware/wiper
MD5: f184b9d19baaa682472598556c74e469
SHA256: ac4c4fff973e0609d61d8b37b0536271b2c7e4a2ead8bed5de238ad697d651e0
filename: rhs.exe
backup_log.txt
spawns: reg.exe, takeown.exe, icacls.exe, vssadmin.exe, powershell.exe
Given the recent events with VMPSoft DMCA'ing educational YouTube videos demonstrating how to unpack malware protected with VMProtect, we have decided to release a free to use unpacker which works for all versions of VMP 3.x including the most recent version.
Simply sign up/login here: https://t.co/7xp43sCIwv and then click on "Unpacker" on the top right corner.
For context:
https://t.co/8z6V6232YN https://t.co/kHm3O764FL https://t.co/T9EyF53FEV
G:\Mammon\Release\Mammon.pdb - so maybe Mammon ransomware?
Who to follow
blackorbird 
@blackorbird
Peace and Love.
Just Analysis/Hunter/Youtuber/AiCoder/Entrepreneur/.
#APT #threatIntelligence #Exploit #CTI #meme #cyber #hacker #OSINT #Ai
Need Remote Job
Myrtus
@Myrtus0x0
Malware Researcher | Developer | @Cryptolaemus1 | @NVIDIA
bsky: [email protected]
James
@James_inthe_box
New ransomware...
MD5: c85b8d8a130e475bd294feb1be152890
SHA256: db7244e877f1801fd83dc504295ba04f362bc1b7966fc5c41a06f0fb1ddd7bd7
file.ext -[https://t.co/[email protected]]id-[<10randomchars>].aaabbbccc
ransom note: howtoDecrypt.txt
![0x4143's tweet photo. New ransomware...
MD5: c85b8d8a130e475bd294feb1be152890
SHA256: db7244e877f1801fd83dc504295ba04f362bc1b7966fc5c41a06f0fb1ddd7bd7
file.ext -[https://t.co/5ZzhD6grj5.junior@gmail.com]id-[<10randomchars>].aaabbbccc
ransom note: howtoDecrypt.txt https://t.co/1LuiFhJP6e](https://pbs.twimg.com/media/GqVo0LMW0AALhud.jpg)
My presentation slides "UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior" @REverseConf are available online https://t.co/QCQaFi8SaY
The Windows Kernel Exploitation tutorial series is complete for both English and Spanish speakers. Huge thank you to @HackSysTeam for creating HEVD to begin with and thank you to @corelanc0d3r and @ret2wargames for creating resources that are free for those who can't afford them!
6 months ago, I started working on a way to better map the #ransomware ecosystem and its evolution, including rebrands.🔎
I am really happy to share this handmade cartography, which is based on @orangecyberdef resources, #OSINT and reverse engineering.
➡️ https://t.co/cKK57AM07f
Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code.
https://t.co/hTdAfHOUx3
Unknown (new?) #ransomware
Encrypts files with .vgvx extension
SHA256: 81a27b3dcfbd52ceb68043465a9aaa3ff6a2e4d04e487197bb23db5c76eec740
CC: @demonslay335 @Amigo_A_
I usually make short-form satirical videos for fun, but never share them with the world. This time tho, I thought I'd make one for the infosec community. Some might even find it educational 😅
If you're in #infosec and you feel a little down this week, this video is for you💙
☁️ Awesome Cloud Security ⚔️
Collection of awesome #Cloud security tools, standards, and other resources
🔗 https://t.co/tY3exOX9Sj
#cloudsecurity #DevOps #Pentesting #infosec #cybersecurity
Bypass Defender AV static detection:
If you name a malicious file DumpStack.log Defender doesn't scan it.
🚨🚨WARNING 🚨🚨 We have confirmed that #Emotet is dropping CS Beacons on E5 Bots and we have observed the following as of 10:00EST/15:00UTC. The following beacon was dropped: https://t.co/imJDQTGqxV Note the traffic to lartmana[.]com. This is an active CS Teams Server. 1/x
#ESETresearch discovered a trojanized IDA Pro installer, distributed by the #Lazarus APT group. Attackers bundled the original IDA Pro 7.5 software developed by @HexRaysSA with two malicious components. @cherepanov74 1/5
Today I've launched https://t.co/ioguLMcADN. I've been analyzing malware source code that utilizes WinAPIs and have been categorizing them. Please feel free to contribute as I know the current list is not exhaustive.
I found some private keys on VT, enabling all of us to decrypt C2 traffic from a subset of all the malicious Cobalt Strike servers that are out there on the Internet. More details: "Cobalt Strike: Using Known Private Keys To Decrypt Traffic – Part 1" https://t.co/HMBZEV4akv
I tweaked https://t.co/Sahc22ongY a little bit and I uploaded trainings, courses, papers, presentations, and posts with the idea in mind that knowledge should be free. Some of the most interesting content follows:
Last Seen Users on Sotwe
Makcik
Seen from Malaysia
jack
Seen from Indonesia
cms Qiuqiu
Seen from Indonesia
You & Me
Seen from Turkey
Nudists on Beach
Seen from Turkey
KAPALI GÜZELLER +18
Seen from Turkey
Molly Sneeringer
Seen from Indonesia
OneFaceSwap | ตัดต่อคลิป สลับหน้า
Seen from Thailand
AV 集中地
Seen from Indonesia
sevimli sempatik
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.4M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
72.9M followers
Virat Kohli
@imvkohli
69.8M followers
Kim Kardashian
@kimkardashian
69.8M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.7M followers