Drew Schmitt @5ynax - Twitter Profile

5ynax retweeted

about 3 years ago

#Aurora #Stealer #panel recovered. #Aurora #Stealer #builder 2023 recovered . #Aurora #Stealer #builder 2022 recovered. #Aurora #Auth Server recovered. An article on reversing the builder is already in development by a fellow #infosec researcher. Happy Sunday :)

Gi7w0rm's tweet photo. #Aurora #Stealer #panel recovered.
#Aurora #Stealer #builder 2023 recovered .
#Aurora #Stealer #builder 2022 recovered.
#Aurora #Auth Server recovered.
An article on reversing the builder is already in development by a fellow #infosec researcher.
Happy Sunday :) https://t.co/ZfcOs0LXXB

2

64

14

8

12K

5ynax retweeted

Germán Fernández

@1ZRR4H

over 3 years ago

#ESXiArgs ransomware decompiled 🔦👀 https://t.co/UnLbzX3YB3

1

94

40

11

17K

5ynax retweeted

Jiří Vinopal

@vinopaljiri

over 3 years ago

If you are looking for #IDA plugin/script list, @fr0gger_ has a great list 😊👍 https://t.co/VlDn4YSTsr But here are some of my personal best I am using and I would like to recommend:

vinopaljiri's tweet photo. If you are looking for #IDA plugin/script list, @fr0gger_ has a great list 😊👍
https://t.co/VlDn4YSTsr
But here are some of my personal best I am using and I would like to recommend: https://t.co/PSyk1jybYE

2

97

26

43

0

5ynax retweeted

Max_Malyutin @Max_Mal_

over 3 years ago

#IcedID (A.K.A #Bokbot) ISO Infection 🧊🆔 #DFIR Exec Flow & TTPs: ZIP > ISO > LNK > Rundll32 Defense Evasion (TA0005) [+] CMD line carets obfuscation "^" [+] Rundll32 to proxy exec of DLL payload start r^un^dl^l3^2 9bs6gHsN.d^l^l, #1" C2: hxxp://aviadronazhed[.]com:80

Max_Mal_'s tweet photo. #IcedID (A.K.A #Bokbot) ISO Infection 🧊🆔

#DFIR Exec Flow & TTPs:
ZIP > ISO > LNK > Rundll32

Defense Evasion (TA0005)
[+] CMD line carets obfuscation "^"
[+] Rundll32 to proxy exec of DLL payload

start r^un^dl^l3^2 9bs6gHsN.d^l^l, #1"

C2: hxxp://aviadronazhed[.]com:80 https://t.co/yUYRVXPn8n

3

118

47

23

0

Who to follow

Ian Kenefick

@ian_kenefick

Cyber Threat Intelligence Automation @trendaisecurity B̶l̶u̶e̶S̶k̶y :: https://t.co/lP6THaK5Yj

Adrien B

@Int2e_

Malware research and threat intel ex #DFIR responder at @Mandiant

Ahmed Shosha

@Ahmedfshosha

Founder. Ex-@Microsoft Threat Intelligence Center (MSTIC). Ex-@Mandiant. PhD in CS @ucddublin / @UCDCCI

5ynax retweeted

Florian Hansemann @CyberWarship

almost 4 years ago

"Malware development tricks. Download and inject logic. C++ example." #infosec #pentest #redteam https://t.co/oYJfRwPXCJ

2

147

67

33

0

5ynax retweeted

Florian Hansemann @CyberWarship

almost 4 years ago

"Shell Code Injector with AES Encryption - EDR Bypass" #infosec #redteam #pentest https://t.co/CblemKKpOZ

1

189

65

44

0

5ynax retweeted

vx-underground

@vxunderground

almost 4 years ago

REvil ransomware group has ransomed Chinese electrical manufacturer Midea Group. Midea Group has an estimated annual revenue of ¥343,400,000,000 or approx. $49,000,000,000. REvil is continuing its big game hunting.

vxunderground's tweet photo. REvil ransomware group has ransomed Chinese electrical manufacturer Midea Group. Midea Group has an estimated annual revenue of ¥343,400,000,000 or approx. $49,000,000,000.

REvil is continuing its big game hunting. https://t.co/0GDUNuJXS9

15

635

186

40

0

5ynax retweeted

vx-underground

@vxunderground

almost 4 years ago

Leaked documents online show the purchase (and documentation of) an $8,000,000 iOS Remote Code Execution 0day exploit

56

4K

941

446

0

5ynax retweeted

vx-underground

@vxunderground

almost 4 years ago

Lockbit ransomware group has put out a statement regarding the Entrust breach and subsequent DDoS attack they are (still) under. Lockbit states they are changing their operation practices to combat DDoS attacks *Intel via @S0ufi4n3 *Image: Lockbit message translated into English

vxunderground's tweet photo. Lockbit ransomware group has put out a statement regarding the Entrust breach and subsequent DDoS attack they are (still) under. Lockbit states they are changing their operation practices to combat DDoS attacks

*Intel via @S0ufi4n3
*Image: Lockbit message translated into English https://t.co/L0TlihLKLL

5

128

30

11

0

5ynax retweeted

Arda Büyükkaya

@WhichbufferArda

almost 4 years ago

Unpacked Bumblebee loader performing some anti analysis checks, this technique was copied from open source project called "al-khaser" :=)

WhichbufferArda's tweet photo. Unpacked Bumblebee loader performing some anti analysis checks, this technique was copied from open source project called "al-khaser" :=) https://t.co/JspoYy6NXa

1

104

28

24

0

5ynax retweeted

R. @0xrb

almost 4 years ago

#systemBC #malware Targeting various #Mexico corp/enterprise network #Mexico Victim List (1145) : https://t.co/bGBvmSxhYO cc: @vxunderground @b3ard3dav3ng3r

0xrb's tweet photo. #systemBC #malware Targeting various #Mexico corp/enterprise network
#Mexico Victim List (1145) : https://t.co/bGBvmSxhYO
cc: @vxunderground @b3ard3dav3ng3r https://t.co/7lWsWjisKU

3

38

9

6

0

5ynax retweeted

vx-underground

@vxunderground

almost 4 years ago

This is the source code to Thanos Ransomware Builder. It is password protected. https://t.co/SgPCdI00TS

9

377

54

29

0

5ynax retweeted

SANS.edu Internet Storm Center

@sans_isc

almost 4 years ago

Excel 4 Emotet Maldoc Analysis using CyberChef https://t.co/AuHzYgmxNL

6

154

45

32

0

5ynax retweeted

vx-underground

@vxunderground

almost 4 years ago

Lockbit has informed us that this is "normal behavior" and this report from @malvuln is the result of an incorrect password. "[the] binary file can't decrypt without[sic] wrong password. It's not bug"

6

42

10

3

0

5ynax retweeted

ςεяβεяμs - мαℓωαяε яεsεαяςнεя & мαℓωαяε gεиεтιςιѕт @c3rb3ru5d3d53c

almost 4 years ago

Destroying #Bitter #APT's #ZxxZ #Backdoor ✅ #Exploit+#Shellcode Analysis ✅ Building it's C2 Server to Execute a #Meterpreter Payload ✅ YARA/Suricata/Sigma ✅ #Ghidra Project ✅ #Malware Reverse Engineering ✅ Config Extraction https://t.co/1nNAHMattv https://t.co/rb0FuxB1HR

c3rb3ru5d3d53c's tweet photo. Destroying #Bitter #APT's #ZxxZ #Backdoor

✅ #Exploit+#Shellcode Analysis
✅ Building it's C2 Server to Execute a #Meterpreter Payload
✅ YARA/Suricata/Sigma
✅ #Ghidra Project
✅ #Malware Reverse Engineering
✅ Config Extraction

https://t.co/1nNAHMattv
https://t.co/rb0FuxB1HR https://t.co/BSeep2qTMY

10

330

116

67

0

5ynax retweeted

Arda Büyükkaya

@WhichbufferArda

almost 4 years ago

Lockbit Black 3.0 can yeet the Windows Defender and Event logs of it. Look at the Enabled key, it's set to 0 by Ransomware at the start. @vxunderground @malwrhunterteam

WhichbufferArda's tweet photo. Lockbit Black 3.0 can yeet the Windows Defender and Event logs of it. Look at the Enabled key, it's set to 0 by Ransomware at the start.
@vxunderground @malwrhunterteam https://t.co/8KTDTcs398

8

283

95

54

0

5ynax retweeted

vx-underground

@vxunderground

almost 4 years ago

.@malvuln found an exploit in Lockbit 3 (Lockbit Black). Lockbit does not verify the length of the Execution Key - resulting in a Buffer Overflow. Lockbit, are you going to pay out like your site says you will? #lockbit #bugbounty Details: https://t.co/TMJnVtpyLa

7

226

59

8

0

5ynax retweeted

Florian Roth ⚡️

@cyb3rops

almost 4 years ago

This obfuscator for Go binaries replaces values with exactly 8 byte long random chars, which we can use to create a YARA rule to detect that obfuscation 🥳

cyb3rops's tweet photo. This obfuscator for Go binaries replaces values with exactly 8 byte long random chars, which we can use to create a YARA rule to detect that obfuscation 🥳 https://t.co/6LlYPueFsy

1

194

33

16

0

5ynax retweeted

vx-underground

@vxunderground

almost 4 years ago

Yanluowang ransomware groups claims to have ransomed Walmart - a United States-based multi-national grocery store with an est. annual revenue of $572,800,000,000. *We are unable to confirm the legitimacy of these claims *Information and photograph via @BrettCallow

vxunderground's tweet photo. Yanluowang ransomware groups claims to have ransomed Walmart - a United States-based multi-national grocery store with an est. annual revenue of $572,800,000,000.

*We are unable to confirm the legitimacy of these claims
*Information and photograph via @BrettCallow https://t.co/H2dlYNkpTc

5

245

57

28

0

5ynax retweeted

ςεяβεяμs - мαℓωαяε яεsεαяςнεя & мαℓωαяε gεиεтιςιѕт @c3rb3ru5d3d53c

almost 4 years ago

Tell me all your secrets in the clear #malware. 😘

7

101

9

0

Drew Schmitt

@5ynax

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users