Olivia
Online
AV3AS
@LAXVE1
Cyber Defense Specialist | Threat Hunting | DFIR | Threat Intelligence | Security Operations | Cloud Security | CEH v12
Chile
Joined October 2018
705 Following
93 Followers
813 Posts
Over 400 Arch Linux packages compromised to push rootkit, infostealer https://t.co/nVsXDHkp2Q #Security
@tre__ndsx That's fraud, he has three legs that's why he jumps so high. Jejeje 🙈
Top 10 last week's threats by uploads 🌐
⬇️ #Xworm 550 (944)
⬇️ #Quasar 354 (364)
⬇️ #Vidar 282 (371)
⬇️ #Asyncrat 247 (396)
⬇️ #Lumma 222 (284)
⬇️ #Stealc 221 (354)
⬆️ #Guloader 197 (181)
⬆️ #Agenttesla 186 (172)
⬇️ #Smoke 148 (153)
⬇️ #Remcos 128 (212)
Explore malware in action: https://t.co/lJQZWqz51M
#Top10Malware
FortiGuard Labs observed malware named “ShadowV2” spreading via IoT vulnerabilities at the end of October during a global disruption of AWS connections. This activity was likely a test run conducted in preparation for future attacks. https://t.co/GOgQxBCkh0
Who to follow
Aeron Small
@AeronSmallMD
Cardiology and echocardiography @BrighamWomens. Interested in human genetics research, valvular heart disease, and jazz guitar.
Antonio J. Caba 💚💙
@antoniojcaba
Técnico de sistemas. Eterno aprendiz de novato. Mentor en la III, IV y V National Cyber League.
Jesús Angosto 🇪🇸 127.0.0.1
@jdangosto
#DT DFIR, Security, Pentest
Opiniones Personales
Si puede imaginarse, puede hacerse ;)
Tracking down a rogue Windows service for webshell persistence -- just a teeny weeny PowerShell HTTP server wrapped with NSSM, showcased with Wazuh and their sweet new 4.14 release with visibility on IT hygiene 😎 Video: https://t.co/rQk6rV5dNg
Uncovered screen recordings from threat actors! 👀 Real footage of cybercriminals using anti-detect browsers and infostealer malware logs for session hijacking, and another using GraphSpy to read their Entra ID victim's emails in Outlook! 💀 Video: https://t.co/p94bhFgGgY
⚠️ Supply chain attacks stay stealthy and disruptive. This DHL impersonation case showed HTML attachments slipping past filters and credential theft via a third-party form service.
📚 Explore the case against the energy sector: https://t.co/DzuM1t9kU1
⚠️ Rundll32, certutil, mshta; attackers abuse them to load payloads without raising alerts.
Security teams using real-time analysis expose these #LOLBin tactics fast.
Here’s how to achieve it inside your SOC 👇
https://t.co/mJBj2nl9RF
Top 10 last week's threats by uploads 🌐
⬆️ #Xworm 1044 (641)
⬆️ #Lumma 479 (476)
⬆️ #Asyncrat 398 (275)
⬇️ #Quasar 371 (390)
⬆️ #Vidar 370 (292)
⬆️ #Remcos 318 (271)
⬆️ #Stealc 282 (174)
⬆️ #Agenttesla 193 (167)
⬆️ #Guloader 176 (171)
⬇️ #Smoke 160 (164)
Explore malware in action: https://t.co/Bl8htuxohr
#Top10Malware
⚠️ #ClickFix became a major attack vector in 2025, combining cross-platform delivery, user-driven execution that slips past defenses, and high-impact payloads like stealers, RATs, and #ransomware.
👨💻 See a recent Docusign themed case: https://t.co/RSbmD0X6d2
📚 Learn how to keep up with new ClickFix attacks using #ANYRUN and explore more cases: https://t.co/iLlIkxSjVC
⚠️ #ClickFix malware tricks users into infecting themselves, bypassing traditional security. In 2025, it became #2 vector after #phishing.
See how @ericparker dissected ClickFix attacks including the new #FileFix variant 👇
https://t.co/BkUGVlsS2t
#NorthKorea #Konni
North Korean(🇰🇵) threat actors carried out the first known remote wipe attacks targeting Android devices—destroying victims’ data and spreading malware via stolen Google, KakaoTalk, and Naver accounts.
https://t.co/wphzTMYs4H
🇨🇴 🖥️ Hacker colombiano encuentra error en el corazón de internet y pone en alerta a todo el mundo
El investigador colombiano José Pino descubrió una vulnerabilidad tan sencilla como crítica en el motor Blink, presente en navegadores como Chrome, Edge, Brave y Opera. Esto podría afectar a 7 de cada 10 usuarios en el mundo, mediante la sobrecarga de recursos en el equipo.
https://t.co/P9Vnilu0B8
Muy buen resumen de los principales ataques de Phshing del 2025, compartido por https://t.co/Sdzrp8ejHX. https://t.co/bDkGzIlaxT
Search by CVE ID, keyword, or vendor...
https://t.co/44Gmi4qv1e
Tools such as https://t.co/IKyo8x29Vk from Impacket are usually flagged for lateral movement due to the pre-built service executable that is dropped on the remote system. However, some vendors also flag Impacket based on its behaviour.
With RustPack, you can easily create service executables that won't be detected by signatures or behaviour-based detection. 😎
In this demo video, an unsigned service executable is generated. This will only fire the payload on a system with the hostname 'Win11' — environmental keying will prevent the payload from showing up in a sandbox or cloud analysis.
To avoid Impacket detection, we drop and execute the binary via the recently released Titanis protocol library from @TrustedSec:
https://t.co/AZcygPtDjb.
The result is an Adaptix C2 connection in the SYSTEM context. 🫡
#Pentest #RedTeam #Malware #OST
Microsoft is investigating an ongoing DNS outage affecting customers worldwide, preventing them from accessing Microsoft Azure and Microsoft 365 services.
https://t.co/sUQI4yMBuG
Hunting MSIX Malware: Combining Splunk Insights with DefenderXDR Precision
The Splunk blog post highlights the growing threat of MSIX package weaponization, where attackers exploit the Windows app packaging format to deliver malware via Loader-as-a-Service platforms and deceptive distribution methods. To help defenders, Splunk developed MSIXBuilder — a tool that safely simulates malicious MSIX behavior for detection testing.
https://t.co/ngtzLh3ngJ
As a proactive measure, I've created a DefenderXDR custom detection that flags newly seen unsigned .msix files with extremely low prevalence, offering early warning of potential abuse and further investigation.
KQL Detection (Invite Code: KQLWizard)
https://t.co/6UoSsXFgMB
#Cybersecurity #DefenderXDR #MSIXAbuse
A great write-up of a VMware Workstation guest-to-host escape (CVE-2023-20870/CVE-2023-34044 and CVE-2023-
20869) exploit by Alex Zaviyalov has just been published!
ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections https://t.co/ftxApeuwxe #Malware #CyberSecurity #ClickFix #Hacking #Phishing
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers