Olivia
Online
Sushil Singh
@SushilSin
The quieter you become, the more you are able to hear.
India
Joined August 2012
748 Following
440 Followers
5.3K Posts
https://t.co/p7Ou5VLjs4
This is very good malware.
This is solid-solid-SOLID B+ malware, very close to A- malware.
APT37 is using a old-school playbook. They're doing EPO (Entry Point Obfuscation) on a self-delivered binary for evasion. They also unironically are using something akin to cavity infection ... but on themselves. This is something you saw more in the Windows 95 - Windows XP era, not something you see in 2026.
Very cool. I respect it.
The multi-staged fragmentation of shellcode phases is also really, really, really cool. This is (once again) a more old-school technique usually reserved for infected binaries, not self-delivered binaries.
Despite all of these super cool features, APT37 shoots themselves in the foot immediately.
- EAT walking for Kernel32 functionality (???)
- XOR decryption is a huge red flag
- Allocating with PAGE_EXECUTE_READWRITE (???)
- Hardcoded OAuth token (???)
- Used external dependency for AES (???)
Why not use NT functionality to hook evasion? XOR is easily identified in static analysis, why XOR? Allocating memory with VirtualAlloc with RWX is a MASSIVE RED FLAG. They also hardcode a OAuth token ... they can multi-staged shellcode payload with old-school malware techniques but hardcore AN OAUTH TOKEN?
It unironically makes me wonder if they had one old-head malware guy working on it, then they had some newer dude do the non-hardcore stuff. There is a huge gap in skill sets here.
Or the old-head hasn't kept up to date on malware stuff since 2005... or they got lazy... I don't know, really weird.
Scans S3 buckets for misconfigurations across cloud providers
https://t.co/iwyMr3xPtP
Multi-AI vulnerability scanner and pentester
https://t.co/lUtlPxATeV
Who to follow
NULLCON
@nullcon
International #Security Conference, Training & Exhibition Platform - the neXt security thing! ✈️Up next #NullconBerlin2026
Harshit Mahajan
@HarshitRMahajan
Trekker | Gamer | Book Lover | Father |
Personal Views...!
Payatu
@payatulabs
Research Powered Cybersecurity Services and Training. IoT | Embedded | mobile | cloud | Infra security. Organizers of @nullcon @hardwear_io
Aggregates CVEs from multiple sources
https://t.co/CRP5UP66Og
AI-driven cybersecurity tools via MCP
https://t.co/JSDJysLLtv
open-source face recognition REST API with docker support
Telegram Maltego: A free set of Transforms for Maltego that enables OSINT investigations in the Telegram messenger
GitHub: https://t.co/tGMf1H7Idq
🎉🎉 Celebrating Success! Airtel's Live Bug Bounty Triumph at nullcon Goa 🛡️
Huge shoutout to the talented ethical hackers and security experts who made this event a tremendous success. Your dedication to cybersecurity is truly commendable. 🙌👏 #nullconGoa #BugBounty #Airtel
😎For the past 3 editions, Airtel has been a strong supporter!
👊Super thrilled to welcome @airtelindia as our 🥈Silver Sponsor with a new identity
Keep an eye out on Live bug bounty 💰https://t.co/kqTyO6slg4
#NullconGoa2023 #Infosec #Conference
Hey #bughunters! 🟢Application for Private Live Bug Hunting is now open
Rewards upto ₹10,00,000 | 🎯Target to hunt #vulnerabilities provided by @airtelindia & @fractalai
Apply before 7th Sep➡️https://t.co/iFhKIjFnxV
#NullconGoa2023 #bughunting #Infosec #Conference
👨💻Unleash your #hacking skills! Rewards up to 💰₹10,00,000 at stake with Targets to hunt provided by @airtelindia & @fractalai
👊Application for Private Live Bug Hunting ends on 7th Sep➡️https://t.co/iFhKIjFnxV
#NullconGoa2023 #bughunting #Infosec #Conference
🕰️You have just few hours left to submit your application for 👩💻Live Bug hunting!
⚠️Select 50 participants will get a chance | Apply soon ➡️ https://t.co/iFhKIjFnxV
#NullconGoa2023 #Infosec #Conference #bugbounty | @airtelindia | @fractalai
Calling all security enthusiasts, bug bounty seekers, and researchers.
A live bug bounty competition is being held by Bharti Airtel at @nullcon Goa-2023 @antriksh_s @rahul_gehlaut @airtelindia
register here: https://t.co/Xf9Ua2myJP
#NullconGoa 2023 is getting so exciting …
https://t.co/OiNlNlrrG7
Defcon Conference Slides Presentations 22-30
Credit: @C0d3Cr4zy
↓↓
Defcon 22 All Slides
https://t.co/B2MFSoRlsS
Defcon 23 All Slides
https://t.co/fTKO3piysm
Defcon 24 All Slides
https://t.co/o3IgAH3fnu
Defcon 25 All Slides
https://t.co/npqmtEMAQ6
Defcon 26 All Slides
https://t.co/5OKufGcLIK
Defcon 27 All Slides
https://t.co/isay5Rtj2H
Defcon 28 All Slides
https://t.co/Y8tj0Oa3MC
Defcon 29 All Slides
https://t.co/6UDZ6a6gKf
Defcon 30 All Slides
https://t.co/kGlOGGzQW0
#cybersecurity #Pentesting #Hacking #bugbountytips #infosec #cybersecuritytips #redteam #coding #vulnerabilities #BugBounty #CyberSecurityAwareness
😎For the past 3 editions, Airtel has been a strong supporter! 👊Super thrilled to welcome back Airtel @airtelindia as our 🥈Silver Sponsor
Keep an eye out on Live bug bounty 💰https://t.co/kqTyO6rNqw
#NullconGoa2023 #Infosec #Conference
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.4M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.1M followers
Taylor Swift
@taylorswift13
80.9M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
69M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.6M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.2M followers