![SquiblydooBlog's tweet photo. AnchorWallet[.]org is fake. The real place to download the wallet is Greymass[.]com.
If you download the Windows app from the fake, you get a 680MB remote access tool signed by PIXEL PLAY PRIVATE LIMITED. Not an app signed by Greymass.
h/t @malwrhunterteam
1/2 https://t.co/bA0cAsIyT8](https://pbs.twimg.com/media/HGQozlyW4AE_RGU.png)
Olivia
Online
Brian R
@brian_psu
Penn State alumnus, beer drinker, runner | 👨🏾💻
Seattle, WA
Joined May 2008
533 Following
1.4K Followers
4.6K Posts
the most low-effort / high reward thing you can do for security is installing the Russian language pack
(not even joking, it's ridiculous how often that prevents execution)
It really makes me sad when I see small IT teams struggling to fix 5k “medium” and “high” vulnerabilities that have absolutely zero real impact, meanwhile, they still have Antivirus (partially deployed), no app control, no real security monitoring, same local admin password everywhere, no regular pentests, etc.
Have you ever wanted to query ETW providers, but didn't want to open a VM? What about checking the difference of ETW providers/events across OS builds?
Today I am releasing EtwWatcher - a tool that brings EtwInspector to GitHub pages so that you can query ETW providers, as well as compare them across builds.
This is something I wish I had for YEARS but have always opt'd to pull manually through a VM. I plan on being very active in uploading new snapshots as new OS builds come out. Check it out!
Blog: https://t.co/zfPJW2PYkX
Repo: https://t.co/jr8LOu0Vuq
Live site: https://t.co/clWRBnsCgh
We’re expanding the offensive security team at @ArmadinSecurity .
Hiring Offensive Security Operators across multiple levels with backgrounds in:
• Penetration testing
• Red teaming
• Cloud security
• Exploit development
• Offensive tooling
• AI/ML security
If you enjoy breaking modern infrastructure and identifying real attack paths across enterprise and AI environments, I’d love to connect.
Remote role. Multiple levels available.
DM me if interested or apply here:
https://t.co/uD5qJNPG3R
Who to follow
Lee Chagolla-Christensen
@tifkin_
I like making computers misbehave. Does stuff at https://t.co/YsrVyTjOY7.
https://t.co/UsRIholZ3M
Ryan Cobb
@cobbr_io
Red Teamer | Hobbyist Software Developer | Operator @SpecterOps
Developer: Covenant, SharpSploit, PSAmsi
Matt Hand 
@matterpreter
Building @originhq | Author, Evading EDR @nostarch
An MCP server that gives AI assistants deep visibility into Windows internals: processes, ETW kernel traces, event logs, services, drivers, minifilters, and static PE analysis.
https://t.co/yFWDuBK9hO
Skepticism of corporate marketing and AI boosterism is always warranted, but I think the folks who accused Anthropic of overrating Mythos should check out this post by Mozilla developers indicating that the Firefox team fixed more security bugs in April using Mythos than in the past 15 months combined.
https://t.co/0hmpnz0pQZ
LLMs becoming good at vuln-discovery and vuln-dev is really a lot of technical debt maturing suddenly, and defenders experiencing a liquidity crunch. It's not a *solvency* crunch though, so once we get through this a lot of tech debt will be paid down (altho new might be issued)
OpenAI’s GPT-5.5 is the second model to complete one of our multi-step cyber-attack simulations end-to-end 🧵
Howdy folks! Taking a break from my twitter break to let yall know that we released a new @GreyNoiseIO product yesterday. It's called Project Swarm. We've been quietly not-so-quietly working on it for a few years. You can buy it now. It costs $1.
There are lots of vulnerabilities on edge-facing apps. To catch in-the-wild exploitation of them, we @ GreyNoise run sensors on the internet. New AI models means more vulnerabilities being identified and exploited, and FASTER. Long term, software and hardware will probably get better, but in the meantime we're gonna have to deal with A LOT of vulnerabilities.
At GreyNoise, the sensors we run are basically honeypots- we bait attackers to scan and exploit them which enables us to learn where the attackers are, which vulnerabilities they are exploiting, what it drops, and what it looks like on the wire. From ~2020-now it took us years to build up our fleet. Now anyone can use our new product to deploy their own sensors on their own networks, or an entire fleet of any size, in a day. You can rip back the data and do whatever you want with it. You can resell it, put it into your product, or just stare at it- whatever you want! On our side, we aggregate the data and pour it into a community dataset that everyone shares. As more people join, the data gets bigger and better.
Couple neat features:
- Sensor deployment is a single bash command on any modern linux distro that supports iptables and wireguard.
- Sensors and vulnerable software (profiles) are abstracted into different logical concepts, which means the "what" and "where" are different things, and the sensor is not constrained by the compute required to run the vulnerable software. Also, no matter how hacked the profile (honeypot) gets, it can't touch your host sensor or the rest of your network.
- Sensors can run fake honeypots, real software, or even real hardware (bridged with a raspberry pi) like old crappy routers and modems (or expensive firewalls and VPN gateways 👀)
- You can create dynamic blocklists that block IPs sourced from your own sensors in real time, so if a remote IP address *looks at your network* the wrong way, you block them instantly.
- All the PCAP data is available to you in a gorgeous and intuitive interface at near real time and fully enriched against all of our (thousands of) rules. We're working on the host metadata (malware, syscalls, host behaviors) as well, but this will come later.
- If we don't tag a CVE that's interesting to you, you can write a Suricata rule to tag it yourself once and your data gets tagged with it in real time forever.
- You can instantly download PCAPs of any exploits that hit your sensors.
- If you don't want your data shared with the community dataset, you can talk to our team and we'll work out rights to make it private.
Check it out! There's a lot of moving pieces to make this work and we expect bugs, but it's available right now. Join the fight!
https://t.co/erAWtX1l7B
Everyone who is not a hacker is now suddenly learning that the level of security they had was more like paper mache and less like plate armor.
We didn't know how an actor was using EV Certificates issued to Lenovo and others.
We now do.
From DigiCert's incident report:
"the threat actor used a compromised analyst endpoint to access DigiCert's internal support portal. The threat actor used a limited function within the customer-support portal which allows authenticated DigiCert support analysts to access customer accounts from the customer's perspective to facilitate support tasks. The threat actor was able to use this function to access initialization codes for orders that were approved but pending delivery for EV Code Signing certificate orders across a finite set of customer accounts."
"Possession of the initialization code, combined with an approved order, is functionally sufficient to generate and retrieve the corresponding certificate."
The full report can be found here and explains the incident in great detail: https://t.co/zceZsSg8yH
The report mentions "Where we got lucky: A community member involved in security research reported the evolving pattern of misused certificates and engaged in dialogue with our support team. Without that report, the undetected compromise of ENDPOINT2 and the associated mis-issuance might have remained undiscovered for a longer period."
Special thanks goes to the regular contributors to the Cert Graveyard; @g0njxa , @malwrhunterteam , and others.
Also special thanks to DigiCert: this report has a high level of transparency, which is warranted, and also well executed.
Important free resource that teaches you how to rotate secrets on lots of different platforms.
Seems we're in the everyone leaking secrets phase of supply chain attacks lately. Keep this handy.
Thanks @trufflesec!
https://t.co/79Pkn4BCsO
@mattjay Good write up of practices, tools, and actual configs from astral
https://t.co/EivTsE0SWS
We identified an exposed server that provided unusual visibility into a large-scale, multi-victim exploitation and collection operation. Artifacts on the host showed that Claude Code and OpenClaw were embedded in the operator's day-to-day workflow, supporting troubleshooting, orchestration, and refinement of the collection pipeline. Logs indicated more than 900 confirmed compromises, with tens of thousands of harvested .env files spanning AI, cloud, payments, databases, messaging and more.
Read the full report: https://t.co/0spfmZ17XO
Every vendor writeup names a new ClickFix variant. The problem IMO is we are looking at ClickFix as a technique, but It's a pattern of behavior. Your detections have to cover the patterns, not the surface level IoCs. This writeup by Microsoft examining the CrashFix variant is a great breakdown of the patterns. And who said #PowerShell as an attack vector was dead?? It employs some new evasion techniques, a denial of service attack, and more trusty #LOLBAS behaviors.(The use of Finger is something interesting I haven't seen in a bit.) https://t.co/x3FKQ9Di8S
If you allow employees to authorize third party apps without admin approval then your entire vendor security review process is meaningless and you're going to get pwned.
If this is true then Vercel was extremely negligent here.
The Vercel security breach is a reminder that each and every SaaS tool your team uses IS a security risk of its own - especially if they need broad data access to eg email, internet docs etc (many AI tools do just this)
Security teams onboarding new vendors happens for a reason.
AnchorWallet[.]org is fake. The real place to download the wallet is Greymass[.]com.
If you download the Windows app from the fake, you get a 680MB remote access tool signed by PIXEL PLAY PRIVATE LIMITED. Not an app signed by Greymass.
h/t @malwrhunterteam
1/2
![SquiblydooBlog's tweet photo. AnchorWallet[.]org is fake. The real place to download the wallet is Greymass[.]com.
If you download the Windows app from the fake, you get a 680MB remote access tool signed by PIXEL PLAY PRIVATE LIMITED. Not an app signed by Greymass.
h/t @malwrhunterteam
1/2 https://t.co/bA0cAsIyT8](https://pbs.twimg.com/media/HGQozsUXMAATC4y.png)
@signulll https://t.co/GzYNZu4cy1
Last Seen Users on Sotwe
Jav Movies Sub Indo and Non Sub Indo
Seen from United States
Ben
Seen from Vietnam
HOT OLD UNCLE
Seen from India
ชอบหนุ่มใหญ่รุ่นพ่อ
Seen from Thailand
Vazadinhos Diários
Vehgara4
Labububu
Seen from Malaysia
Balinese122
Seen from Malaysia
Randy Chinese Medan
Seen from Indonesia
Liseli kizlar mekani 🙈🙈🙈
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers