![nas_bench's tweet photo. [New Blog📚] A Shared Arsenal: Identifying Common TTPs Across RATs
Check out this latest Splunk blog by @tccontre18 and I, where we've looked at multiple RAT families based on open intel and our past research, to identify common TTPs.
https://t.co/64OQXBq8YZ https://t.co/c4VQRha4F6](https://pbs.twimg.com/media/G_bvPQIXQAAJxrY.jpg)
![nas_bench's tweet photo. [New Blog📚] A Shared Arsenal: Identifying Common TTPs Across RATs
Check out this latest Splunk blog by @tccontre18 and I, where we've looked at multiple RAT families based on open intel and our past research, to identify common TTPs.
https://t.co/64OQXBq8YZ https://t.co/c4VQRha4F6](https://pbs.twimg.com/media/G_bvPQDWUAAi0Vw.png)
![nas_bench's tweet photo. [New Blog📚] A Shared Arsenal: Identifying Common TTPs Across RATs
Check out this latest Splunk blog by @tccontre18 and I, where we've looked at multiple RAT families based on open intel and our past research, to identify common TTPs.
https://t.co/64OQXBq8YZ https://t.co/c4VQRha4F6](https://pbs.twimg.com/media/G_bvPPRWkAEsXJa.jpg)
Olivia
Online
C M UPPIN
@cmuppin97
Cyber Security | Threat Hunter
Delhi
Joined January 2021
559 Following
110 Followers
478 Posts
@NinjaParanoid Also the SOC companies make it more hype.
Thank you for mentioning #TextShell, I really love your blogs @sekoia_io :3 very well-structured and nicely formatted.
[New Blog📚] A Shared Arsenal: Identifying Common TTPs Across RATs
Check out this latest Splunk blog by @tccontre18 and I, where we've looked at multiple RAT families based on open intel and our past research, to identify common TTPs.
https://t.co/64OQXBq8YZ
![nas_bench's tweet photo. [New Blog📚] A Shared Arsenal: Identifying Common TTPs Across RATs
Check out this latest Splunk blog by @tccontre18 and I, where we've looked at multiple RAT families based on open intel and our past research, to identify common TTPs.
https://t.co/64OQXBq8YZ https://t.co/c4VQRha4F6](https://pbs.twimg.com/media/G_bvPQlWAAAdyXe.jpg)
If you are interested in Red Teaming, Offensive Engineering, Defensive Engineering, and/or Windows Internals, here is my list of people who are worth knowing the work of / following who produce sick blogs / github projects / community teaching:
@5mukx
@jamieantisocial
@xacone_
@Octoberfest73
@0xTriboulet
@33y0re
@vxunderground
@_RastaMouse
@eversinc33
@Steph3nSims
@Flangvik
@cyb3rops
@sixtyvividtails
@JonnyJohnson_
@LeighGi66657535
@C5pider
@NinjaParanoid
Who to follow
Gaurav Kumar(GDATTACKER)
@gdattacker
Recon 🔍 | Assets 🌐 | Cybersecurity 🛡️ | World + Web explorer 🌍 | Tasty food keeps me scanning | @HackenProof Security Researcher
Harshal mali
@Harshal37008050
ETHICAL HACKER \ BUG HUNTER..
I_am_Bishal
@C15C01337
Security Research Engineer 💂
Founder of CTF Team: Hack@Sec 🇳🇵
Crypto and Web w/@hackasec 🕸️
Blackhat MEA 2023/24/25 CTF Finalist 🎩
BBH at Hacker0x01 🐞🇳🇵
@airindia
Thank you for helping in providing the smooth check-in and arranging seat was really helpful Roni & abhirami.
These PDF editors are functional but each contain a backdoor
➡️https://t.co/MCglS8yOkm
#TamperedChef
#Oyster Loader #MalwareAnalysis is out. Please let me know what you think, if it's helpful, and what needs to be improved on for the next one. Thanks to my colleagues for help on this and the heavy lifting. I learned a lot doing this.
https://t.co/EeHwb2k33N
🚨 How I Traced a Malware Infection in Network Traffic from DNS Query to Data Exfiltration using Wireshark
Incident report summary available below 👇
A thread (🧵)
Before anyone noticed, an infected machine checked its public IP, established a connection with a remote server, and began exfiltrating data. But how did it happen?
Here’s how I uncovered the attack—step by step. 🧵👇
Talking to a friend now I remembered something. Back in 2018, when I started learning about windows internals, me and my friends started this strict habit to take 10 exe/DLLs from System32 directory and just google/read up about them. No fancy hacks, no reversing, nothing. We did this for around 60 days and amount of knowledge just by googling was insane. You dont need books, or courses to learn anything (although I sell a few). Its all about giving a dedicated time to a few things and following it up with discipline. People think about advanced things and get scared. But its always more about how good your fundamentals are. If you have a good understanding of basic fundamentals, everything else becomes much easier to learn.
It has been assigned CVE-2024-30078.
More info here: https://t.co/hsPIquoaFs
A sitcom that follows a group of friends, the up's and down's in the Russian ransomware cyber crime ecosystem, and their ultimate pursuit of love
One of the best Cybersecurity memes I've ever watched. 🤣
I'm gonna start calling this THE FABULOUS FOUR! 😂
Active Directory Advanced Threat Hunting - Compare GPOs with the Security Compliance Toolkit #DFIR
https://t.co/DfEh1xr91h
PingRAT: secretly passes C2 traffic through firewalls using ICMP payloads https://t.co/Yr260cyAr6
@NinjaParanoid Congratulation 👏👏 and all the best 🥳,
Your story inspired and learned a lot
Thank You 🙏.
Took a 2 week break from everything. Finally back. Time for an update to my older blog... "Evading every EDR on the Planet part 2..." SorryNotSorry defenders 🤓
Alternatives to 'whoami.exe'.
COM interface ideas:
- IADsADSystemInfo
- IADsWinNTSystemInfo
- IADsComputer
- WMI COM provider to query 'whoami.exe'
IADsADSystemInfo, IADsWinNTSystemInfo, and IADsComputer are all fundamentally similar in calling syntax and are pretty copy-pasta ish. Windows SDK is kind of a pain though, the GUIDs weren't located easily, so they needed to be manually defined.
Example: https://t.co/b9CJZzkybK
Advapi32 functionality:
- Advapi32!LookupAccountSidW
- Advapi32!LsaLookupSids
LookupAccountSidW is an internal wrapper that calls LsaOpenPolicy, LsaLookupSids, and subsequently LsaFreeMemory. LsaFreeMemory is a wrapper to RtlFreeHeap.
Example: https://t.co/1vFBV9Ib3Y
Other possibilities:
- NpGetUserName - gets the username from a named pipe. Requires spawning a secondary thread, creating a named pipe, connecting to it, impersonating it, ... it is a long story =D
- Offlinesame.dll - Offline sam has a lot of functionality for enumerating users and domains on the machine. This is undocumented and requires a little more work. However, it has been demonstrated loosely by @0gtweet
Example: https://t.co/DbdFNwFBri
tl;dr can't stop thinking about whoami.exe :(
Last Seen Users on Sotwe
TemptressXclusive
Seen from Mexico
คุณ สุธี
Seen from Thailand
I 🫶🏼 SQUIRT
Seen from Indonesia
Dana Vespoli
Seen from Indonesia
نوره
Seen from Netherlands
AARON
Seen from Argentina
Hatice35
Seen from United States
Martinez
Seen from United States
Phạm Tuấn Dương
Seen from Vietnam
evli çift
Seen from Germany
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers