Olivia
Online
eric ([email protected])
@invoke_eric
Cybercrime Threat Intelligence | Posts are not my employer's
cyberspace
Joined January 2021
62 Following
222 Followers
49 Posts
https://t.co/k1Nm6ADxn0 Great collaboration between CrowdStrike Services and CrowdStrike Intelligence @realparisi
.@CrowdStrike has observed an increase in the targeting of #Telco and #BPO industries from a financially-motivated adversary SCATTERED SPIDER.
Mobile carrier networks are targeted, and in some cases SIM swapping has been confirmed. #infosec #dfir
https://t.co/ENVh6BGgBE
A #jupyter notebook for triaging HTML files https://t.co/AoAjn8lVbj perhaps useful for anyone in #threatintelligence investigating phishing campaigns
a day in the life of cyber threat intelligence analysts #cyberbakeoff
Interesting #LOTS (Living Off Trusted Sites) that seems perfect for threat actors https://t.co/9aAhfw81tP: "Files are stored for 3 days and can be downloaded only once." - add that one to your threat hunting leads
https://t.co/Ebwe3UhY2W IMO a good explanation of the #LOLBIN runonce.exe /AlternateShellStartup (https://t.co/SbfiK4EJKK)
@urlscanio API usage example + #jq: curl "https[:]//urlscan[.]io/api/v1/search?q=domain:hivnd[.]com%20AND%20NOT%20page.domain:hivnd[.]com" | jq -r '.results[].task.url' - good for e.g. hunting formjacking victims
Hello #ThreatIntelligence community, here is a #jupyter notebook to triage infrastructure using the @virustotal API https://t.co/76qr7KvyRz
quick #dailyyara: xml.res file referencing external content (not necessarily malicious)
rule r{
strings:
$ = /Relationship Id="[a-zA-Z0-9]{3,6}" Type="http[s]?:\/\/[^"]{4,200}" Target="http[s]?:\/\/[^"]{4,80}" TargetMode="External"/
condition: all of them
}
OneDrive URLs have cid values unique to each user https://t.co/2MZLGIG2oC; this can be useful for #threathunting purposes, as some adversaries reuse the same cid across multiple campaigns.
Not all @censysio HTTP header fields are indexed, so if you try to search for these field names, you will get an error. However, you can still search the values using services.http.response.headers.unknown.value. This usually works.
Hello dear #ThreatIntelligence community, here are a couple basic #jupyter notebooks for triaging infrastructure using @censysio or @PassiveTotal APIs https://t.co/qbeMVTkYuO with the power of Pandas
Here is a @PassiveTotal python CLI client (https://t.co/G8xUyYTTxR) jq one-liner for βjust give me all the resolutionsβ
pt-client pdns --query YOUR_DOMAIN_OR_IP_HERE | jq -r '.results[] | select(.recordType == "A") | {resolve} | join("")'
#dailyyara tip I got from @larsborn - if your YARA rule is not for binaries (e.g. if it is for scripts), add a printability check under the condition, e.g.: and for all i in (1..100) : (uint8(i) != 0x0)
if you are not using https://t.co/rgSnQGAOPg, you don't know what you are missing
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers