Marcel SK 🇧🇷🇮🇱

‼️🚨 Microsoft calls this "intended behaviour," so here we go. How to dump the credentials of every user stored in Microsoft Edge: 1. Open Edge. Don't browse anywhere, just open it. 2. Flip to Task Manager, find Edge, expand the task. 3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump." 4. Open the dump file and look for credentials. The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking. Thanks to Rob VandenBrink at SANS: https://t.co/ebtVZxne4L

Automatic PIX Bot (ATS) & FaaS Model Technical analysis of recent videos circulating in fraud groups, cross-referenced with intelligence data, reveals a sophisticated Android malware being sold as a service (FaaS) to drain bank accounts in seconds. Critical Intelligence Insights: 1️⃣ ATS (Automatic Transfer System) Capability: This malware is not just a screen-mirroring tool; it operates as an “Automatic PIX Thief.” Once active, it autonomously scans and executes transfers of the entire available balance, exploiting Accessibility Services and Screen Overlay permissions. 2️⃣ Advanced Evasion: The artifact is promoted as “100% undetectable,” claiming to bypass defenses like Google Play Protect and Kaspersky. It adapts to various social engineering flows (Fake Support/0800) to trick victims into granting critical permissions. 3️⃣ C2 Infrastructure: The “Art the Clown” panel (seen in the video) allows operators to swap destination PIX keys in real-time and monitor successful transfers. Major Brazilian fintechs and banks like PagSeguro, MercadoPago, Iti, C6, PicPay, and Neon are direct targets. 4️⃣ Cybercrime Economy: The business model is structured around rentals ranging from R 1,000 (weekly), with additional social engineering modules sold separately for R$ 200. ⚠️ Note: This analysis is based on the visual context of the videos and collected marketing materials, without inferring actual effectiveness against all banking security layers. Recommendation: Financial institutions should strengthen detection of Accessibility Service abuse and monitor rapid transaction patterns via ATS. #ThreatIntel #CyberSecurity #PIX #FraudPrevention #AndroidMalware #CyberCrime #CTI #FaaS

I want to share a quick thought for people in cyber security. This will be my longest tweet ever. I’ve spoken to many lately who are having an existential crisis from the constant posts about “the end of cybersecurity jobs.” Yes, things are changing quickly. This is a significant moment for the tech industry. Change can be uncomfortable. But we’ve seen cycles like this before. • When GitHub and open source took off, people said software engineers would disappear because code was free. • When AWS and cloud computing emerged, people said infrastructure jobs would vanish. • When fuzzing and SAST tools improved, people said vulnerability research would disappear. • Virtualization would eliminate infrastructure jobs. • Mobile computing was going to end desktop dev. • Exploit mitigations would end exploitability. It didn't. Each time automation improved, the amount of software grew faster than the automation. It does feel "different" this time as it's explosive. Some roles will shrink: • repetitive pentesting • basic vulnerability scanning • tier-1 SOC monitoring But other areas are expanding rapidly: • AI system security • supply chain security • identity architecture • autonomous agent security • critical infrastructure protection Historically, every time we eliminate one class of bugs, new classes emerge. Right now people are vibe-coding entire systems, giving AI access to their machines, crossing trust boundaries, and deploying autonomous agents with excessive permissions. The legal and regulatory world is nowhere close to ready. There will absolutely be new failure modes. Humans are amazing and always adapt, finding new ways to do things. The worst thing you can do right now is fall into a doom loop. ...and I’ll be honest, I too have felt the "psychological paralysis" a few times thinking, “Is this time different?” It's especially impactful when it comes from someone I respect in the community. There are certainly unknowns, in an industry where we've become accustomed to predictability. But... the majority of those reactions are usually driven by social media, not reality. Platforms like X reward engagement, and sensational doom posts spread faster than measured thinking. If you see something like: “Holy #$%^! Opus 66.6 just found every bug in Chrome and replaced 50 startups!” …mute it and move on. Instead: Stay curious. Learn the new technology. Adapt your skillsets. Build things. We’ll get through this transition the same way we always have. If I'm wrong then Sam Altman better be right about UBI! :) I'm sure that if this tweet gets any engagement that I'll get some heat for it, but a good friend of mine reminds me often to focus on what you have control over. I'll revisit this tweet at DEF CON 40!