Olivia
Online
After years of work, I'm excited to share Cirro! It maps your Azure environment beyond permissions, showing how resources themselves interact. I built it to visualize the full attack surface, not just the management plane. https://t.co/kEW2kkqTpN #Azure #Security #CloudSecurity
Also, https://t.co/4NeQC9pNFm ๐
webshell, bat, powershell, side load
post ex, drop 3 files- 3p signed host exe, side load dll, encrypted stage
In July 2024, #ESETresearch discovered that the ๐จ๐ณ-aligned #FamousSparrow APT group, thought at the time to have been inactive since 2022, compromised the network of a ๐บ๐ธ trade group and a ๐ฒ๐ฝ research institute. https://t.co/Lceo7DA2HE 1/5
boku loader, ekko/cronos/foliage, anti sandbox via openCL GPU execution, and domain generation algorithm (DGA)
โ ThreatLabz has discovered a new sophisticated malware threat that we have named CoffeeLoader. The malware is a loader that implements numerous stealthy techniques to evade antivirus and EDRs via call stack spoofing, sleep obfuscation, and Windows fibers. The malware is also protected using a packer that leverages GPU code to thwart sandboxes and virtual environments. On the network side, CoffeeLoader implements a custom encrypted binary protocol, uses a DGA as a backup channel, and performs certificate pinning to prevent TLS introspection.
CoffeeLoader is currently being distributed through SmokeLoader and the two share some interesting behavioral similarities.
Read our full technical analysis here: https://t.co/35CML5fG5z
(1/n): In a recent engagement, I had to audit a legacy C,C++ code base which is older than me. Some things I did and you can do to traverse large codebases with ease:
Oh, look! A technological gift from our adversaries!
TL; DR
objcopy supports redefining symbol names in object files using the --redefine-sym or --redefine-syms flag
I'm trying to get better at keeping up with and publishing more on my blog. Here's a new post I just released on "Writing Beacon Object Files Without DFR" https://t.co/khMuKLdv7S
Fun with Google Cloud's default service accounts (and how to leverage them for offensive purposes)
https://t.co/tCeGtjqsGn
This is the 23rd 'exploited-as-0day' issue in Microsoft products this year ๐
@evilsocket Not gonna lie, I lost it at this meme:
I'm really excited to finally be able to share this.
So not only do they ban researchers from competing internationally, punish by law if a discovered vulnerability is not reported to gov first to decide if it will be a weapon or public knowledge, but they're also supposedly doing some Ender's Game CTFs with their universities?
Google Chrome implemented an update that caused a major outage in cookie collection from infostealers, and users are experimenting several issues
Vidar talks about the usage of "a TPM module for encryption"
Vidar, Lumma and StealC are already working on this issue to fix it
Alright, so MSRC told me they couldn't reproduce the two bugs I recently discovered in Excel despite I have provided the full write-up and stack trace etc. Guess for the 1st time I have to make screen videos for them.. Sigh..
How not to host your 2nd stage:
- straight up sheelcode in a file hosted publicly to all
How TO host it:
- obfuscate it (encode and/or encrypt)
- hide it (make it look like all the rest)
- protect it (access controls)
Bonus: key your damn stager
This is what I mean when I say working with MSRC is degrading. They want everything: write up, stack traces, PoC, exploit source, analysis, life advice, approval on anything you will ever publish. In return they will patch your bug whenever they feel like it and not tell you
I don't give a F about your points. Pay me, don't scam me.
I was able to takeover many NS zones of root domain https://t.co/aIzPvYO3hV. I created many subdomains serving web content in domains like https://t.co/VZ2l38GVWt, also using valid email addresses with sender 1/2
the world's most important software maker ๐
@nullenc0de Yeah just don't forget to disable truff's auto validation, THAT'S ON BY DEFAULT ๐คฏ, or you'll be spamming your secrets all over the place
@TheLotRadio fred again... overmono gone?!? ๐ญ๐ญ
Last Seen Users on Sotwe
Like muscle
Seen from Indonesia
Islamabad
Seen from Pakistan
passmud jilbob
Seen from Indonesia
Popper Lover (เนเธญเธเนเธซเธกเน) 
Seen from Thailand
ๆธ
็ง็ง(ไบๆจ ็ฉๅ
ทๆต่ฏ)
Dillon Stone
Seen from Greece
Tom
Seen from United Kingdom
h
Shawn Mendes Brasil
Seen from Sweden
ุญุตุฑูุงุช ูุงู
ูู
Seen from United Kingdom
Most Popular Users
Elon Musk
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.4M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers