I don’t care @nomaddictionary - Twitter Profile

nomaddictionary retweeted

NK @Nikaiw

3 months ago

meet VMkatz, https://t.co/eza4AXRuFT

12

937

245

722

69K

nomaddictionary retweeted

blackorbird

@blackorbird

4 months ago

About AI Recommendation Poisoning https://t.co/ZAMn03d8On

1

27

6

15

3K

nomaddictionary retweeted

International Cyber Digest

@IntCyberDigest

5 months ago

🚨‼️Telnet has a critical vulnerability that was introduced in 2015 and has been recently patched The vulnerability allows attackers to remotely authenticate as root without user interaction. A PoC has already been released.

IntCyberDigest's tweet photo. 🚨‼️Telnet has a critical vulnerability that was introduced in 2015 and has been recently patched

The vulnerability allows attackers to remotely authenticate as root without user interaction. A PoC has already been released. https://t.co/EyrLpQmsHR

24

802

152

338

84K

nomaddictionary retweeted

blackorbird

@blackorbird

6 months ago

#Calisto Group Phishing TTPs & IOCs Update https://t.co/BRQfjbAsMv

0

44

15

30

7K

Who to follow

embersunn

@embersunn

I am second † SWE in Cloud | Streamer | Java

Marco Casassa Mont

@MCasassaMont

BMT Fellow | Principal Cyber Security Consultant, Senior Manager | Architect | MSc, BSc, ChCSP, CISM, CISSP, CCSP | #Technologist #Strategy #Innovation #Cyber

jex

@Jaxon1177

Im at the stage in life where I stay out of arguments. Even if you say 1+1=5, you’re right. Have fun.

nomaddictionary retweeted

The Cyber Security Hub™

@TheCyberSecHub

6 months ago

Code-formatters expose thousands of secrets from banks, govt, tech orgs https://t.co/JoM86sihpo #Security

1

2

0

618

nomaddictionary retweeted

Steven Lim

@0x534c

7 months ago

𝗢𝘂𝘁𝗹𝗼𝗼𝗸 𝗦𝘁𝗮𝗿𝘁𝘂𝗽 𝗣𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝗲 𝘃𝗶𝗮 𝗥𝗲𝗴𝗶𝘀𝘁𝗿𝘆 𝗠𝗼𝗱𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 (T1112) Recent research (e.g., Splunk’s NotDoor Insights) highlights that adversaries can achieve persistence in Microsoft Outlook by modifying the registry key 𝗟𝗼𝗮𝗱𝗠𝗮𝗰𝗿𝗼𝗣𝗿𝗼𝘃𝗶𝗱𝗲𝗿𝗢𝗻𝗕𝗼𝗼𝘁. When enabled, this setting forces Outlook to automatically load any configured VBA macros at startup, granting attackers a reliable foothold on the compromised system. This technique aligns with 𝗠𝗜𝗧𝗥𝗘 𝗔𝗧𝗧&𝗖𝗞 𝗧1112 (𝗠𝗼𝗱𝗶𝗳𝘆 𝗥𝗲𝗴𝗶𝘀𝘁𝗿𝘆) and represents a stealthy persistence mechanism. Detection opportunities include monitoring for: - Creation or modification of the 𝗟𝗼𝗮𝗱𝗠𝗮𝗰𝗿𝗼𝗣𝗿𝗼𝘃𝗶𝗱𝗲𝗿𝗢𝗻𝗕𝗼𝗼𝘁 registry value - Unexpected macro execution during Outlook startup - Correlation with known malware families such as NotDoor, which leverage this method to maintain access Implementing the below KQL detection rule for this registry modification can help defenders identify and disrupt malware that abuses Outlook for persistence. #Cybersecurity #OutlookPersistence #T1112

0x534c's tweet photo. 𝗢𝘂𝘁𝗹𝗼𝗼𝗸 𝗦𝘁𝗮𝗿𝘁𝘂𝗽 𝗣𝗲𝗿𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝗲 𝘃𝗶𝗮 𝗥𝗲𝗴𝗶𝘀𝘁𝗿𝘆 𝗠𝗼𝗱𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 (T1112)

Recent research (e.g., Splunk’s NotDoor Insights) highlights that adversaries can achieve persistence in Microsoft Outlook by modifying the registry key 𝗟𝗼𝗮𝗱𝗠𝗮𝗰𝗿𝗼𝗣𝗿𝗼𝘃𝗶𝗱𝗲𝗿𝗢𝗻𝗕𝗼𝗼𝘁. When enabled, this setting forces Outlook to automatically load any configured VBA macros at startup, granting attackers a reliable foothold on the compromised system.

This technique aligns with 𝗠𝗜𝗧𝗥𝗘 𝗔𝗧𝗧&𝗖𝗞 𝗧1112 (𝗠𝗼𝗱𝗶𝗳𝘆 𝗥𝗲𝗴𝗶𝘀𝘁𝗿𝘆) and represents a stealthy persistence mechanism. Detection opportunities include monitoring for:

- Creation or modification of the 𝗟𝗼𝗮𝗱𝗠𝗮𝗰𝗿𝗼𝗣𝗿𝗼𝘃𝗶𝗱𝗲𝗿𝗢𝗻𝗕𝗼𝗼𝘁 registry value
- Unexpected macro execution during Outlook startup
- Correlation with known malware families such as NotDoor, which leverage this method to maintain access

Implementing the below KQL detection rule for this registry modification can help defenders identify and disrupt malware that abuses Outlook for persistence.

#Cybersecurity #OutlookPersistence #T1112

0

84

18

70

8K

nomaddictionary retweeted

blackorbird

@blackorbird

7 months ago

Evasion Techniques: Human Behavior Mimicry in Android Malware Herodotus distinguishes itself from most device takeover malware families by incorporating human behavior simulation during remote control sessions. This technique is designed to evade behavioral biometric detection systems, which typically flag automated or robotic interactions as suspicious. https://t.co/SNjkvIiITx

blackorbird's tweet photo. Evasion Techniques: Human Behavior Mimicry in Android Malware

Herodotus distinguishes itself from most device takeover malware families by incorporating human behavior simulation during remote control sessions.

This technique is designed to evade behavioral biometric detection systems, which typically flag automated or robotic interactions as suspicious.
https://t.co/SNjkvIiITx

0

35

19

12

4K

nomaddictionary retweeted

H4x0r.DZ 🇰🇵

@h4x0r_dz

8 months ago

Is this real or a joke CVE-2025-55315 ? https://t.co/9fUTjaTjuF Core is vulnerable to http request smuggling !!!! And why is no one talking about it? https://t.co/o7darxqsL5

h4x0r_dz's tweet photo. Is this real or a joke CVE-2025-55315 ? https://t.co/9fUTjaTjuF Core is vulnerable to http request smuggling !!!!

And why is no one talking about it?

https://t.co/o7darxqsL5 https://t.co/b9nZASxnHu

10

471

69

269

37K

nomaddictionary retweeted

0x0smilex @0x0smilex

8 months ago

F5 BIG-IP RCE: A trivial TMUI flaw led to RCE. Need to quickly audit your own company's exposure? Use the specific Shodan dork: title:"BIG-IP&reg;" org:"[Your Company's Legal Name]" 👈 Patch now. #BIGIP #RCE #Exploit #Security #BugBounty #bugbountytips

0x0smilex's tweet photo. F5 BIG-IP RCE: A trivial TMUI flaw led to RCE. Need to quickly audit your own company's exposure? Use the specific Shodan dork: title:"BIG-IP&reg;" org:"[Your Company's Legal Name]" 👈 Patch now. #BIGIP #RCE #Exploit #Security #BugBounty #bugbountytips https://t.co/tJgOntfgZg

9

444

85

233

24K

nomaddictionary retweeted

blackorbird

@blackorbird

8 months ago

#APT35 Hunting & IOCs + Rules https://t.co/Q1HAOWjbdi

1

90

25

33

9K

nomaddictionary retweeted

maia arson crimew gay facts and tea @awawawhoami

10 months ago

new completely unedited-written-at-7am-no-sleep blog post (im so sorry @RhinozzCode) where i drop a fairly useless 0day i've been holding onto for a while now https://t.co/vPn0cKj1cw

15

434

24

106

172K

nomaddictionary retweeted

Steven Lim

@0x534c

10 months ago

𝗛𝘂𝗻𝘁𝗶𝗻𝗴 𝗘𝘅𝗽𝗼𝘀𝗲𝗱 𝗠𝗖𝗣 𝗦𝗲𝗿𝘃𝗲𝗿 🤖 🚨 Trend Micro found 492 MCP servers exposed online—no auth, no encryption. These act as backdoors to sensitive data like cloud resources, customer info & internal tools. 🔓 90% allow direct read access via natural language—no coding needed to exfiltrate data. https://t.co/hWajEzytpT Exposed MCP servers pose a risk for organizations utilizing them. The below KQL identify the list of endpoints running MCP Server with the risk exposure associated.🔥 https://t.co/D3oH6ExoIN #Cybersecurity #MCPServer #ExposureManagement

0x534c's tweet photo. 𝗛𝘂𝗻𝘁𝗶𝗻𝗴 𝗘𝘅𝗽𝗼𝘀𝗲𝗱 𝗠𝗖𝗣 𝗦𝗲𝗿𝘃𝗲𝗿 🤖

🚨 Trend Micro found 492 MCP servers exposed online—no auth, no encryption. These act as backdoors to sensitive data like cloud resources, customer info & internal tools.

🔓 90% allow direct read access via natural language—no coding needed to exfiltrate data.

https://t.co/hWajEzytpT

Exposed MCP servers pose a risk for organizations utilizing them. The below KQL identify the list of endpoints running MCP Server with the risk exposure associated.🔥

https://t.co/D3oH6ExoIN

#Cybersecurity #MCPServer #ExposureManagement

2

251

56

215

25K

nomaddictionary retweeted

Johann Rehberger

@wunderwuzzi23

10 months ago

💥 Remote Code Execution in GitHub Copilot (CVE-2025-53773) 👉 Prompt injection exploit writes to Copilot config file and puts it into YOLO mode, then we get immediate RCE 🔥 Bypasses all user approvals 🛡️ Patch is out today. Update before someone else does it for you

11

1K

213

574

117K

nomaddictionary retweeted

ZoomEye

@zoomeye_team

10 months ago

Top 5 RMM Tools #1 | Overview & Why It Matters https://t.co/AXqNrP2BO2 released stats on the 5 most exploited Remote Monitoring & Management (RMM) tools in H1 2025 — see chart Why should we care about them? Because: ● They reveal attackers' favorite backdoor channels ● Help blue teams identify potential backdoors and malicious implants ● Enable threat hunting via ZoomEye with precise queries This thread will break down each tool with exploitation patterns & search tips. #MalwareThreats #phishing #ZoomEye #cybersecurity #OSINT

zoomeye_team's tweet photo. Top 5 RMM Tools #1 | Overview & Why It Matters

https://t.co/AXqNrP2BO2 released stats on the 5 most exploited Remote Monitoring & Management (RMM) tools in H1 2025 — see chart
Why should we care about them?

Because:
● They reveal attackers' favorite backdoor channels
● Help blue teams identify potential backdoors and malicious implants
● Enable threat hunting via ZoomEye with precise queries

This thread will break down each tool with exploitation patterns & search tips.

#MalwareThreats #phishing #ZoomEye #cybersecurity #OSINT

1

7

2

4

916

nomaddictionary retweeted

Nils @nilsxor

10 months ago

Did you know a GeoJSON containing all country borders is only 1MB? Small enough to search in real-time

438

20K

1K

13K

2M

nomaddictionary retweeted

blackorbird

@blackorbird

10 months ago

Cobalt Strike Beacon delivered via GitHub and social media DLL Hijacking Crash reporting Send Utility BsSndRpt.exe + BugSplatRc64.dll Preference: Malicious profiles on popular online platforms https://t.co/uyBFDVRVH6

blackorbird's tweet photo. Cobalt Strike Beacon delivered via GitHub and social media
DLL Hijacking Crash reporting Send Utility
BsSndRpt.exe + BugSplatRc64.dll
Preference:
Malicious profiles on popular online platforms
https://t.co/uyBFDVRVH6 https://t.co/UM8HjHRD22

0

104

35

11K

nomaddictionary retweeted

blackorbird

@blackorbird

11 months ago

#Darkhotel #DarkSeal The malicious North Korean input method installer "hana9.30_x64_9.exe" 72.10.160[.]162:443 94.242.61[.]116:443 https://t.co/AR3J3Chuuy