Greg Leah

@powershellcode

Hunting #malware and #C2 frameworks.

British Columbia, Canada

Ikut January 2018

1.2K Mengikuti

754 Pengikut

242 Postingan

Greg Leah @powershellcode

2 bulan yang lalu

Call for Beta Testers We’re looking for beta testers for our new CTI Maltego Transforms. If you have a Maltego Professional license and want early access in exchange for feedback, reply here or DM us. #Maltego #CTI #ThreatIntelligence #DFIR

PrecisionSec @precisionsec

2 bulan yang lalu

We’re opening beta access to our new CTI @MaltegoHQ Transforms. Built to help analysts pivot through high-confidence threat intelligence directly inside Maltego. If you have a Maltego Professional license and are interested,reply here or DM us. #ThreatIntelligence #CTI #DFIR

precisionsec's tweet photo. We’re opening beta access to our new CTI @MaltegoHQ Transforms.

Built to help analysts pivot through high-confidence threat intelligence directly inside Maltego.

If you have a Maltego Professional license and are interested,reply here or DM us.

#ThreatIntelligence #CTI #DFIR https://t.co/89qd6uFqFy

0

1

0

0

384

0

2

1

0

345

Greg Leah @powershellcode

3 bulan yang lalu

@threatintel Also using "DocuSign Shared File"

0

0

0

0

21

Greg Leah @powershellcode

sekitar 2 tahun yang lalu

Join me at @BSidesVancouver on May 26 for my workshop "Precision #ThreatHunting: Unveiling Adversary Infrastructure using Free and Open Source Tools," designed to teach participants techniques for discovering and analyzing adversary infrastructure. Only 6 seats left! #OSINT

powershellcode's tweet photo. Join me at @BSidesVancouver on May 26 for my workshop "Precision #ThreatHunting: Unveiling Adversary Infrastructure using Free and Open Source Tools," designed to teach participants techniques for discovering and analyzing adversary infrastructure. Only 6 seats left! #OSINT https://t.co/G6Vnh6rvvI

0

3

3

0

2K

Greg Leah @powershellcode

sekitar 2 tahun yang lalu

@sjhilt Yea man I was saying I literally haven’t seen that in years

0

0

0

0

1K

Siapa yang Harus Diikuti

Threat Intel as a reverse-engineer in Crimeware domain. Dubbed "Malware Mangler" by TheRegister. [email protected]

Suspicious Link

I'm just here for the malware and the memes

Malware Analyst. Malware Addict.

Greg Leah @powershellcode

sekitar 2 tahun yang lalu

@NoLogsNoCrime 💯 what a game

0

1

0

0

1K

Greg Leah @powershellcode

sekitar 2 tahun yang lalu

@VanCitySec ✋

0

0

0

0

962

Greg Leah @powershellcode

lebih dari 2 tahun yang lalu

@BCFerries Update that this is running again would have been appreciated

0

0

0

0

767

powershellcode di-retweet

Gigs @ Shmoo @Gigs_Security

lebih dari 2 tahun yang lalu

Today is 123123

1

7

4

0

2K

Greg Leah @powershellcode

lebih dari 2 tahun yang lalu

Captured a screenshot of a live #panel of the #Ermac 3.0 #Android #bot builder. Some interesting functionality here: ✅ #C2 connection URL ✅ Backend encryption key ✅ Crypt the #apk ✅ Emulator blocking ✅ Custom icon ✅ Build with a clean app #malware

powershellcode's tweet photo. Captured a screenshot of a live #panel of the #Ermac 3.0 #Android #bot builder. Some interesting functionality here:

✅ #C2 connection URL
✅ Backend encryption key
✅ Crypt the #apk
✅ Emulator blocking
✅ Custom icon
✅ Build with a clean app

#malware https://t.co/8KDfgyqoCU

1

2

0

0

1K

Greg Leah @powershellcode

lebih dari 2 tahun yang lalu

Interesting interview with the author of #Amadey loader, which is consistently one of the top malware families observed in the wild recently

lebih dari 2 tahun yang lalu

A few days ago, #Amadey owner and I did a brief interview. We talk about past, present and future of the infamous #Amadey Loader, one of the biggest products in the MaaS environment. Something worth a read. Please find it at: https://t.co/D3Md7vgUim

2

38

20

8

5K

0

2

0

0

1K

Greg Leah @powershellcode

lebih dari 2 tahun yang lalu

Excited to present "ChatGPT for Security Analysts" at #BSidesCalgary tomorrow! I will be exploring using AI to streamline #securityanalyst workflows - from #malwareanalysis to #threatintelligence and #threathunting. See you there! #ChatGPT #AI

0

1

0

0

825

Greg Leah @powershellcode

lebih dari 2 tahun yang lalu

@VanCitySec 👋

0

2

0

0

562

powershellcode di-retweet

BSides Vancouver Island @BSidesVI

lebih dari 2 tahun yang lalu

Don't miss the chance to speak at BSides Vancouver Island! The CFP is closing this week, we want to hear from you. Apply now at https://t.co/E0eZ3LhPKN and get ready to rock the stage!

0

5

5

0

878

Greg Leah @powershellcode

hampir 3 tahun yang lalu

@ViriBack @g0njxa @JAMESWT_MHT @fastfire @ChrisUeland @0xrb Very low detection on VT with quite a few related samples dating back to 2023-06-10: https://t.co/KOCNfQ8jMD https://t.co/srY8g40hwV https://t.co/VOgQT2WANI

powershellcode's tweet photo. @ViriBack @g0njxa @JAMESWT_MHT @fastfire @ChrisUeland @0xrb Very low detection on VT with quite a few related samples dating back to 2023-06-10:

https://t.co/KOCNfQ8jMD
https://t.co/srY8g40hwV
https://t.co/VOgQT2WANI https://t.co/RwfZJW73QE

0

3

0

0

285

Greg Leah @powershellcode

hampir 3 tahun yang lalu

A few active #RisePro #stealer #c2 panels: hxxp://194.169.175[.]128:8081/login hxxp://38.47.220[.]202:8081/login hxxp://79.110.49[.]141:8081/login @ViriBack @g0njxa @JAMESWT_MHT @fastfire @ChrisUeland @0xrb #threathunting #malware

powershellcode's tweet photo. A few active #RisePro #stealer #c2 panels:

hxxp://194.169.175[.]128:8081/login
hxxp://38.47.220[.]202:8081/login
hxxp://79.110.49[.]141:8081/login

@ViriBack @g0njxa @JAMESWT_MHT @fastfire @ChrisUeland @0xrb

#threathunting #malware https://t.co/L3cmwXHxcj

4

16

4

2

3K

Greg Leah @powershellcode

hampir 3 tahun yang lalu

Some additional #IcedID #malware IPs from a related .pdf campaign: 80.77.23[.]154 80.77.23[.]155 80.77.23[.]170 80.77.23[.]176 80.77.23[.]64 91.240.202[.]190 91.240.202[.]195 pdf name: Document_[mm_dd]_[number].pdf

powershellcode's tweet photo. Some additional #IcedID #malware IPs from a related .pdf campaign:

80.77.23[.]154
80.77.23[.]155
80.77.23[.]170
80.77.23[.]176
80.77.23[.]64
91.240.202[.]190
91.240.202[.]195

pdf name: Document_[mm_dd]_[number].pdf https://t.co/gZiAnkeWFd

Mangusta @Tac_Mangusta

hampir 3 tahun yang lalu

#IcedID spotted also in #italy 🇮🇹 - campaign ID 2704445589 mail(old conv) > .pdf > url > .zip> .exe 🔥skofilldrom.]com

Tac_Mangusta's tweet photo. #IcedID spotted also in #italy 🇮🇹 - campaign ID 2704445589

mail(old conv) > .pdf > url > .zip> .exe

🔥skofilldrom.]com https://t.co/xAsAGn3Rva

1

27

6

1

12K

0

23

6

5

4K

Greg Leah @powershellcode

hampir 3 tahun yang lalu

@NoLogsNoCrime @VanCitySec 🤚 see you tonight!

1

3

1

0

134

Greg Leah @powershellcode

hampir 3 tahun yang lalu

0

0

0

0

29

Greg Leah @powershellcode

hampir 3 tahun yang lalu

Did some hunting based on this excellent share by @0xperator and was able to find another active #Rhadamanthys #Stealer #c2 panel: hxxp://185.228.234[.]189:443/admin/console/index.html cc @ViriBack @0xrb

powershellcode's tweet photo. Did some hunting based on this excellent share by @0xperator and was able to find another active #Rhadamanthys #Stealer #c2 panel:

hxxp://185.228.234[.]189:443/admin/console/index.html

cc @ViriBack @0xrb https://t.co/FANWWKUydO

0

28

4

3

5K

Greg Leah @powershellcode

hampir 3 tahun yang lalu

@TLP_R3D @josh_penny 45.154.98.244 was also a #Redline Stealer C2 recently: https://t.co/wcaI8qGXl5 https://t.co/AugobZasi9

0

4

0

0

268

Pengguna Terakhir Terlihat di Sotwe

Tren untuk Anda

Pengguna Paling Populer