razaborg @razaborg - Twitter Profile

razaborg retweeted

22 days ago

Statement from Mullvad Co-Founder regarding the issues with exit IP's as fingerprinting vector: "As for mitigation, we are already testing a patch of the unintended behavior on a subset of our infrastructure."

CR1337's tweet photo. Statement from Mullvad Co-Founder regarding the issues with exit IP's as fingerprinting vector:

"As for mitigation, we are already testing a patch of the unintended behavior on a subset of our infrastructure."

14

2K

128

502

125K

razaborg retweeted

tmctmt @tmctmt

23 days ago

Mullvad exit IPs are surprisingly identifying https://t.co/JJzrTTG7Uc

55

3K

250

2K

821K

razaborg retweeted

Brian in Pittsburgh @arekfurt

about 1 month ago

Huh. Am I the only one who didn't know that Microsoft makes a tool called EventLogExpert that is supposed to be an improved version of event viewer for IT/helpdesk people? https://t.co/HzSzG1zSO0

arekfurt's tweet photo. Huh.
Am I the only one who didn't know that Microsoft makes a tool called EventLogExpert that is supposed to be an improved version of event viewer for IT/helpdesk people?

https://t.co/HzSzG1zSO0 https://t.co/TMKTBNm7wk

15

888

182

1K

49K

razaborg retweeted

Elastic Security Labs

@elasticseclabs

about 2 months ago

LLMs have gotten good enough at reverse engineering to recover source code from obfuscated binaries with real accuracy. So we asked the obvious next question: how fast and cheap is it to use one to build obfuscation specifically designed to beat it? We benchmarked Claude Opus 4.6 against the Tigress obfuscator across 20 targets first, to map its strengths and failure modes. 40% solve rate. Phase 3 multi-layer combos hit 0%, with cost explosions that killed the runs. Then we ran a dev/test/refine loop to build 3 purpose-built obfuscation variants targeting the same crackme, iterating directly against the model's known weaknesses. The finding: LLM-targeted obfuscation is fast and cheap to develop. Context windows, budget caps, and shortcut biases are all exploitable attack surfaces. The arms race just shifted.

elasticseclabs's tweet photo. LLMs have gotten good enough at reverse engineering to recover source code from obfuscated binaries with real accuracy.

So we asked the obvious next question: how fast and cheap is it to use one to build obfuscation specifically designed to beat it?

We benchmarked Claude Opus 4.6 against the Tigress obfuscator across 20 targets first, to map its strengths and failure modes. 40% solve rate. Phase 3 multi-layer combos hit 0%, with cost explosions that killed the runs.

Then we ran a dev/test/refine loop to build 3 purpose-built obfuscation variants targeting the same crackme, iterating directly against the model's known weaknesses.

The finding: LLM-targeted obfuscation is fast and cheap to develop. Context windows, budget caps, and shortcut biases are all exploitable attack surfaces.

The arms race just shifted.

5

318

88

196

30K

Who to follow

Kaluche

@kaluche_

Red Team 🎯 at @QuarksLab | Windows & Active Directory 💗 | @BreizhCTF co-founder 🚩

Baptiste M.

@Creased_

#RE #Pwn #FPV ~ Learning is endless ~ 🇫🇷 ~ @Synacktiv @AperiKube

fr0g

@fr0gJMP

Insomniac Nerd CyberSecurity Enthusiast / Developer Stocks Trader I love cats

razaborg retweeted

Mandiant (part of Google Cloud) @Mandiant

about 2 months ago

For the first time, Mandiant Academy is bringing our Practical Threat Hunting course to you in person. Join us onsite at the Google Reston office from May 19-21 to master CTI application, the A4 framework, and repeatable hunt methodologies. https://t.co/CsDdA7jhPG

4

139

18

83

15K

razaborg retweeted

Josh Stroschein | The Cyber Yeti

@jstrosch

2 months ago

📢 The FLARE team has launched the FLARE Learning Hub - a free resource to hone your malware analysis and reverse engineering skills! 🛠️ https://t.co/PUHq3IQqV4 The initial launch brings with it: - An in-depth introduction to time-travel debugging (TTD) - A comprehensive Go language reference - An assembly crash course

1

514

129

415

29K

razaborg retweeted

Moritz @m_r_tz

2 months ago

The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at https://t.co/bGCIjBfD3C. Launched with: - Malware Analysis Crash Course - Go Reversing Reference - Intro to TTD

6

1K

402

1K

65K

razaborg retweeted

Boris Larin @oct0xor

2 months ago

Full analysis: https://t.co/yPmKxQGhWt

2

72

9

47

8K

razaborg retweeted

NK @Nikaiw

3 months ago

meet VMkatz, https://t.co/eza4AXRuFT

12

937

245

722

69K

razaborg retweeted

Mehmet Ergene

@Cyb3rMonk

3 months ago

This could be quite interesting and useful for #DFIR, locally on your PC. Maybe Defender timeline downloader + this? 🤔 https://t.co/Xl16rxKLuF

0

46

5

51

6K

razaborg retweeted

PIVOTcon @pivot_con

3 months ago

📣#PIVOTcon26 Agenda is here 🤟 We are thrilled to announce the lineup for this year's speaker lineup. 2⃣days and 19 talks from leading #ThreatResearch experts. The agenda link is in the first comment👇, and the talks and speakers are in the thread.🧵 #CTI #ThreatResearch 1/15

pivot_con's tweet photo. 📣#PIVOTcon26 Agenda is here 🤟 We are thrilled to announce the lineup for this year's speaker lineup.
2⃣days and 19 talks from leading #ThreatResearch experts.
The agenda link is in the first comment👇, and the talks and speakers are in the thread.🧵
#CTI #ThreatResearch
1/15 https://t.co/EVrdwXPEvx

1

23

12

2

3K

razaborg retweeted

Cloudflare Developers

@CloudflareDev

3 months ago

Introducing the new /crawl endpoint - one API call and an entire site crawled. No scripts. No browser management. Just the content in HTML, Markdown, or JSON.

CloudflareDev's tweet photo. Introducing the new /crawl endpoint - one API call and an entire site crawled.

No scripts. No browser management. Just the content in HTML, Markdown, or JSON. https://t.co/DCJMek8cZa

763

20K

2K

25K

11M

razaborg retweeted

TracketPacer

@TracketPacer

3 months ago

manual DHCP

84

5K

545

713

173K

razaborg retweeted

Kostas

@Kostastsale

about 2 years ago

This is awesome! Incredibly useful for IR and beats my handmade notes 😆 Thank you to the folks that made this guide public 🙏 🙏 Get the PDF directly from here 🔗 https://t.co/tXu3Y8oTSJ

Kostastsale's tweet photo. This is awesome! Incredibly useful for IR and beats my handmade notes 😆

Thank you to the folks that made this guide public 🙏 🙏

Get the PDF directly from here 🔗 https://t.co/tXu3Y8oTSJ https://t.co/kwuVtXNwi3

2

307

117

223

24K

razaborg retweeted

Oleg Shakirov @shakirov2036

3 months ago

Kaspersky recently produced a podcast on Operation Triangulation, basically a story of the investigation Things that I haven't seen mentioned elsewhere: — Triangulation malware existed for >10 years — Some technical details similar to the Equation Group https://t.co/rH5jer5aI3

shakirov2036's tweet photo. Kaspersky recently produced a podcast on Operation Triangulation, basically a story of the investigation

Things that I haven't seen mentioned elsewhere:
— Triangulation malware existed for >10 years
— Some technical details similar to the Equation Group

https://t.co/rH5jer5aI3 https://t.co/4ClNNEKUhB

3

133

31

131

31K

razaborg retweeted

nad

@Nadsec11

3 months ago

Reverse-engineered Coruna - a nation-state iOS exploit kit - from raw JavaScript. 28 modules, 500+ XOR strings decoded, 6,596-line teardown. PAC bypass, JIT cage escape, PACDB hash forgery. https://t.co/3nTEVTSXHX https://t.co/KjqGcKMlMe (technical analysis more interesting, read coruna blog post first, technical analysis looks better on github, link on-site)

10

333

65

324

46K

razaborg retweeted

blackorbird

@blackorbird

3 months ago

Coruna: a powerful iOS exploit kit containing 23 exploits across five full exploit chains targeting iPhones running iOS 13 through 17.2.1. The Exploit Kit and implant leave behind plenty of traces. #signature https://t.co/Th5Fk8e32U

blackorbird's tweet photo. Coruna: a powerful iOS exploit kit containing 23 exploits across five full exploit chains targeting iPhones running iOS 13 through 17.2.1.

The Exploit Kit and implant leave behind plenty of traces. #signature
https://t.co/Th5Fk8e32U https://t.co/XBMH3xQBq2

3

174

42

96

59K

razaborg retweeted

Andy Greenberg (@agreenberg at the other places)

@a_greenberg

3 months ago

A full iOS exploit toolkit, "Coruna," has been found in the wild, hacking iPhones that visited infected websites, used by Russian spies targeting Ukrainians and thieves targeting Chinese crypto holders. And it may have been created for the US government. https://t.co/59rIUoevNS

8

710

302

437

101K

razaborg retweeted

Renzon

@r3nzsec

3 months ago

DFIR analysts who use macOS as their daily driver deserve free and native forensic tooling. So I built one. 🍎 Introducing 𝗜𝗥𝗙𝗹𝗼𝘄 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 — a timeline analysis app built from the ground up for Mac-based DFIR folks, forensic investigators, or SOC analysts. Built in appreciation of, and inspired by, Eric Zimmerman’s Timeline Explorer. Every feature in this tool was shaped by real IR casework. Handling massive timelines, parsing artifacts here and there, and pivoting across logs during active investigations. I built IRFlow Timeline to be the native macOS timeline analyzer that actually keeps up with a live case. Every button and view is intentional; if it’s in the app, it’s because I needed it mid-case and realized the standard tools fell short. No dependencies. Zero setup. Just drag, drop, and analyze. #dfir #incidentresponse #timeline #macos #threathunitng #digitalforensics