Olivia
Online
Sergi Ortega
@x0rPE
Threat Intelligence, Threat Hunting, Incident Response and RE/Malware Analyst, that's me.
between call and retn
Joined July 2012
690 Following
265 Followers
1.7K Posts
Scales, the eBPF malware targeting ArchLinux
https://t.co/k3E5LhsT65
New HackTricks tools at https://t.co/8SyfmsEHk1:
- Request to update outdated HT pages with the researcher tool
- Use the API for RAG-ready best matches from hacktricks
- Access the HT AI chatbot via API
- ...
The new Pentester plan is live, and every tool includes a free tier.
⚠️ A new ClickFix variant abuses Win+R to mount a remote WebDAV drive and run malware.
It launches a trojanized WorkFlowy Electron app that beacons to C2 every 2 seconds. @Atos says it bypassed Microsoft Defender and surfaced only through threat hunting.
🔗 Inside: WebDAV trick + ASAR injection → https://t.co/8q593ZbwZR
Google & partners disrupted IPIDEA, one of the world's largest residential proxy networks, reducing its device pool by millions.
This infrastructure was leveraged by over 550 distinct espionage and cybercrime groups.
Full report + IOCs here:
https://t.co/2GAnvawRwl
Who to follow
RussianPanda 🐼 🇺🇦 
@RussianPanda9xx
badass @HuntressLabs | Researcher @ https://t.co/vqtwIGbXlW | Malware Addict | Volunteer @TheDFIRReport | YouTube: https://t.co/N8bPp4P37z
S2
@sisoma2
Threat Intelligence Researcher at @symantec | Former @Trellix | Malware Analyst | Threat Intel | APT Hunter | CTF Player @Ripp3rsCTF | Opinions are my own
Matthew
@embee_research
Security Researcher, Creating and Sharing Educational Content.
🦖An interesting Velociraptor artifact to scope Virtualisation Worker process and looking at handles to disk images. We are interested in unusual location or small disk size.
🔎Artifact: https://t.co/2Nk9MFfye0
🛡️Reference: https://t.co/8ximseQWko
@velocidex
New #KQL query to hunt for a masqueraded #OysterLoader / #Broomstick dropper (e.g.: MSTeamsSetup.exe), focusing on binaries with short-lived certs from the Downloads folder:
https://t.co/PXkcra0OlJ
Inspired by findings from @SquiblydooBlog , Conscia and yours truly obviously.
My team colleague, Yann Malherbe, wrote an in-depth blog post about the Automation of VHDX Investigations with 🦖. Enjoy.
https://t.co/UxCXtfJb4a
🚨 New Report: #TA BQTlock #Ransomware Analysis
Our #Threat Research team breaks down this emerging hacktivist-criminal #RaaS (+90 pages) 👇👇👇
🔗Report: https://t.co/GeYPBHb0Tx
#malware #CTI #reverseengineering #RE #MalwareAnalysis
I just released MFTool, an NTFS parser that builds an in-memory map of a volume, allowing you to:
- Read any file without opening a handle
- Get the contents of locked/deleted files (registry hives, pagefile.sys, etc)
- Perform fast, in-memory searches across the entire disk
🔗👇
Interesting report from Sophos covering malicious Velociraptor use 🔎 https://t.co/GuUqLO64o0
Checking out this msi: 💾
• they used Velociraptor version 0.73.4.
• Server likley installed on ~04/08/2025 10:03:15 (self signed certificate)
• v2.msi - https://t.co/QaegngD9hP
As the article suggested unexpected processes communicating to workers\.dev would detect this particular instance.
I also created a Velociraptor inception artifact a while ago to find unauthorised instances that uses yara and other methods https://t.co/kl7ZBNFTGE
@velocidex
RIP to all the detection rules leveraging RunMRU. Time to go back to the drawing board!
𝗭𝗲𝗿𝗼 𝗖𝗹𝗶𝗰𝗸, 𝗢𝗻𝗲 𝗡𝗧𝗟𝗠: 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗣𝗮𝘁𝗰𝗵 𝗕𝘆𝗽𝗮𝘀𝘀
A newly discovered zero-click vulnerability, CVE-2025-50154, bypasses a Microsoft patch, allowing attackers to steal NTLM hashes without user interaction. Microsoft has issued patch in August Patch Tuesday and here's a KQL to detect this bypass. .🫡
https://t.co/DBrJZyRceQ
https://t.co/try0CTqdeN
Detection: https://t.co/6uPWdVCxKU
#cybersecurity #vulnerability #NTLMLeak
#APT #Patchwork #DroppingElephant #WhiteElephant #threat #malware #BADNEWS
📍🇮🇳
💥🇵🇰🌏
⛓️ #Phishing > LNK | XLSX (MSC) + JS > Download > Bait doc + exe > Task > exe extract dll + Load > #RAT > Info Collection > #C2 (Mythic)
🔗360 Threat Intelligence: https://t.co/bDTaIZjIFE
I didn't want to drop a new *Fix naming variant on you guys, but there you go.
All jokes aside, it was a great collab with @Octoberfest73. Awesome person and really helps you push the limits when researching and testing💪
🚨#DarkCloud, New research of this #malware #stealer. Seen in numerous campaigns, hits companies and users for all kinds of information🚨
🔗Full Analysis: https://t.co/es70EHJqB3
#RE #intel #threat #malwareanalysis #infosec #cti
New samples of previously-unseen UMBRELLA STAND & SHOE RACK malware just landed on VirusTotal!
These custom implants target Fortinet FortiGate firewalls, reinforcing a growing trend we've seen during the past years: router exploitation as a long-term foothold and stealth access.
UMBRELLA STAND:
* Hooks reboots, uses ldpreload for stealth
* AES-encrypted fake TLS C2
* Attackers deploy BusyBox, tcpdump, nbtscan...
SHOE RACK:
* Reverse SSH tunnel over fake SSH-1.1.3
* Uses DNS-over-HTTPS to locate C2
* Based on modified open-source Go tooling
Both tools are typically found together, likely used by an unknown China-nexus actor (also see the famous Dutch COATHANGER report and overlap).
BTW, great job by @NCSC for sharing the detailed teardown, IOCs, YARA rules and now the samples!
🔐 Just dropped: New AWS Upskill Challenge on @JustHackingHQ
Learn AWS Security & the Shared Responsibility Model in a quick, hands-on, totally FREE challenge.
✔️ Key concepts
✔️ Practical steps
✔️ Fast quiz
👉 Join now: https://t.co/8YyqIMNJ5C
Thank you for coming to my TED talk 🎤
Don't forget to enable your EID4688 (WITH COMMAND LINE LOGGING FOR THE LOVE OF), increase the EVTX logsize, enable PowerShell logging and remove that stupid random service account from Domain Admins.
And FFS, put MFA on your effin VPN.
#HuntingTipOfTheDay: there are numerous open-source projects listing cyber threats. Some of these have easily ingestible indicators... how about:
🔵 https://t.co/I38LfZj57B + LOLBINs
🟠 https://t.co/h8pZknUNBE + DLL write events
🟢 https://t.co/Ajzqbm7bXE + DNS requests
Last Seen Users on Sotwe
Hicham Alger
Seen from Egypt
้อยากดูป.6ส่งคลิปตอนชักว่าวมา
Seen from Indonesia
ได้หมด รุ่นแม่
Seen from Thailand
米斯特文
thích thun bóng
Seen from Vietnam
رنوه السودانيه 🇸🇩 🔥🍑
Seen from United States
Tala
Seen from Switzerland
BJ ALEX
Seen from Philippines
Cultulu
Seen from Germany
Gay Deepthroat
Seen from Italy
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers