Shanholo
@ShanHolo
Followers
2K
Following
5K
Media
827
Statuses
3K
Another blue team member…..#CSIRT #DFIR #Malware #4n6 #ThreatIntel and following the white rabbit...
127.0.0.1
Joined November 2019
To succeed to must first improve. To improve, you must first practice. To practice, you must first learnt. To learn you may first fail. .
1
0
11
I'll be back soon with more interesting cyber stuff (I hope so 😉) for sharing with the community. Thanks for following me!! 🤜🤛.
0
2
7
When you leave your attack logs on a 🚨#Opendir #Malware 🚨. hxxp://185.117.0.206/. How interesting is and so many things to learn about their TTPs and targets. The rest of the files are #CryptoMiners
1
5
22
4⃣hxxps://hotel-fear-named-lived.trycloudflare.com/.5⃣hxxps://removing-build-governor-searching.trycloudflare.com/
1
0
1
#DFIR #CSIRT #SOC. Great post about the CVE-2025-53770 #SharePoint #Vulnerability ⤵️. First #Webshell found in some servers were exploited➡️ .📦spinstall0.aspx .🔥IOCs: 02b4571470d83163d103112f07f1c434.
research.eye.security
On the evening of July 18, 2025, Eye Security was the first in identifying large-scale exploitation of a new SharePoint remote code execution (RCE) vulnerability chain in the wild. Read how we found...
I hope you all enjoyed the weekend. 🔥CVSS:9.8🔥. "Active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers". 20-7-25. Monitor for POSTs requests to: /_layouts/15/ToolPane.aspx?DisplayMode=Edit.
1
5
14
I hope you all enjoyed the weekend. 🔥CVSS:9.8🔥. "Active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers". 20-7-25. Monitor for POSTs requests to: /_layouts/15/ToolPane.aspx?DisplayMode=Edit.
Microsoft is aware of active attacks targeting on-premises SharePoint Server customers, exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770. We have outlined mitigations and detections in our blog. Our team is working urgently to release.
0
0
4
3⃣Using the Non-Sucking Service Manager (NSSM), the actor installed #Pinggy as a Windows service setting up a reverse tunnel on port 443. 4⃣TA deploy #RemCom Hack tool. MD5:545230e24b8f2312123917b73235471a.
github.com
Remote Command Executor: A OSS replacement for PsExec and RunAs - or Telnet without having to install a server. Take your pick :) - kavika13/RemCom
0
1
3
#Intrusion #Summary. 1⃣Detected malicious activity against a domain controller (DC). 2⃣TA deployed a tool named #Pinggy to create reverse tunnels. MD5:545230e24b8f2312123917b73235471a.
1
3
9
#DFIR #CSIRT #SOC . Did you already knew the tool DFIR-IRIS? . DFIR-IRIS, a collaborative platform aiming to help incident responders to share technical details during investigations. And. It's free!! 😉.
github.com
Collaborative Incident Response Platform - Initiated by Airbus Cybersecurity - DFIR-IRIS
0
0
3
Please @Namecheap would you mind to have a look please? 😉. airbus.germanywork.[org.boeing.germanywork.[org.
1
0
2
Clear example how a piece of #Malware uses the schedule task for persistence mechanism executing itself each minute. And 📡#C2 communication. with ⤵️hxxp://www.ambiopharmconsultingltd.com:1515/
So #wshrat is alive and well:. c2: http://www.ambiopharmconsultingltd\.com:1515/is-ready.
0
1
11
🚨#Opendir #Malware🚨. hxxps://www.retirify.sbs/quote.html. ⚠️Unknown #Downloader and executes.☣️PromoVoucher.vbs➡️77e83f759e3c3eb6cda2279a592cc880⤵️.🎁hxxps://www.wgetfiles.com/f/cj.exe.⚠️.☣️cj.exe➡️de75733b488852e0c14bf913c71cca01⤵️.📡104.207.148.168:8080
2
7
26
