TomU | I'm still here... til the end 🕊️🇨🇭
@c_APT_ure
Followers
8K
Following
111K
Media
849
Statuses
16K
#InfoSec professional, husband & father of two (in random order). #BlueTeam #DFIR #APT #CTI #RedTeaming #BSidesZH (RT/Likes ≠ endorsement) 👀➡️#MalwareChallenge
Switzerland
Joined October 2010
I finally got around doing a brief blog post about "DESKTOP-group" to link together different resources available. It's now been 4 years since we started tracking them. #DESKTOPgroup.
I guess it's official now. Will be presenting my (still ongoing research) about "DESKTOP-group" at @Botconf .Thu 12/5 @ 9am seems like a tough spot 🤔. Still looking for collaboration on research.If interested please apply.#BotConf
3
7
27
RT @malmoeb: In a recent incident response case, threat actors escalated from a compromised Ivanti appliance to full Domain Admin privilege….
0
40
0
RT @0x534c: 🚨 2.3M users compromised. 18 Chrome & Edge extensions—once trusted, verified, even featured—turned into malware via silent upd….
0
43
0
RT @elormkdaniel: A system was completely locked up by malware. Antivirus failed. We had no access to the hard drive….But we had one thing:….
0
158
0
RT @malmoeb: During a recent incident response case, we observed the following file access: \\localhost\C$\@ GMT-2025.06.21-10.53.43\Window….
0
216
0
RT @MalGamy12: New Challenge on PureLogs Stealer. A fresh analysis challenge is now live. This time, you're lookin….
0
14
0
RT @PyroTek3: Want to detect Kerberoasting with no false positives?. Setup a honeypot account for detection following the guidance in this….
0
61
0
RT @C5pider: Introducing Havoc Professional: A Lethal Presence. We’re excited to share a first look at Havoc Professional, a next-generatio….
0
179
0
RT @anyrun_app: ⚠️ Alert triage is a constant race for telling actual threats apart from false positives. Check out our actionable tips fo….
0
2
0
RT @nas_bench: New Sigma release r2025-07-08 is available for download. 🌟43 New Rules.🛡️34 Rule updates.🔬27 Rule Fixes. Explore the full r….
0
37
0
RT @JAMESWT_WT: #netsupport #rat #update #tagged . Samples👇. thanks @skocherhan .cc @500mk500 @k3dg3 . HashList.htt….
0
6
0
RT @0x534c: Spider Web Trail. If Check Point’s latest findings on Scattered Spider are accurate, then the 26 newly registered domains in….
0
14
0
RT @RooCon_AU: Have you tracked an adversary, uncovered a novel TTP, or perfected an analytic technique? 🕵️♂️. The Call for Papers for Roo….
0
8
0
RT @elormkdaniel: I analyzed a .pcapng file with Wireshark to demonstrate to my students how much data an attacker can see when a user visi….
0
105
0
RT @CyberGhost13337: A new clickfix technique, FileFix, developed by @mrd0x, is being used in the wild—poorly. Website tersmoles[.]com del….
0
47
0
RT @0x534c: 🚀 launched ~1.5 weeks ago and already hit: 👥 3K+ members 🛡️ 182+ detections (KQL, Sigma, YARA, Splun….
0
19
0
RT @threatray: ⚡ Exciting Update ⚡. We're thrilled to announce our new partnership with @nextronsystems to take YARA rule development and m….
0
6
0
RT @Gi7w0rm: Reminder everyone that time and time again its individual/crowdsourced effort that safes our internet. Individual People like….
0
17
0
RT @nas_bench: As detection engineers we are limited by the capabilities of the tooling we work with, be it the query language or the colle….
0
23
0
RT @DEATHCon2025: Great list of resources for anyone getting started in #detectionengineering (h/t to Richard Akroyd for creating this lis….
0
23
0
RT @vxunderground: Dear Red Team nerds,. If you're curious what a successful and serious malware campaign looks like (if you want to make a….
0
293
0