🤓Excited to announce that Visual Threat Intelligence is now available as an ebook! Paperback will follow in a few weeks. There is a 15% launch discount on the eBook with code INTELLALLTHETHINGS. Valid for one week!
#infosec
#threatintel
#cybersecurity
👇
🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)!
I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis…
Windows privileges determine the type of operation a user account can perform on the OS and are sometimes abused by attackers. If you've ever wanted to know what a privilege is for, I've created the ultimate cheat sheet that shows all Windows privileges on one page!🤓
#infosec
Inspired by the work of
@b0rk
, I made a log parsing cheat sheet which is very handy during incident response or threat hunting! You can print it for your office!📌
#infosec
#DFIR
If you like it, follow me for more stuff like this in 2021! 🤓
Okay, I've created an "awesome repository" that lists all the GPTs related to cybersecurity. Take a look – the list is continuously growing and there are already many use cases! Feel free to add yours 👇
#gpt
#infosec
#Agents
🔍If you are looking for a comprehensive overview of the current
#3CX
supply chain attack, I created a diagram that shows the attack flow!💥I'll update as soon as the analysis progresses. Stay tuned for the MacOS edition!
#cybersecurity
#infosec
#supplychainattack
#3CXpocalypse
Visualizing
#cybersecurity
concepts can be a great way to learn more about specific tools, methodologies, and techniques! Here is a thread that shows 6 useful infographics on threat intelligence and related topics!🧵👇
#infosec
#threatintel
1⃣ - Practical Threat Intel
I briefly analyzed
#HermeticWiper
to give an overview of its capabilities. I have deliberately omitted some details for better understanding. I'll update the graphic as my analysis progresses! Hope this will help you understand better the attack!
#infosec
#malware
#cybersecurity
🤗I've written a book! Let me introduce you "Visual Threat Intelligence"
You can register now to stay updated on its release and learn more about it in the link below. I really hope you'll like it! 🥹
#VisualThreatIntelligence
#infosec
#threatintel
👉
Analyzing data leaks is a very interesting Intel challenge, especially when you’re dealing with a foreign language 🤓
The I-SOON leak, which contains mostly PNG files of screenshots of documents, is a good example 🔎
Last night, I created a Notebook to automatically process and…
Just wrote a new reversing tips about IDAPython! Also linked this useful cheat sheet by Pavel Rusanov.👌
👉 blog:
🤓 You can follow me for more RE tips in the future!
#Infosec
#ReverseEngineering
#CyberSecurity
I have released a
#malware
evasion techniques database with the contribution of my friend
@DarkCoderSc
! Check out this post for more details! Feedback welcome, RT if you find it useful! 😊
➡️Blog:
➡️Database:
My friend
@dfirence
created an awesome app called Mitre Assistant where you can visualize all the techniques used by a threat actor and more! Check this out! 👇
#infosec
I published a blogpost that presents ten useful python libraries that I use for malware analysis and reversing (with code examples)!
Which one are you using the most? 🐍
#python
#malware
#cybersecurity
#infosec
I have created a cheatsheet for Yara rules that can be printed for your office! More cheatsheets are available on my Medium. ⬇️
#infosec
#Malware
@yararules
I really like this tool; it is a web interface which allows to decompile a sample and to directly obtain the result in the web page. You have IDA, Ghidra, BinaryNinja, RETdec and many more! And on top of that the code is opensource! 🔍
Interesting new project: 'LOLbin-CTI Driven'. It's an app that visually demonstrates how a LOLbin can be used during an intrusion. And it uses the STIX format. 👍
#infosec
#malware
#lolbin
#threatintel
👉App:
👉Project:
🤖Just experimented with GPT-3 for malware analysis and built a tool that extracts the IAT from a PE file and uses GPT to provide details about imported Windows API. It also searches for related
@MITREattack
techniques.
#malware
#GPT3
#Infosec
#python
I work with
#Jupyter
notebook on a daily base for analysis,
#threatintelligence
and creating workflows! Few months ago, I created a Github page to share some of them! I update it periodically!
Here are the notebooks available 🧵👇
#infosec
#Python
Very interesting project for incident response investigation. It's a compilation of questions an investigator might pose during an incident! There are also some examples scenarios🧐
#DFIR
#infosec
👉
I just came across a tool called AttackGen. It's a simple tool that generates incident scenarios based on a Threat Actor and suggests simulations and possible detections at a high level.
#llm
#python
#threatintel
👉 code:
👉 app:
#100DaysofYara
Day 8: Introducing Yara Toolkit, an online app for all things Yara! 🚀 (It's not really day 8, I spent my weekend on it 😅)
Since we're still early in the challenge, I thought it might be useful for some of you to have a dedicated portal, so I created Yara Toolkit…
🎉Professional announcement: I am thrilled to announce that I recently joined
@Microsoft
as Senior Security Researcher in the Defender Research Team! I will be joining the Melbourne office in the coming months! 🇦🇺🤩
#malware
#ThreatHunting
@msftsecurity
Microsoft DART team described a new malware named Tarrask attributed to Hafnium. This malware creates hidden scheduled tasks, and subsequent actions to remove the task attributes as anti-forensic technique. 🧐
#infosec
#UnprotectProject
#cybersecurity
I did a thing! I created my first GPT named "MagicUnprotect". This GPT is connected to the
#UnprotectProject
knowledgebase. You can ask anything related to evasion techniques! I'll share it when the test is done 🤓
#infosec
#malware
@DarkCoderSc
This new tool is pretty cool, it helps you creating an overview analysis of Microsoft's monthly security updates! And there is an online version! By
@xaitax
🤩
#infosec
#msrc
#Microsoft
🍏Diving into the 3CX Mac OS edition analysis, here is the preliminary diagram of the attack flow. I hope it will give you a broader understanding! I'll update as the analysis progresses! 💥
#3CX
#3CXpocalypse
#infosec
In February, the
#ContiLeaks
was revealed. I wrote an in-depth blog post that shows a methodology for analyzing Conti Jabber logs using Python. Have a look as the code can be applied to multiple data sources.
#threatIntelligence
#infosec
@MsftSecIntel
👇
Binary diffing is a great way to visualize differences and similarities in malware samples. I just posted a blog post explaining how to spot code similarities and take advantage of it to hunt for other malware.
#CyberSecurity
#ThreatIntel
Just made a legal deposit of my book at the Victoria State Library! Expect the book to be available in the coming weeks at the Library of Congress in D.C and the BNF in Paris! 🤩🇺🇸🇦🇺🇫🇷
#infosec
Day
#1
: Starting the
#100DaysOfYARA
challenge with a bit of planning and visualization. Hopefully, this mind map will help you by providing a better overview and some ideas for the challenge! 🤓💡
#infosec
#yara
👉 Blog:
Last week, I wrote a tiny tool based on the
@virustotal
API v3 to generate
#malware
hunting notification report and send it over email, Slack or Telegram! It helps to have a single collection point for multiple hunters!
💻I've published a new blog post where I discuss practical use cases of LLM applied to threat intelligence. Check this out for a real talk about LLM usage for threat intelligence! 🤓
#infosecurity
#threatintel
#cybersecurity
#100DaysOfYara
Day 9: There are so many public rules out there, it's easy to lose track 🤯
I got you covered! In YaraToolkit v0.2, I added a search engine for some rules repositories. Just enter a keyword to find a specific rule 🔍
For now, it supports three public repos, but…
I coded a simple IOCs extractor from an url in Python to show how to extract IOCs from threat report using MSTICpy library! You can play with it in binder and adapt the code if you like! 🤓
@msticpy
#ioc
#python
#Jupyter
#ThreatHunting
🔬Notebook:
I tried to make sense of the backdoor mechanism this time and summarized it in a one-page overview. 😵💫
There's obviously more technical detail to uncover, but you'll get a general understanding of the complexity and the stealthy mechanisms used to remain undetected. 🧐
Thanks…
🧵 Since I published my book 'Visual Threat Intelligence', I've received a lot of feedback from the community about learning concepts through visuals.
🤩 I know that some
#Infosec
peers showcasing their visual expertise.
Stick with me for this thread; it'll be worth it! 🤓
Last week Microsoft released the Digital Defense Report for 2023, here are some key findings:
1️⃣ State of Cybercrime:
🌐 Cybercriminals employ cybercrime-as-a-service for large-scale attacks.
🔑 Rising bypass of multifactor authentication for targeted attacks.
📧 Ransomware…
Deobfuscation is an important part of malware analysis. In my "Reversing Tips" series, I just posted a little article on using FLOSS to quickly deobfuscate strings in a binary with IDA!
#malware
#reverseengineering
4⃣ - Anatomy of a YARA rule - Once you have gained more knowledge of threat intelligence concepts and methodologies, learning to use YARA rules can be very powerful for your threat hunting abilities!🛠️
#yararules
#threathunting
5⃣ - Anatomy of a SIGMA rule - Sigma is another great tool that will help you hunt your logs. While Yara is for file, Sigma is for logs. ⚒️
#sigmarule
#infosec
Sometimes I do infographics that are easy to share to explain
#cybersecurity
concepts. I have posted some of them on this page. It will be updated with future release. 🤓
I stopped the
#100daysofYara
🙈 because I got swamped with other work & life but during my stint with the challenge, I released YaraToolkit and DocYara (which, let's just say, took me quite some time to create). 🤓
🛠️YaraToolkit is your all-in-one Yara go-to spot 🌟—from…
Over the past year, I've written several threads on
#malware
,
#threatintelligence
, and
#Python
. I saved them in my blog, here's one I recently posted on 10 Underrated Resources on Malware Techniques. You can read this thread in a blog format below! 👇
Introducing the Living Off The Land Drivers (LOLDrivers) project, a crucial resource that consolidates vulnerable and malicious drivers in one place to streamline research and analysis.
LOLDrivers enhances awareness of driver-related security risks and…
#100DaysOfYara
Day 11: Let me introduce you to Doctor Yara (DocYara👨⚕️), my latest contribution last night!
DocYara👨⚕️ is a specialized doctor in all things Yara! He can help you heal your rules and give vitamins to your strings! 💊
More seriously, DocYara👨⚕️ is a GPT model…
🧐 That may sound crazy, but the release packages in a GitHub repository can differ from what you'd get by cloning the repository.
This can happen because the repository maintainers or GitHub's processes might include additional modifications or files in the release tarball…
Microsoft identifies nation state activities by chemical element names. This example of nation state actors represents those that were most active in the last year. Our latest Digital Defense Report features more details about recent APT and more!
#ThreatIntelligence
#APT
Visualizing the Conti network with Python can be quite interesting to understand the connection between users! Here is a basic graph realized with Pyvis!🤓
#python
#Contileaks
#infosec
#visualization
Reading all the
#Contileaks
can be a bit time consuming, so I built a simple search engine in Python with Jupyter to search for a specific string occurrence and find only the information you are looking for! 🤓🤓
#MondayMood
#infosec
#ransomware
As part of the recent integration of Sysinternals tools into
@virustotal
, a Jupyter notebook is also available to request the Sysmon data that allows to retrieve and browse information summary and detonation for a given file hash.
#ThreatIntel
#malware
👉