The US isolation is including stopping sharing cyber #threatintel.

RT @g0ttfrid: [ CajuSec2025 ]. Ingressos: CFP: CFS: DM

RT @ACEResponder: How Stuxnet worked. #ThreatHunting #DFIR

RT @leanpub: Accelerated Linux Disassembly, Reconstruction and Reversing, Second Edition by Dmitry Vostokov is on sale on Leanpub! Its sugg….

RT @VideoGameHstry: DOOM is now playable in a PDF file

RT @g0ttfrid: CFP aberto pro CajuSEC 2025.

The first versions of Coyote #malware use a combination of Base64 and AES encryption, now, the new versions are using Base64 encoded twice.

Some #Phishing websites try to steal your credentials with fake login pages which show the logo of the domain passed in the parameter. One example is hxxps://secure[.]adnxs[.]com/clktrb?id=<id_number>&redir=hxxps://kmgsuwasewa[.]lk/khfe/jbfv?.email=<user>@<domain>

RT @OSINTDojo: Shout out to @netonightmare for earning their new #OSINT Shogun badge! First one awarded in the new year. 🎉.

RT @patrickwardle: Interested in all the new macOS malware of 2024!? 🍎🐛. I've started my annual "The Mac Malware of <Insert Year>" report.….

I wrote a blog post about the basics of ROP chain. #ReverseEngineering #ExploitDevelopment #ROPChain.

Google promoting fake Correios websites in Gmail. #GoogleAds #Phishing

Couldn't get a photo with focus with the moment that the pacemaker was controlled remotely.

I've been analyzing the code of the pacemaker hacked in the Homeland series but, so far, didn't find any information if it's a valid code.

e-notas[.]com/dsdrk/inspecionando[.]php.e-notas[.]com/zizaobrita/inspecionando[.]php.ebaoffice[.]com[.]br/cito/inspecionando[.]php.ebaoffice[.]com[.]br/imagens/bo/inspecionando[.]php.rodovalhoadvogados[.]com[.]br/657890/inspecionando[.]php.

109[.]110[.]184[.]252/ar/inspecionando[.]php.109[.]110[.]184[.]31/exercito/inspecionando[.]php.142[.]171[.]135[.]63/matrix/7/inspecionando[.]php.142[.]171[.]227[.]163/matrix/inspecionando[.]php.164[.]92[.]92[.]132/dan/inspecionando[.]php.35[.]172[.]214[.]51/inspecionando[.]php.

Newly observed URLs associated to CHAVECLOAK 🇧🇷.This brazilian banking trojan uses DLL-Side loading and communicates with URLs ending in inspecionando[.]php.#Malware #Trojan #C2. URLs below in the comments. 👇.

It downloads a LNK file with the description "This shortcut is part of a controlled security simulation conducted by the Red Team.". Same file seen here: @malwrhunterteam @1ZRR4H

E-mail addresses in the format <name>.<surname>@[a-z0-9]{5}.domain.URLs in the format hxxps://<IP>.host.secureserver.net/[a-z0-9]{10}/[a-z0-9]{7}_<email>/curriculo_OUTUBRO_2024_[a-z0-9]{15}_curriculo_<day>10(_<num>){0,1}.

#Phishing October campaign related to a fake CV, targeting brazilian users. 🇧🇷.E-mail addresses and URL formats in the comment below.