THC Release 💥: The world’s largest IP<>Domain database: https://t.co/I9OIucDu2T All forward and reverse IPs, all CNAMES and all subdomains of every domain. For free. Updated monthly. Try: curl https://t.co/HUrGIrdpLd Raw data (187GB): https://t.co/GM3L2DJYKF (The fine work

@techspence, @NathanMcNulty I overcame new project-itis and finished (and removed the last few bugs) https://t.co/r5BI5cpmCL It's got a nice GUI, implements the tier model OUs + GPOs, alerts on cross tier violations, lets you bulk move things and creates Tier'd admin accounts

shellcode-mutator - shellcode transformation tool for YARA evasion

Writing LDAP detections off docs can burn you. Andrew Schwartz shows why: what attackers send isn’t what Domain Controllers log. The OID-to-bitwise shift happens in logs—and missing it means dead rules. Detect from log reality, not theory. https://t.co/XyRsRwdcQp

Sandbox-Detection-main.exe under the microscope 🔬🔬🔬 by Joe Reverser. Brand-new trick or a familiar evasion making a comeback? https://t.co/h2A4HYff6k

Unknown malware using WebSockets for botnet command&control, spreading through #ClickFix ⤵️ 🖱️ClickFix -> 📃VBS -> ⚙️MSI Payload delivery host: 🌐 https://t.co/oEUTwYR4jM Malware sample 🤖: https://t.co/KpQF5pjPlR Botnet C2 domains: 📡w2li .xyz 📡w2socks .xyz The same malware

New fav persistence method which works on Win11 25H2: Set the default key's value of HKCU\Software\Classes\CLSID\{18907f3b-9afb-4f87-b764-f9a4e16a21b8}\InprocServer32 to point to a malicious DLL and get shells from multiple programs even before a user logs in.

THC Release: 🎄Smallest SSHD backdoor🎄 - Does not add any new file - Survives apt-update - Does not use PAM or authorized_keys Just SSHD trickery....adds one line only. More at https://t.co/zVCLwmbXv2 👌

DLL Sideloading & Proxying basics: https://t.co/Pj46WZAogs

Multiple people posted today in the morning about backdoored Github repositories, such as for React4Shell Scan repositories or an WSUS Exploits. This one for example is backdoored and will compromise your system once you run it: - https://t.co/hpfxdxcCbE For fun, I analysed the

🍻 You've heard of BYOB, but what about BYO-VM? Earlier this year, Red Canary Intelligence detected an adversary bringing their own QEMU virtual machine (VM) into an environment under the guise of a technical support call following a spam bombing attack. 💣 🖥️ See what

Hide the threat – GPO lateral movement https://t.co/gwPkvXELxY

macos-collector v1.3.0 released today! We have added Spotlight Database File Collection (incl. Live Searches) and BTM Database File Collection. Check it out!🚀 #macOS #MacForensics #DFIR #DigitalForensics #incidentresponse https://t.co/jrUGOmEghD

🔴 LIVE from inside #Lazarus APT's IT workers scheme. For weeks, @BirminghamCyber & @north_scan kept #hackers believing they controlled a US dev's laptop. In reality, it was our sandbox recording everything. See full story and videos ⬇️ https://t.co/gRb7GKIERQ

I wrote a new blog: Hunting reflected .NET assemblies at scale with Velociraptor, detecting CLR patching, and dumping in-memory payloads for triage. #DFIR #Velociraptor https://t.co/C5MJzLHzU6

I'm happy to share a new #BloodHound #OpenGraph extension with the commnunity!! Here's the link : https://t.co/6mp5Qpz2Bo It maps #MITRE ATT&CK. #Sigma and #AtomicRedTeam test all in one graph! More details in the README of the repo!

How do you analyze malware samples that won’t execute or show any behavior in a sandbox? Meet Joe Reverser 💪💪💪 - one of the first agentic automated malware & phishing analyst. Read more: https://t.co/W0vk0mcDiB

In PART 2 of "Critical Strike: China's Hacking Training Grounds," insights reveal a sophisticated Cyber Range setup by China's Ministry of Public Security, designed for training operatives in cyber warfare against foreign digital infrastructures. #Cybers…

Vibe coding last week, I wanted to automate some AD techniques in a single tool. Currently supports ESC1/4 (with strong mapping), ShadowCreds, UnPAC, LAPS, Kerberoast (and targeted), RBCD (just set, no S4U2Self/Proxy yet) more features coming https://t.co/oU2CZWkMir

Detecting AnyRun sandbox more sandbox detection coming out in the future. Link : https://t.co/av7cLC8NCq