Paul Rascagnères
@r00tbsd
Followers
17K
Following
8K
Media
26
Statuses
292
Lord of Loaders at @Volexity | Mastodon account: 🐘 @[email protected] | Bsky @r00tbsd.bsky.social
World
Joined April 2010
We released a blogpost concerning #StromBamboo (aka Evasive Panda). @volexity was involved in an incident where the attackers compromised an ISP to poison the customers' DNS requests to hijack software updates (using the HTTP protocol): https://t.co/kaykYDxamh 1/3
volexity.com
In mid-2023, Volexity detected and responded to multiple incidents involving systems becoming infected with malware linked to StormBamboo (aka Evasive Panda, and previously tracked by Volexity under...
4
33
80
We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post:
volatilityfoundation.org
Visit the post for more.
3
157
356
Congratulations to all of the Volatility contributors - this was no small feat! We are proud to be a sustaining sponsor of this important open-source project that remains the world’s most widely used memory forensics platform. #dfir
We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post:
0
5
14
.@Volexity #threatintel: Multiple Russian threat actors are using Signal, WhatsApp & a compromised Ukrainian gov email address to impersonate EU officials. These phishing attacks abuse 1st-party Microsoft Entra apps + OAuth to compromise targets. https://t.co/31cinaoDfB
#dfir
1
63
200
Check out this great research and new open source tool by our threat intel team!
Today, @Volexity released GoResolver, open-source tooling to assist reverse engineers with obfuscated Golang samples. @r00tbsd & Killian Raimbaud presented details at INCYBER Forum earlier today. Learn how GoResolver works + where to download it: https://t.co/dZ4hNUBK1I
#dfir
1
3
12
Today, @Volexity released GoResolver, open-source tooling to assist reverse engineers with obfuscated Golang samples. @r00tbsd & Killian Raimbaud presented details at INCYBER Forum earlier today. Learn how GoResolver works + where to download it: https://t.co/dZ4hNUBK1I
#dfir
1
49
119
📣 Oops!... They did it again!!! 61 Talks submitted and so many too good that, once again, we had to increase a bit the number of accepted talks. 🔥 #PIVOTcon25 Agenda is finally here, and the caliber is insane!!! Check it out ➡️ link below in second post #CTI #ThreatIntel 1/19
2
20
32
.@Volexity recently identified multiple Russian threat actors targeting users via #socialengineering + #spearphishing campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: https://t.co/LLXhY0FJRi
#dfir #threatintel #m365security
volexity.com
Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack...
1
51
100
This talk is a great way to watch/listen to the details behind the work @stevenadair, @5ck, @tlansec + @volexity’s #threatintel & IR teams did to investigate the Nearest Neighbor Attack. The related blog post is here:
volexity.com
In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever...
We were happy to have @Volexity’s @stevenadair & @5ck present “The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access” for the #FTSCon Keynote in October. The video of their talk is now available here: https://t.co/0yi29E4Zsf.
#dfir
0
4
13
.@Volexity has developed a new #opensource tool, “HWP Extract”, a lightweight Python library & CLI for interacting with Hangul Word Processor files. It also supports object extraction from password-protected HWP files. Download here: https://t.co/WbOVktrmpA #dfir #threatintel
github.com
A library and cli tool to extract HWP files. Contribute to volexity/hwp-extract development by creating an account on GitHub.
1
39
84
Just gave a talk about the Nearest Neighbor Attack at #CYBERWARCON and had a great time detailing our findings. This was a lot of great work by our @Volexity team and special thanks to @5ck and @tlansec for the long hours working on it! Def. one of our wildest #DFIR engagements!
.@Volexity’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target, while the attacker was halfway around the world. https://t.co/R3aKyrjVYR
#dfir
4
18
98
.@Volexity’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target, while the attacker was halfway around the world. https://t.co/R3aKyrjVYR
#dfir
volexity.com
In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever...
6
175
384
@stevenadair and I presented on this last month at #FTSCon (IYKYK). Steven is also presenting today @CYBERWARCON. Really excited to finally share this research publicly! It's probably one of the more crazy/interesting IR engagements we've ever worked! #DFIR #ThreatIntel
.@Volexity’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target, while the attacker was halfway around the world. https://t.co/R3aKyrjVYR
#dfir
1
10
17
.@Volexity has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: https://t.co/mHBdbpIcdI
#dfir #threatintel
volexity.com
In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s...
0
50
83
2
2
8
There are only a few tickets left for #FTSCon & we are planning to close registration Monday! We are excited to see all of you & hear great talks by amazing speakers from across the industry. Register here: https://t.co/8ee3K4Kdk0
#dfir
events.humanitix.com
From The Source - Hosted by the Volatility Foundation
0
5
6
We are hiring! Come join @Volexity's Threat Detection team. This is a SOC-type role with purview across our customers to identify suspicious & malicious activity using our telemetry across network, EDR/AV, email, logs & more! Take a look!
volexity.com
Career Opportunity: Volexity is currently looking to hire Threat Detection & Response Analyst to join its rapidly growingservices team.
1
23
48
@tlansec @volatility And here is another opportunity to hear a talk from @Volexity at #FTSCon on October 21: Steven Adair (@stevenadair) and Sean Koessel (@5ck ) will present "The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access" https://t.co/iZ5wvRGHjW
We are excited to announce the opening keynote for #FTSCon: @Volexity's Steven Adair & Sean Koessel will present "The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access". Event details + how to register: https://t.co/xfDn513usL
#dfir
0
5
3
We are excited to announce the opening keynote for #FTSCon: @Volexity's Steven Adair & Sean Koessel will present "The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access". Event details + how to register: https://t.co/xfDn513usL
#dfir
0
6
15
We're hiring @Volexity! Details can be found at the job posting below 👇 https://t.co/tKI7g089I7 Don't hesitate to reach out with questions!
volexity.com
Career Opportunity: Volexity is currently looking to hire Threat Detection & Response Analyst to join its rapidly growingservices team.
0
4
6