marktsec
@marktsec.bsky.social
💫Threat Intel💫 Automation💫 Threat Analysis 💫OSINT💫 Testing 💫Network Security💫
https://github.com/marktsec
https://github.com/marktsec
Network Espionage – Using Russian Cameras as Proxies
hackers-arise.com/network-espi...
hackers-arise.com/network-espi...
Network Espionage – Using Russian Cameras as Proxies, Part 2 – Hackers Arise
hackers-arise.com
December 29, 2025 at 11:32 AM
Network Espionage – Using Russian Cameras as Proxies
hackers-arise.com/network-espi...
hackers-arise.com/network-espi...
Stealc v2.10.0 update:
Fix ensuring reliable Steam token theft, a major overhaul of the worker panel (multi-build support, cookie restore, build editing), more stable admin sessions via cookies, and expanded API permissions.
#ThreatIntel #infosec
Fix ensuring reliable Steam token theft, a major overhaul of the worker panel (multi-build support, cookie restore, build editing), more stable admin sessions via cookies, and expanded API permissions.
#ThreatIntel #infosec
December 27, 2025 at 4:49 PM
Stealc v2.10.0 update:
Fix ensuring reliable Steam token theft, a major overhaul of the worker panel (multi-build support, cookie restore, build editing), more stable admin sessions via cookies, and expanded API permissions.
#ThreatIntel #infosec
Fix ensuring reliable Steam token theft, a major overhaul of the worker panel (multi-build support, cookie restore, build editing), more stable admin sessions via cookies, and expanded API permissions.
#ThreatIntel #infosec
🚨"GLOBAL" RaaS source code is for sale🚨
The offer includes a full RaaS ecosystem:
• Windows locker (C++)
• Linux locker (Golang)
• ESXi locker (pure C, daemonized)
• File stealer
• Advert & affiliate panels
#ThreatIntel #infosec
The offer includes a full RaaS ecosystem:
• Windows locker (C++)
• Linux locker (Golang)
• ESXi locker (pure C, daemonized)
• File stealer
• Advert & affiliate panels
#ThreatIntel #infosec
December 26, 2025 at 12:34 PM
🚨"GLOBAL" RaaS source code is for sale🚨
The offer includes a full RaaS ecosystem:
• Windows locker (C++)
• Linux locker (Golang)
• ESXi locker (pure C, daemonized)
• File stealer
• Advert & affiliate panels
#ThreatIntel #infosec
The offer includes a full RaaS ecosystem:
• Windows locker (C++)
• Linux locker (Golang)
• ESXi locker (pure C, daemonized)
• File stealer
• Advert & affiliate panels
#ThreatIntel #infosec
MacOS stealer “MioLab” is being marketed as a full-featured info-stealing platform.
🔑Claimed capabilities:
Native C stub (~100KB), x64 + ARM64, macOS Sierra → Tahoe
#ThreatIntel #infosec
🔑Claimed capabilities:
Native C stub (~100KB), x64 + ARM64, macOS Sierra → Tahoe
#ThreatIntel #infosec
December 24, 2025 at 6:19 PM
MacOS stealer “MioLab” is being marketed as a full-featured info-stealing platform.
🔑Claimed capabilities:
Native C stub (~100KB), x64 + ARM64, macOS Sierra → Tahoe
#ThreatIntel #infosec
🔑Claimed capabilities:
Native C stub (~100KB), x64 + ARM64, macOS Sierra → Tahoe
#ThreatIntel #infosec
NtKiller is being advertised as a tool that silently terminates AV/EDR.
🔧Claimed functionality:
Works with HVCI/VBS/Memory Integrity
Persistence by killing security tools on launch
Optional silent UAC bypass and kernel rootkit
Compatible with C2 frameworks
#ThreatIntel #infosec
🔧Claimed functionality:
Works with HVCI/VBS/Memory Integrity
Persistence by killing security tools on launch
Optional silent UAC bypass and kernel rootkit
Compatible with C2 frameworks
#ThreatIntel #infosec
December 24, 2025 at 6:12 PM
NtKiller is being advertised as a tool that silently terminates AV/EDR.
🔧Claimed functionality:
Works with HVCI/VBS/Memory Integrity
Persistence by killing security tools on launch
Optional silent UAC bypass and kernel rootkit
Compatible with C2 frameworks
#ThreatIntel #infosec
🔧Claimed functionality:
Works with HVCI/VBS/Memory Integrity
Persistence by killing security tools on launch
Optional silent UAC bypass and kernel rootkit
Compatible with C2 frameworks
#ThreatIntel #infosec
POORTRY Still Active in 2025: The Microsoft Signing Crisis That Won't Go Away
portal.magicsword.io/blog/poortry...
portal.magicsword.io/blog/poortry...
MagicSword | Prevent Modern Malware Attacks
Stop malware-free attacks with agentless, AI-driven application control. Block what's abused, allow what your business needs.
portal.magicsword.io
December 24, 2025 at 8:24 AM
POORTRY Still Active in 2025: The Microsoft Signing Crisis That Won't Go Away
portal.magicsword.io/blog/poortry...
portal.magicsword.io/blog/poortry...
Entra Id Log Analyzer Turning Raw Logs Into Stories
cyberdom.blog/entra-id-log...
cyberdom.blog/entra-id-log...
Entra ID Log Analyzer: Turning Raw Logs into Stories
The Entra ID Log Analyzer was built to fix that pain. It’s a browser-based analysis tool that parses, enriches, and visualizes authentication telemetry directly from Entra ID logs. There’s no SIEM dep...
cyberdom.blog
December 21, 2025 at 5:46 AM
Entra Id Log Analyzer Turning Raw Logs Into Stories
cyberdom.blog/entra-id-log...
cyberdom.blog/entra-id-log...
8 Million Users' AI Conversations Sold for Profit by "Privacy" Extensions
www.koi.ai/blog/urban-v...
www.koi.ai/blog/urban-v...
8 Million Users' AI Conversations Sold for Profit by
www.koi.ai
December 17, 2025 at 12:07 PM
8 Million Users' AI Conversations Sold for Profit by "Privacy" Extensions
www.koi.ai/blog/urban-v...
www.koi.ai/blog/urban-v...
Azure Seamless SSO: When Cookie Theft Doesn’t Cut It
specterops.io/blog/2025/12...
specterops.io/blog/2025/12...
Azure Seamless SSO: When Cookie Theft Doesn’t Cut It - SpecterOps
The cookie crumbled when it expired, but the attack path didn’t. Learn how BloodHound graph analysis and Azure Seamless SSO enabled pivoting into the cloud.
specterops.io
December 15, 2025 at 11:19 AM
Azure Seamless SSO: When Cookie Theft Doesn’t Cut It
specterops.io/blog/2025/12...
specterops.io/blog/2025/12...
PowerShell 5.1: Preventing script execution from web content.
Windows PowerShell 5.1 now displays a security confirmation prompt when using the Invoke-WebRequest command to fetch web pages without special parameters.
support.microsoft.com/en-us/topic/...
Windows PowerShell 5.1 now displays a security confirmation prompt when using the Invoke-WebRequest command to fetch web pages without special parameters.
support.microsoft.com/en-us/topic/...
PowerShell 5.1: Preventing script execution from web content - Microsoft Support
support.microsoft.com
December 15, 2025 at 10:50 AM
PowerShell 5.1: Preventing script execution from web content.
Windows PowerShell 5.1 now displays a security confirmation prompt when using the Invoke-WebRequest command to fetch web pages without special parameters.
support.microsoft.com/en-us/topic/...
Windows PowerShell 5.1 now displays a security confirmation prompt when using the Invoke-WebRequest command to fetch web pages without special parameters.
support.microsoft.com/en-us/topic/...
Browser Hijacking: Three Technique Studies
www.gdatasoftware.com/blog/2025/11...
www.gdatasoftware.com/blog/2025/11...
Browser Hijacking: Three Technique Studies
If you are searching for technical information on how browser hijacking works, there does not seem to be much out there apart from generic removal instructions. This might be an educational gap we sho...
www.gdatasoftware.com
December 15, 2025 at 10:46 AM
Browser Hijacking: Three Technique Studies
www.gdatasoftware.com/blog/2025/11...
www.gdatasoftware.com/blog/2025/11...
Thousands of Exposed Secrets Found on Docker Hub, Putting Organizations at Risk
flare.io/learn/resour...
flare.io/learn/resour...
Thousands of Exposed Secrets Found on Docker Hub - Flare
In a month, we found Docker Hub images that contained leaked secrets (including live credentials to production systems) from over 100 companies.
flare.io
December 12, 2025 at 8:17 PM
Thousands of Exposed Secrets Found on Docker Hub, Putting Organizations at Risk
flare.io/learn/resour...
flare.io/learn/resour...
Ransomware group posts a “shutdown” notice, claiming they’ve gone silent since a recent event and now plan to disappear from forums. They offer free decryption only to hospitals & schools.
December 10, 2025 at 7:04 PM
Ransomware group posts a “shutdown” notice, claiming they’ve gone silent since a recent event and now plan to disappear from forums. They offer free decryption only to hospitals & schools.
Compromising Developers with Malicious Extensions - VS Code, Cursor AI, and the Backdoor You Didn't See Coming
mazinahmed.net/blog/publish...
mazinahmed.net/blog/publish...
Compromising Developers with Malicious Extensions - VS Code, Cursor AI, and the Backdoor You Didn't See Coming
Compromising Developers with Malicious Extensions - VS Code, Cursor AI, and the Backdoor You Didn't See Coming.
mazinahmed.net
December 10, 2025 at 6:53 AM
Compromising Developers with Malicious Extensions - VS Code, Cursor AI, and the Backdoor You Didn't See Coming
mazinahmed.net/blog/publish...
mazinahmed.net/blog/publish...
🚨 Nova Ransomware Update:
Nova operators announced locker rewritten in ADA/SPARK and targeting Windows, Linux, and ESXi.
The group boasts Rust-like techniques, enhanced evasion, and even a so-called “safe mode.”
#ThreatIntel #Ransomware #MalwareAnalysis
Nova operators announced locker rewritten in ADA/SPARK and targeting Windows, Linux, and ESXi.
The group boasts Rust-like techniques, enhanced evasion, and even a so-called “safe mode.”
#ThreatIntel #Ransomware #MalwareAnalysis
December 8, 2025 at 6:09 PM
🚨 Nova Ransomware Update:
Nova operators announced locker rewritten in ADA/SPARK and targeting Windows, Linux, and ESXi.
The group boasts Rust-like techniques, enhanced evasion, and even a so-called “safe mode.”
#ThreatIntel #Ransomware #MalwareAnalysis
Nova operators announced locker rewritten in ADA/SPARK and targeting Windows, Linux, and ESXi.
The group boasts Rust-like techniques, enhanced evasion, and even a so-called “safe mode.”
#ThreatIntel #Ransomware #MalwareAnalysis
CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far
www.greynoise.io/blog/cve-202...
www.greynoise.io/blog/cve-202...
CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far
GreyNoise is already seeing opportunistic, largely automated exploitation attempts consistent with the newly disclosed React Server Components (RSC) “Flight” protocol RCE—often referred to publicly as...
www.greynoise.io
December 7, 2025 at 5:56 AM
CVE-2025-55182 (React2Shell) Opportunistic Exploitation In The Wild: What The GreyNoise Observation Grid Is Seeing So Far
www.greynoise.io/blog/cve-202...
www.greynoise.io/blog/cve-202...
Living Off the Land: Windows Post-Exploitation Without Tools
xbz0n.sh/blog/living-...
xbz0n.sh/blog/living-...
Living Off the Land: Windows Post-Exploitation Without Tools
I'll never forget one of my first red team engagements where I learned this lesson the hard way. I'd spent two days carefully phishing my way into a financia...
xbz0n.sh
December 6, 2025 at 9:45 AM
Living Off the Land: Windows Post-Exploitation Without Tools
xbz0n.sh/blog/living-...
xbz0n.sh/blog/living-...
🚨 Update for Stealc v2.9.0:
• Steam token collection restored, now pulled directly from local files (no process injection), enabling multi-account token harvesting.
• New data targets: Perplexity “Comet” browser & IndexedDB for all MetaMask versions.
#infosec #threatintel
• Steam token collection restored, now pulled directly from local files (no process injection), enabling multi-account token harvesting.
• New data targets: Perplexity “Comet” browser & IndexedDB for all MetaMask versions.
#infosec #threatintel
December 6, 2025 at 9:02 AM
🚨 Update for Stealc v2.9.0:
• Steam token collection restored, now pulled directly from local files (no process injection), enabling multi-account token harvesting.
• New data targets: Perplexity “Comet” browser & IndexedDB for all MetaMask versions.
#infosec #threatintel
• Steam token collection restored, now pulled directly from local files (no process injection), enabling multi-account token harvesting.
• New data targets: Perplexity “Comet” browser & IndexedDB for all MetaMask versions.
#infosec #threatintel
Hide the threat – GPO lateral movement
www.intrinsec.com/hide-the-thr...
www.intrinsec.com/hide-the-thr...
Hide the threat - GPO lateral movement
Learn how to perform and understand lateral mouvement though GPO mechanism during pentest and red team assessments.
www.intrinsec.com
November 28, 2025 at 10:31 AM
Hide the threat – GPO lateral movement
www.intrinsec.com/hide-the-thr...
www.intrinsec.com/hide-the-thr...
Sophisticated Water Gamayun APT Group Attack
www.zscaler.com/blogs/securi...
www.zscaler.com/blogs/securi...
In-Depth Analysis: Water Gamayun APT Multi-Stage Attack Uncovered
Zscaler Threat Hunting team analyzes Water Gamayun APT’s multi-stage attack exploiting MMC, fake PDFs, and obfuscation to deliver hidden malware.
www.zscaler.com
November 28, 2025 at 7:38 AM
Sophisticated Water Gamayun APT Group Attack
www.zscaler.com/blogs/securi...
www.zscaler.com/blogs/securi...
You’re invited: Four phishing lures in campaigns dropping RMM tools
redcanary.com/blog/threat-...
redcanary.com/blog/threat-...
You’re invited: Four phishing lures in campaigns dropping RMM tools | Red Canary
Joint research from Red Canary Intelligence and Zscaler threat hunters spotlights phishing campaigns dropping RMM tools
redcanary.com
November 28, 2025 at 7:36 AM
You’re invited: Four phishing lures in campaigns dropping RMM tools
redcanary.com/blog/threat-...
redcanary.com/blog/threat-...
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
krebsonsecurity.com/2025/11/meet...
krebsonsecurity.com/2025/11/meet...
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the ...
krebsonsecurity.com
November 27, 2025 at 1:27 PM
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
krebsonsecurity.com/2025/11/meet...
krebsonsecurity.com/2025/11/meet...
Inside DPRK’s Fake Job Platform Targeting U.S. AI Talent
www.validin.com/blog/inside_...
www.validin.com/blog/inside_...
Inside DPRK’s Fake Job Platform Targeting U.S. AI Talent | Validin
Inside DPRK’s Fake Job Platform Targeting U.S. AI Talent
www.validin.com
November 26, 2025 at 7:23 AM
Inside DPRK’s Fake Job Platform Targeting U.S. AI Talent
www.validin.com/blog/inside_...
www.validin.com/blog/inside_...
APT41 Cyber Attacks: History, Operations, and Full TTP Analysis
www.picussecurity.com/resource/blo...
www.picussecurity.com/resource/blo...
APT41 Cyber Attacks: History, Operations, and Full TTP Analysis
Discover APT41's campaigns and TTPs. See how Picus helps simulate and defend against APT41 attacks.
www.picussecurity.com
November 25, 2025 at 2:24 PM
APT41 Cyber Attacks: History, Operations, and Full TTP Analysis
www.picussecurity.com/resource/blo...
www.picussecurity.com/resource/blo...