Reposted by Rony
Ghidra, scripting, LLM, automagic automation. That should grab the attention for this thread. If you want to read the complete blog, you can do so here: www.trellix.com/blogs/resear...
1/n
1/n
July 1, 2025 at 12:35 PM
Ghidra, scripting, LLM, automagic automation. That should grab the attention for this thread. If you want to read the complete blog, you can do so here: www.trellix.com/blogs/resear...
1/n
1/n
Reposted by Rony
Many many folks in this effort over the years. Thankful for everyone and hope its of use.
May 14, 2025 at 2:10 PM
Many many folks in this effort over the years. Thankful for everyone and hope its of use.
Reposted by Rony
The Natto Team continues finding stories of Chinese hackers fascinating as they reveal the motivations behind cyber operations and the evolution of China's information security industry.
nattothoughts.substack.com/p/stories-of...
nattothoughts.substack.com/p/stories-of...
From the World of “Hacker X Files” to the Whitewashed Business Sphere
Jiang Jintao’s journey from hacker to infosec entrepreneur illustrates the blend of ambition, skill, and changes in China's cybersecurity industry
nattothoughts.substack.com
May 14, 2025 at 4:22 PM
The Natto Team continues finding stories of Chinese hackers fascinating as they reveal the motivations behind cyber operations and the evolution of China's information security industry.
nattothoughts.substack.com/p/stories-of...
nattothoughts.substack.com/p/stories-of...
Reposted by Rony
The May release for ACCE includes updates and support including #AurotunStealer #rutserv #PupkinStealer #PE32Ransomware #Interlock www.ciphertechsolutions.com/acce-release...
ACCE Release Notes v2.9.20250508 – Cipher Tech Solutions, Inc.
www.ciphertechsolutions.com
May 12, 2025 at 4:06 PM
The May release for ACCE includes updates and support including #AurotunStealer #rutserv #PupkinStealer #PE32Ransomware #Interlock www.ciphertechsolutions.com/acce-release...
France just called out GRU Unit 20728 (166th Research Information Centre), posted up in Rostov-on-Don, for cyberattacks. Kremlin got new ops on the board.
www.diplomatie.gouv.fr/en/country-f...
@wylienewmark.bsky.social
www.diplomatie.gouv.fr/en/country-f...
@wylienewmark.bsky.social
Russia – Attribution of cyber attacks on France to the Russian military intelligence service (APT28) (29.04.25)
France condemns in the strongest terms the use by Russia's military intelligence service (GRU) of the APT28 attack group, at the origin of several (…)
www.diplomatie.gouv.fr
April 30, 2025 at 6:17 AM
France just called out GRU Unit 20728 (166th Research Information Centre), posted up in Rostov-on-Don, for cyberattacks. Kremlin got new ops on the board.
www.diplomatie.gouv.fr/en/country-f...
@wylienewmark.bsky.social
www.diplomatie.gouv.fr/en/country-f...
@wylienewmark.bsky.social
Reposted by Rony
Yall are beyond not ready about the shit we're cooking up with @censys.bsky.social and @greynoise.io powers combined
censys.com/blog/hunting...
censys.com/blog/hunting...
Hunting Botnets With CursorAI, GreyNoise, Censys, and Censeye
Threat hunting is made easier and simpler by combining the power of Censys, GreyNoise, CursorAI, and Censeye.
censys.com
April 21, 2025 at 7:12 PM
Yall are beyond not ready about the shit we're cooking up with @censys.bsky.social and @greynoise.io powers combined
censys.com/blog/hunting...
censys.com/blog/hunting...
I'm always a big fan of @agreenberg.bsky.social's writing, but I don't see a clear reason to believe these six stories are connected to "lesser-known hacker groups."
We at Wired put together six stories on lesser known hacker groups who have quietly become some of the most harmful in the world.
Case in point: The turncoat Ukrainian spies working for Russia who some analysts say are the top cyberespionage threat to Ukraine today. www.wired.com/story/gamare...
Case in point: The turncoat Ukrainian spies working for Russia who some analysts say are the top cyberespionage threat to Ukraine today. www.wired.com/story/gamare...
Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine
For the past decade, this group of FSB hackers—including “traitor” Ukrainian intelligence officers—has used a grinding barrage of intrusion campaigns to make life hell for their former countrymen and ...
www.wired.com
April 15, 2025 at 2:53 AM
I'm always a big fan of @agreenberg.bsky.social's writing, but I don't see a clear reason to believe these six stories are connected to "lesser-known hacker groups."
April 9, 2025 at 2:37 PM
It's here!
S02E01: Smoked customers
S02E01: Smoked customers
Tick Tock ⏰
New timer ;) www.operation-endgame.com
April 9, 2025 at 12:03 PM
It's here!
S02E01: Smoked customers
S02E01: Smoked customers
Tick Tock ⏰
April 8, 2025 at 2:40 PM
Tick Tock ⏰
Reposted by Rony
Kyle's talk at Insomni'Hack is live! youtu.be/I0PoE0IdtmE?...
Check it out if you're interested in a slice of modern program analysis and try the latest version of Tanto as well, in the plugin manager or at github.com/Vector35/tanto
Check it out if you're interested in a slice of modern program analysis and try the latest version of Tanto as well, in the plugin manager or at github.com/Vector35/tanto
"A Slice Of" Modern Program Analysis - Kyle Martin
youtu.be
April 7, 2025 at 2:44 PM
Kyle's talk at Insomni'Hack is live! youtu.be/I0PoE0IdtmE?...
Check it out if you're interested in a slice of modern program analysis and try the latest version of Tanto as well, in the plugin manager or at github.com/Vector35/tanto
Check it out if you're interested in a slice of modern program analysis and try the latest version of Tanto as well, in the plugin manager or at github.com/Vector35/tanto
Cool stuff. Kudos to whoever at Censys wrote this. I researched the ORB network myself but lack access to historical data. Thanks for providing historical visibility.
censys.com/junos-and-re...
censys.com/junos-and-re...
March 30, 2025 at 6:59 AM
Cool stuff. Kudos to whoever at Censys wrote this. I researched the ORB network myself but lack access to historical data. Thanks for providing historical visibility.
censys.com/junos-and-re...
censys.com/junos-and-re...
The R&D team at JuniperNetworks released a detailed 35-page malware analysis report "The RedPenguin Malware Incident", covering the #TINYSHELL components used by #UNC3886, including the C2 protocol structure.
supportportal.juniper.net/sfc/servlet.shepherd/document/download/069Dp00000FzdmIIAR
supportportal.juniper.net/sfc/servlet.shepherd/document/download/069Dp00000FzdmIIAR
supportportal.juniper.net
March 13, 2025 at 8:56 AM
The R&D team at JuniperNetworks released a detailed 35-page malware analysis report "The RedPenguin Malware Incident", covering the #TINYSHELL components used by #UNC3886, including the C2 protocol structure.
supportportal.juniper.net/sfc/servlet.shepherd/document/download/069Dp00000FzdmIIAR
supportportal.juniper.net/sfc/servlet.shepherd/document/download/069Dp00000FzdmIIAR
APT27 & i-soon hackers charged by DOJ—12 caught as the cats are out of the bag now. Yet APT27’s infra still purrs. Let’s see how they claw back from this!
www.justice.gov/opa/pr/justi...
www.justice.gov/opa/pr/justi...
Justice Department Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns
The Justice Department, FBI, Naval Criminal Investigative Service, and Departments of State and the Treasury announced today their coordinated efforts to disrupt and deter the malicious cyber activiti...
www.justice.gov
March 5, 2025 at 7:58 PM
APT27 & i-soon hackers charged by DOJ—12 caught as the cats are out of the bag now. Yet APT27’s infra still purrs. Let’s see how they claw back from this!
www.justice.gov/opa/pr/justi...
www.justice.gov/opa/pr/justi...
Epic collab, UNC4899 🤝 UNC5267
FBI official advisory on Bybit crypto theft
www.ic3.gov/PSA/2025/PSA...
FBI official advisory on Bybit crypto theft
www.ic3.gov/PSA/2025/PSA...
Internet Crime Complaint Center (IC3) | North Korea Responsible for $1.5 Billion Bybit Hack
www.ic3.gov
February 27, 2025 at 6:20 AM
Epic collab, UNC4899 🤝 UNC5267
FBI official advisory on Bybit crypto theft
www.ic3.gov/PSA/2025/PSA...
FBI official advisory on Bybit crypto theft
www.ic3.gov/PSA/2025/PSA...
Reposted by Rony
@shodanhq.bsky.social Awesome! Shodan History is back in the UI. Nice!!! Thank you.
But I have a question regarding trends.shodan.io. all trends I do are stopping at October 2024. Why? Please make them to the current data again. I love it and need it. :)
But I have a question regarding trends.shodan.io. all trends I do are stopping at October 2024. Why? Please make them to the current data again. I love it and need it. :)
Shodan
Shodan Trends - Discover how the Internet has changed over time.
trends.shodan.io
February 24, 2025 at 9:34 PM
@shodanhq.bsky.social Awesome! Shodan History is back in the UI. Nice!!! Thank you.
But I have a question regarding trends.shodan.io. all trends I do are stopping at October 2024. Why? Please make them to the current data again. I love it and need it. :)
But I have a question regarding trends.shodan.io. all trends I do are stopping at October 2024. Why? Please make them to the current data again. I love it and need it. :)
Reposted by Rony
Today, Google Threat Intelligence is alerting the community to increasing efforts from several Russia state-aligned threat actors (GRU, FSB, etc.) to compromise Signal Messenger accounts.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Cloud Blog
Russia state-aligned threat actors target Signal Messenger accounts used by individuals of interest to Russia's intelligence services.
cloud.google.com
February 19, 2025 at 11:05 AM
Today, Google Threat Intelligence is alerting the community to increasing efforts from several Russia state-aligned threat actors (GRU, FSB, etc.) to compromise Signal Messenger accounts.
cloud.google.com/blog/topics/...
cloud.google.com/blog/topics/...
Reposted by Rony
This latest blog from Cyfirma on Cl0p/Cleo exploitation is utter garbage, ignore it.
LLM YARA rule (not even valid syntax), massively inflated statistics, and misleading IOCs and analysis.
www.cyfirma.com/research/cl0...
LLM YARA rule (not even valid syntax), massively inflated statistics, and misleading IOCs and analysis.
www.cyfirma.com/research/cl0...
CL0P Ransomware : Latest Attacks - CYFIRMA
INTRODUCTION The Cl0p group has been active since early 2019, leveraging vulnerabilities and exploits to encrypt files for ransom. The...
www.cyfirma.com
February 15, 2025 at 10:29 PM
This latest blog from Cyfirma on Cl0p/Cleo exploitation is utter garbage, ignore it.
LLM YARA rule (not even valid syntax), massively inflated statistics, and misleading IOCs and analysis.
www.cyfirma.com/research/cl0...
LLM YARA rule (not even valid syntax), massively inflated statistics, and misleading IOCs and analysis.
www.cyfirma.com/research/cl0...
Excited to receive the @abuse-ch.bsky.social& @spamhaus.bsky.social swag! 🎁 Thank you for sending this amazing package. It means a lot to be recognized as a Top Contributor in the fight against cybercrime. Looking forward to continuing our battle together! 💪 #StrengthINUnity
February 10, 2025 at 11:35 AM
Excited to receive the @abuse-ch.bsky.social& @spamhaus.bsky.social swag! 🎁 Thank you for sending this amazing package. It means a lot to be recognized as a Top Contributor in the fight against cybercrime. Looking forward to continuing our battle together! 💪 #StrengthINUnity
Reposted by Rony
I miss the free version of riskIQ
February 6, 2025 at 9:28 PM
I miss the free version of riskIQ
Reposted by Rony
A BIG thank you to our top contributors🎖️for sharing valuable technical cyber threat intelligence on our platforms over the past year. 🙏
Your efforts had a significant impact on cyber security, making the internet a safer place👏💪🛡️
A nice surprise is coming your way! 🎁 👀👇
Your efforts had a significant impact on cyber security, making the internet a safer place👏💪🛡️
A nice surprise is coming your way! 🎁 👀👇
February 6, 2025 at 1:08 PM
A BIG thank you to our top contributors🎖️for sharing valuable technical cyber threat intelligence on our platforms over the past year. 🙏
Your efforts had a significant impact on cyber security, making the internet a safer place👏💪🛡️
A nice surprise is coming your way! 🎁 👀👇
Your efforts had a significant impact on cyber security, making the internet a safer place👏💪🛡️
A nice surprise is coming your way! 🎁 👀👇
#CMS8000 backdoor
Hardcoded IP: 202.114.4[.]119 (h/t @craiu.bsky.social) registered to Tsinghua University 👀
VT link:
www.virustotal.com/gui/file/4e4...
📝 www.cisa.gov/sites/defaul...
Hardcoded IP: 202.114.4[.]119 (h/t @craiu.bsky.social) registered to Tsinghua University 👀
VT link:
www.virustotal.com/gui/file/4e4...
📝 www.cisa.gov/sites/defaul...
www.cisa.gov
January 31, 2025 at 9:28 PM
#CMS8000 backdoor
Hardcoded IP: 202.114.4[.]119 (h/t @craiu.bsky.social) registered to Tsinghua University 👀
VT link:
www.virustotal.com/gui/file/4e4...
📝 www.cisa.gov/sites/defaul...
Hardcoded IP: 202.114.4[.]119 (h/t @craiu.bsky.social) registered to Tsinghua University 👀
VT link:
www.virustotal.com/gui/file/4e4...
📝 www.cisa.gov/sites/defaul...