shadowfox.bsky.social
@shadowfox.bsky.social
Reposted by shadowfox.bsky.social
#ESETresearch publishes its investigation of Operation RoundPress, which uses XSS vulnerabilities to target high-value webmail servers. We attribute the operation to Sednit with medium confidence. www.welivesecurity.com/en/eset-rese... 1/5
Operation RoundPress targeting high-value webmail servers
ESET researchers uncover a Russia-aligned espionage operation that they named RoundPress and that targets webmail servers via XSS vulnerabilities.
www.welivesecurity.com
May 15, 2025 at 7:36 AM
#ESETresearch publishes its investigation of Operation RoundPress, which uses XSS vulnerabilities to target high-value webmail servers. We attribute the operation to Sednit with medium confidence. www.welivesecurity.com/en/eset-rese... 1/5
Reposted by shadowfox.bsky.social
See how our analysts can rapidly triage the files to determine 1) whether they're malicious, 2) whether they're associated with any known malware families or clusters of threat activity, and 3) whether they can identify any additional IOCs or detections that can be passed on to IR.
v.vtx.lk/malware
v.vtx.lk/malware
How To Analyze Malware and Threat Clusters
In this video, Ryann Hallback, a Principal Intelligence Analyst at The Vertex Project, demonstrates how threat intelligence analysts can use Synapse to perfo...
v.vtx.lk
August 25, 2023 at 5:04 PM
See how our analysts can rapidly triage the files to determine 1) whether they're malicious, 2) whether they're associated with any known malware families or clusters of threat activity, and 3) whether they can identify any additional IOCs or detections that can be passed on to IR.
v.vtx.lk/malware
v.vtx.lk/malware
Reposted by shadowfox.bsky.social
💡ViewDNS is a leading provider of online tools for website analysis, monitoring, and domain intelligence.
Link: viewdns.info
Link: viewdns.info
April 3, 2025 at 9:20 PM
💡ViewDNS is a leading provider of online tools for website analysis, monitoring, and domain intelligence.
Link: viewdns.info
Link: viewdns.info
Reposted by shadowfox.bsky.social
🚨Alleged leak of XWorm RAT V5.7
Blur: Link to the release
Blur: Link to the release
April 2, 2025 at 3:58 PM
🚨Alleged leak of XWorm RAT V5.7
Blur: Link to the release
Blur: Link to the release
Reposted by shadowfox.bsky.social
💡Criminal IP is a Cyber Threat Intelligence (CTI) search engine that scans the open ports of IP addresses worldwide daily to discover all devices connected to the Internet
Link: www.criminalip.io
Link: www.criminalip.io
April 1, 2025 at 6:24 PM
💡Criminal IP is a Cyber Threat Intelligence (CTI) search engine that scans the open ports of IP addresses worldwide daily to discover all devices connected to the Internet
Link: www.criminalip.io
Link: www.criminalip.io
Reposted by shadowfox.bsky.social
Nice: Cloudflare has a "Security analytics" tab where they collect and display suspicious requests.
Turns out every website is hit for paths that could contain sensitive information if accidentally uploaded. ENV variables, AWS credentials etc.
This is for techpays .com:
Turns out every website is hit for paths that could contain sensitive information if accidentally uploaded. ENV variables, AWS credentials etc.
This is for techpays .com:
March 31, 2025 at 10:02 AM
Nice: Cloudflare has a "Security analytics" tab where they collect and display suspicious requests.
Turns out every website is hit for paths that could contain sensitive information if accidentally uploaded. ENV variables, AWS credentials etc.
This is for techpays .com:
Turns out every website is hit for paths that could contain sensitive information if accidentally uploaded. ENV variables, AWS credentials etc.
This is for techpays .com:
Reposted by shadowfox.bsky.social
You’ve heard Cake’s Comfort Eagle album, but have you heard of my:
March 30, 2025 at 2:35 AM
You’ve heard Cake’s Comfort Eagle album, but have you heard of my:
Reposted by shadowfox.bsky.social
Work-related toot on an ongoing ClickFix / SecTopRat campaign. : infosec.exchange/@SophosXOps/... plus thread. I’ll repost some of the details here.
Sophos X-Ops (@SophosXOps@infosec.exchange)
Sophos MDR has observed two distinct social engineering campaigns using a technique referred to as ClickFix spiking during March. In both of these campaigns—one surging on March 2 and the other on Ma...
infosec.exchange
March 28, 2025 at 11:07 AM
Work-related toot on an ongoing ClickFix / SecTopRat campaign. : infosec.exchange/@SophosXOps/... plus thread. I’ll repost some of the details here.
Reposted by shadowfox.bsky.social
Anthropic's MCP spec has been updated.
Some of the major changes:
- Auth framework based on OAuth 2.1
- Replaced the previous HTTP+SSE transport with Streamable HTTP transport
- Support for JSON-RPC batching
- Tool annotations for better describing tool behavior
github.com/modelcontext...
Some of the major changes:
- Auth framework based on OAuth 2.1
- Replaced the previous HTTP+SSE transport with Streamable HTTP transport
- Support for JSON-RPC batching
- Tool annotations for better describing tool behavior
github.com/modelcontext...
specification/docs/specification/2025-03-26 at main · modelcontextprotocol/specification
The specification of the Model Context Protocol. Contribute to modelcontextprotocol/specification development by creating an account on GitHub.
github.com
March 26, 2025 at 3:19 PM
Anthropic's MCP spec has been updated.
Some of the major changes:
- Auth framework based on OAuth 2.1
- Replaced the previous HTTP+SSE transport with Streamable HTTP transport
- Support for JSON-RPC batching
- Tool annotations for better describing tool behavior
github.com/modelcontext...
Some of the major changes:
- Auth framework based on OAuth 2.1
- Replaced the previous HTTP+SSE transport with Streamable HTTP transport
- Support for JSON-RPC batching
- Tool annotations for better describing tool behavior
github.com/modelcontext...
Reposted by shadowfox.bsky.social
EDPS researcher Robert Riemann is exploring EU OS, a pilot/proof-of-concept Linux-based operating system designed for the EU public sector.
eu-os.gitlab.io
eu-os.gitlab.io
EU OS
Proof-of-Concept OS for the EU
eu-os.gitlab.io
March 25, 2025 at 2:02 PM
EDPS researcher Robert Riemann is exploring EU OS, a pilot/proof-of-concept Linux-based operating system designed for the EU public sector.
eu-os.gitlab.io
eu-os.gitlab.io
Reposted by shadowfox.bsky.social
In studio today so I’m wearing real shoes 🤗
March 20, 2025 at 3:37 PM
In studio today so I’m wearing real shoes 🤗
Reposted by shadowfox.bsky.social
🚨 🚨 🚨
The Seahawks are trading QB Geno Smith to the Raiders, reuniting him with his coach Pete Carroll, per The Insiders, as Seattle hits reset.
It’s a third-round pick going to Seattle. And a new QB for Las Vegas.
The Seahawks are trading QB Geno Smith to the Raiders, reuniting him with his coach Pete Carroll, per The Insiders, as Seattle hits reset.
It’s a third-round pick going to Seattle. And a new QB for Las Vegas.
March 8, 2025 at 12:03 AM
🚨 🚨 🚨
The Seahawks are trading QB Geno Smith to the Raiders, reuniting him with his coach Pete Carroll, per The Insiders, as Seattle hits reset.
It’s a third-round pick going to Seattle. And a new QB for Las Vegas.
The Seahawks are trading QB Geno Smith to the Raiders, reuniting him with his coach Pete Carroll, per The Insiders, as Seattle hits reset.
It’s a third-round pick going to Seattle. And a new QB for Las Vegas.
Reposted by shadowfox.bsky.social
DLL hijacking with the native and built-in Windows utility Dism.exe -- simple MessageBox and obligatory reverse shell demo, then some handy penetration testing resources for tricks and opportunities with other programs :) youtu.be/uY8BpZBF2f0
March 4, 2025 at 2:00 PM
DLL hijacking with the native and built-in Windows utility Dism.exe -- simple MessageBox and obligatory reverse shell demo, then some handy penetration testing resources for tricks and opportunities with other programs :) youtu.be/uY8BpZBF2f0
Reposted by shadowfox.bsky.social
Introducing MalChela. A YARA and Malware Analysis utility written in Rust. #DFIR #MalwareAnalysis #YARA #Hashing
MalChela – A YARA and Malware Analysis Toolkit written in Rust
Saturday was for Python. Sunday was for Rust. After my success with the Python + YARA + Hashing, I decided to take things to the next level. Over the past few years I've created a number of Python and PowerShell scripts related to YARA and Malware Analysis. What if I combined them into a single utility? While we're at it, let's rewrite them all from scratch in Rust.
bakerstreetforensics.com
March 3, 2025 at 8:10 PM
Introducing MalChela. A YARA and Malware Analysis utility written in Rust. #DFIR #MalwareAnalysis #YARA #Hashing
Reposted by shadowfox.bsky.social
🎭 #ThreatHunting February updates 🎭
🐙 release: github.com/mthcht/Threa...
🌐 Site: mthcht.github.io/ThreatHuntin...
🧬 yara: github.com/mthcht/Threa...
🐾 Specific artifact lists: github.com/mthcht/aweso...
🐙 release: github.com/mthcht/Threa...
🌐 Site: mthcht.github.io/ThreatHuntin...
🧬 yara: github.com/mthcht/Threa...
🐾 Specific artifact lists: github.com/mthcht/aweso...
March 2, 2025 at 10:15 PM
🎭 #ThreatHunting February updates 🎭
🐙 release: github.com/mthcht/Threa...
🌐 Site: mthcht.github.io/ThreatHuntin...
🧬 yara: github.com/mthcht/Threa...
🐾 Specific artifact lists: github.com/mthcht/aweso...
🐙 release: github.com/mthcht/Threa...
🌐 Site: mthcht.github.io/ThreatHuntin...
🧬 yara: github.com/mthcht/Threa...
🐾 Specific artifact lists: github.com/mthcht/aweso...
Reposted by shadowfox.bsky.social
March 2, 2025 at 1:38 AM
Reposted by shadowfox.bsky.social
💡DarkWatchCTI: A collection of Cyber Threat Intelligence information gathered from the depths of the clearnet, deep web and dark web.
github.com/DarkWebInfor...
NOTE: At this time the only files that are empty are Discord and Twitter. Data will be provided soon.
github.com/DarkWebInfor...
NOTE: At this time the only files that are empty are Discord and Twitter. Data will be provided soon.
March 2, 2025 at 12:21 AM
💡DarkWatchCTI: A collection of Cyber Threat Intelligence information gathered from the depths of the clearnet, deep web and dark web.
github.com/DarkWebInfor...
NOTE: At this time the only files that are empty are Discord and Twitter. Data will be provided soon.
github.com/DarkWebInfor...
NOTE: At this time the only files that are empty are Discord and Twitter. Data will be provided soon.
Reposted by shadowfox.bsky.social
💡The DarkWatchCTI repo will be public in a couple hours. It is a 1 to 1 version from everything under Onions on the platform to GitHub in .md format.
March 1, 2025 at 10:24 PM
💡The DarkWatchCTI repo will be public in a couple hours. It is a 1 to 1 version from everything under Onions on the platform to GitHub in .md format.
Reposted by shadowfox.bsky.social
The Vo1d botnet is so massive and so active that ten of its C2 servers have entered the Tranco Top one million most popular websites on the internet 👀👀👀👀👀👀
blog.xlab.qianxin.com/long-live-th...
blog.xlab.qianxin.com/long-live-th...
February 27, 2025 at 5:12 PM
The Vo1d botnet is so massive and so active that ten of its C2 servers have entered the Tranco Top one million most popular websites on the internet 👀👀👀👀👀👀
blog.xlab.qianxin.com/long-live-th...
blog.xlab.qianxin.com/long-live-th...
Reposted by shadowfox.bsky.social
🚨🇺🇸Rey and grep Claimed to have Leaked Employee Data of CrowdStrike
darkwebinformer.com/rey-and-grep...
darkwebinformer.com/rey-and-grep...
Rey and grep Claimed to have Leaked Employee Data of CrowdStrike
Rey and grep Claimed to have Leaked Employee Data of CrowdStrike
darkwebinformer.com
February 25, 2025 at 8:18 PM
🚨🇺🇸Rey and grep Claimed to have Leaked Employee Data of CrowdStrike
darkwebinformer.com/rey-and-grep...
darkwebinformer.com/rey-and-grep...
Reposted by shadowfox.bsky.social
It took just 3 hours:
RCE → Metasploit C2 → Anydesk for remote GUI-access → LockBit ransomware
Interestingly, we observed the threat actor using PDQ Deploy, a patch management tool.
Read the report here:
RCE → Metasploit C2 → Anydesk for remote GUI-access → LockBit ransomware
Interestingly, we observed the threat actor using PDQ Deploy, a patch management tool.
Read the report here:
Confluence Exploit Leads to LockBit Ransomware
Key Takeaways The intrusion began with the exploitation of CVE-2023-22527 on an exposed Windows Confluence server, ultimately leading to the deployment of LockBit ransomware across the environment.…
thedfirreport.com
February 24, 2025 at 3:25 PM
It took just 3 hours:
RCE → Metasploit C2 → Anydesk for remote GUI-access → LockBit ransomware
Interestingly, we observed the threat actor using PDQ Deploy, a patch management tool.
Read the report here:
RCE → Metasploit C2 → Anydesk for remote GUI-access → LockBit ransomware
Interestingly, we observed the threat actor using PDQ Deploy, a patch management tool.
Read the report here:
Reposted by shadowfox.bsky.social
The BlackBasta chat logs that leaked earlier this month are finally available for everyone on GitHub
github.com/D4RK-R4BB1T/...
github.com/D4RK-R4BB1T/...
GitHub - D4RK-R4BB1T/BlackBasta-Chats
Contribute to D4RK-R4BB1T/BlackBasta-Chats development by creating an account on GitHub.
github.com
February 23, 2025 at 1:22 PM
The BlackBasta chat logs that leaked earlier this month are finally available for everyone on GitHub
github.com/D4RK-R4BB1T/...
github.com/D4RK-R4BB1T/...
Reposted by shadowfox.bsky.social
💡Dark Ledger: A repository preserving darknet market data, including vendor lists, PGP keys, listings, and more for research & intelligence purposes
Link: github.com/DarkWebInfor...
Link: github.com/DarkWebInfor...
GitHub - DarkWebInformer/Dark_Ledger: A repository preserving darknet market data, including vendor lists, PGP keys, listings, and more for research & intelligence purposes.
A repository preserving darknet market data, including vendor lists, PGP keys, listings, and more for research & intelligence purposes. - DarkWebInformer/Dark_Ledger
github.com
February 22, 2025 at 9:24 PM
💡Dark Ledger: A repository preserving darknet market data, including vendor lists, PGP keys, listings, and more for research & intelligence purposes
Link: github.com/DarkWebInfor...
Link: github.com/DarkWebInfor...
Reposted by shadowfox.bsky.social
💡CreepyCrawler: An OSINT Tool for Website Recon and Data Extraction
GitHub: github.com/chm0dx/creep...
darkwebinformer.com/creepycrawle...
GitHub: github.com/chm0dx/creep...
darkwebinformer.com/creepycrawle...
February 19, 2025 at 6:45 PM
💡CreepyCrawler: An OSINT Tool for Website Recon and Data Extraction
GitHub: github.com/chm0dx/creep...
darkwebinformer.com/creepycrawle...
GitHub: github.com/chm0dx/creep...
darkwebinformer.com/creepycrawle...