Omar

471 posts

Omar banner
Omar

Omar

@beacon_exe

Senior Security Researcher @Kaspersky GReAT - tweets and opinions are my own

参加日 Aralık 2020
514 フォロー中649 フォロワー
Omar がリツイート
Boris Larin
Boris Larin@oct0xor·
We analyzed the Coruna exploit kit and found intriguing code overlaps with Operation Triangulation. Full analysis on our blog: link below.
Boris Larin tweet media
English
4
90
429
36.4K
Omar がリツイート
Boris Larin
Boris Larin@oct0xor·
Heartbroken to hear about the passing of @Skvern0. He was one of the best threat hunters in the industry - even APTs were afraid of him. I’m grateful for the time we worked together and for everything I learned from him. Rest in peace.
Boris Larin tweet media
English
27
50
556
77.5K
Omar がリツイート
Kaspersky
Kaspersky@kaspersky·
Arkanix Stealer didn’t just steal data. It ran like a startup. • MaaS model • Discord marketing • Referral program • C++ & Python variants • Crypto & browser data theft Short-lived campaign. Long-term implications. Full analysis: kas.pr/w692 #Malware #Infostealer #ThreatIntel #CyberSecurity
Kaspersky tweet media
English
0
4
11
1.2K
Omar がリツイート
Georgy Kucherin
Georgy Kucherin@kucher1n·
It turned out there are many more payloads used in the Notepad++ attack! To stay undetected, its masterminds were COMPLETELY changing execution chains about every month. Here are more IPs used in the attack: 45.76.155[.]202 45.32.144[.]255 Read below for many other IoCs! [1/8]
Georgy Kucherin tweet media
English
19
233
1.2K
106.4K
Omar がリツイート
blackorbird
blackorbird@blackorbird·
A full iOS zero-day exploit chain used in the wild against targets in Egypt. #Intellexa #Predator Stage 1: Initial RCE via JSKit Framework (Safari WebKit Exploitation)Entry Point: The chain starts with a zero-day RCE vulnerability in Safari's WebKit rendering engine, patched by Apple as CVE-2023-41993 (a memory corruption issue in the JIT compiler). Stage 2: Sandbox Escape and Kernel Privilege EscalationVulnerabilities Exploited: CVE-2023-41992: Kernel IPC use-after-free (sandbox escape + local privilege escalation, LPE). CVE-2023-41991: Code-signing bypass (LPE). Stage 3: Persistence and Surveillance Setup (PREYHUNTER Modules)Components: Divided into two modules—"watcher" and "helper"—deployed via the escalated privileges from Stage 2. cloud.google.com/blog/topics/th… github.com/blackorbird/AP…
blackorbird tweet mediablackorbird tweet media
English
7
87
407
54.8K
Omar
Omar@beacon_exe·
GhostCall by BlueNoroff is still going crazy.
BadlandYW@BadlandYW

⚠️ URGENT WARNING ⚠️ I’m sharing this as something urgent and important please be careful, everyone. Linda is my friend. She used to work in capital markets, and we met years ago. Yesterday, she asked me to join a meeting. I thought it was for a project and accepted. She sent me a calendar invite, and I joined the meeting this morning at 9 AM. It was supposed to be on Google Meet, but no one was there. Then they sent me a Zoom link. I clicked it and opened it in my browser. When I joined, everything looked broken and the page asked me to run a “system update.” Instead, I chose to download Zoom manually and asked for the meeting ID. They refused to give it and said the update would be “easier.” That’s when I deleted everything and shut it down. I told them my computer couldn’t handle the update and that we should continue on Meet. Strangely, my camera wouldn’t turn off no matter what I did. I calmly closed all tabs, deleted everything, restarted my browser, and ran a full virus scan. Then I realized Linda had been hacked, and the hackers were after me. To those hackers: waving at you 👋 you almost got me, but not this time. Linda was someone I really trusted. Let this be a reminder to everyone: If someone asks you to download or install something don’t do it!

English
0
0
5
530
Omar
Omar@beacon_exe·
@3ffaaat مش عارف اقولك ايه ياعم 🤣🤣❤️❤️❤️
العربية
0
0
0
71
3Mr ®🇵🇸
3Mr ®🇵🇸@3ffaaat·
securelist.com/bluenoroff-apt… اخواني واخواتي، استمتعوا بجهلكم وخشوا اعملوا سكرول لريسيرش عمنا عمر أمين الي محتاج ٥١ دقيقة قراءة وسنين فهم. عمر امين دا ثروة قومية محتاج تأمين مخبراتي وربي.
العربية
3
0
2
318
Omar
Omar@beacon_exe·
couldn't ask for a better partner in crime at #TheSAS2025 stage. Check out our full research, uncovering #GhostCall and #GhostHire of #Bluenoroff here: securelist.com/bluenoroff-apt…
hypen@hypen1117

It was truly an honor to be part of #TheSAS2025 as a speaker! I and Omar (@beacon_exe) shared some juicy insights from our extensive research on #BlueNoroff's #GhostCall and #GhostHire campaign, part of #SnatchCrypto. You can find our research below. ✅ securelist.com/bluenoroff-apt…

English
2
3
12
1.9K
Omar がリツイート
Boris Larin
Boris Larin@oct0xor·
Yesterday’s hackyard party was wild - still recovering 😅 #TheSAS2025
Boris Larin tweet mediaBoris Larin tweet media
English
0
1
34
3.8K
Omar がリツイート
Saurabh Sharma
Saurabh Sharma@SaurabhSha15·
We(@kucher1n and myself ) discovered a new advanced threat campaign, PassiveNeuron, is actively targeting Windows Server environments in government, financial and industrial organisations across Asia, Africa and Latin America. For more details - securelist.com/passiveneuron-…
English
1
4
9
702
Omar がリツイート
Boris Larin
Boris Larin@oct0xor·
The SAS conference (@TheSAScon) looks AMAZING this year!🔥 Love the talks lineup, the venue, the GTA theme (!!!), and the special guest! I’m also presenting something secret👀 I’ve got one extra ticket - DM me if I might know you and you’d like to come!
Boris Larin tweet media
English
4
1
8
2.4K
Omar がリツイート
TheSAS2025
TheSAS2025@TheSAScon·
#TheSAS2025 agenda is almost ready! Keep an eye on the website updates as we iron out the final details with our stellar speaker lineup this week. What to expect? 🕵️‍♂️ One in three talks covers recent APT TTPs and investigations. We expect four mind-blowing talks on 🚘 and telematics infrastructure and at least a couple on important topics like browser security and the realities of using EOL devices. Expect a swirl of topics and slides in our favorite PechaKucha format too! ⚡️ So, bookmark this link and secure your spot before it's too late 👉 kas.pr/6rx9
English
0
1
4
759
Omar がリツイート
Saurabh Sharma
Saurabh Sharma@SaurabhSha15·
We recently analyzed GodRAT, a new malware strain derived from Gh0stRAT, actively targeting financial organizations. More details here - securelist.com/godrat/117119/
English
1
5
12
818
Omar がリツイート
TheSAS2025
TheSAS2025@TheSAScon·
#CFP extended — your last chance to rock the floor at #TheSAS2025! Just 10 days left to propose your research for the BIG stage and share your findings with peers from world-class cybersecurity organizations. If you research: ▪️ Transportation and smart city vulnerabilities ▪️ New tactics and tricks from notorious #APTs ▪️ Ransomware ▪️ Best incident response practices ▪️ Supply chain and #OSS security ▪️ OT and critical infrastructure security ▪️ Vulnerabilities and fixes then our program committee is waiting for you! ⚠️ Submit your topic by August 10th ⏩ kas.pr/6rx9
English
0
12
18
8.3K

ディスカバー

@Skvern0 @malware_owl @3ffaaat @oct0xor @hypen1117 @kucher1n @TheSAScon @elonmusk