Ali Hussein

A new Redline variant C2: 45.95.147.222:8080 185.215.113.117:443 91.215.85.45:80 194.36.191.128:8080 77.91.84.63:443 Exfil domains: update.chrome-service[.]com metrics.google-analytics[.]net Yara rule: yarasearch.net/details/529/ #Redline #Blueteam #Threathunting

Based on thedfirreport.com/2025/08/05/fro… I have added around 6 detection rules. from rustdesk to wbadmin credential dumping github.com/0xAnalyst/Defe… github.com/0xAnalyst/Defe… github.com/0xAnalyst/Defe… find the rules at kqlsearch.com #threathunting #Akira #ransomware #bumblebee

Inspired by kqlsearch. my mentee @Qtr_Alhajj has built a Yara database and search engine here yarasearch.net. Incredible work from the first year university student. looking for suggestions to improve the website. #Yara #database #malware

With all the fuss around #velociraptor thought I'd give a shootout to project LOST (LOL Security Tools). We started this together with @0xanalyst some time ago. Yes Velociraptor, osquery, defender, wazuh, and much more that would deserve to be documented 0xanalyst.github.io/Project-Lost/

@r3nzsec @inversecos @1arwamo Stop ditching me @r3nzsec like your Saudi friend

@inversecos OMG let's gooo!! If you're coming anytime soon (hopefully not during the peak of summer lmao), I'll meet you there with my very good friend @1arwamo and take you to some great restaurants for sure! 🔥

Riyadh 🫶🏻

@r3nzsec @inversecos @XintraOrg How much I shall pay to be there?

@inversecos @XintraOrg Great folks in one picture!! 👀🔥

Become a contributor at XINTRA @XintraOrg 🔎 We're looking for RED and BLUE team contributors 🔴Red Team – Emulate real APT groups 🔵Blue Team – Investigate & respond to emulations What you get: - Challenging, realistic emulations - Hack & forensicate vendor devices - Creative control over your scenario - Small, supportive, and collaborative team - Full credit for your work & payment Your work will be featured in labs used by government and enterprise teams. Apply here docs.google.com/forms/d/e/1FAI…

@_RastaMouse I didn't do any of your courses, but I can see that you are one way or another changing people's lives

@_RastaMouse There are a lot of people out there depending on your courses, to build a career and learn stuff that they wont learn otherwise. That shall motivate you

I need to work on the new RTO II but I just don't have the motivation 😭

@r3nzsec @DebugPrivilege Well articulated Arabic responses.

@0xanalyst @DebugPrivilege يا رجل، آسف، أنا الآن في لندن. هل ما زلت في دبي؟

@r3nzsec @DebugPrivilege Hahaha

@r3nzsec @DebugPrivilege I was waiting for you here.

@DebugPrivilege alles goed, net aangekomen in Londen

#Lumma #infosec #malware #blueteam #Threathunting

This final execution of the malware seems a new way to obfuscate downloadstring dynamically. they load the ULR in a variable and then dynamically resolve function names for download and downloadstring #Lumma #infosec #malware #blueteam ChaGPT explanation follows

New lumma variant app.any.run/tasks/7f5c4cd2… with tons of new techniques they use to obfuscate the malware #Lumma #infosec #malware #blueteam

NEW LAB: Abu Jibal (APT34 / OilRig) 🔍💻 Iranian APT34 targets the oil and gas sector across the Middle East. Test your blue team skills on: 👀 Password Filter DLL Attacks 👀 RunPE In-Memory Execution 👀 Windows Kernel Elevation 👀 Malicious JavaScript Payloads 👀 Custom Keyloggers Lab Contributors: Adversarial Emulation: @fawazo Incident Response: @r3nzsec Solve it here👉xintra.org @XintraOrg

@r3nzsec @XintraOrg Abu Jibal hahhaha. Great work Abu Renzon

Check this out! #APT34 @XintraOrg

New FullHunt features coming up! Stay tuned…. 🥁🚀

Chatgpt extracted TTPs on the ransomware negotiation chat ransomware.live/nego

Based on the report thedfirreport.com/2025/03/31/fak… I have created 2 new detection rules github.com/0xAnalyst/Defe… - Detects usage of bublup[.]com for exfiltration github.com/0xAnalyst/Defe… - detection of unsigned binaries executing from suspicious locations #KQL #Threathunting #ATP

Asked chatgpt to summarize the TTPs based on the chat log for each threat group. sample screenshot

From Akira Ransomware negotiation chats this seems the generic response they give as how they compromised victims. #Blueteam #SOC #ransomware