Vedant Bhalgama

I passed the eCPPT examination! The exam was just amazing! I enjoyed it and all thanks goes to @eLearnSecurity @ine #cybersecurity #infosec

🧵 THREAD: motorbeam.com is actively compromised and delivering malware to visitors right now. Research by @BhalgamaVedant . --- 1/ Visitors are shown a fake Cloudflare gate instructing them to open PowerShell - a #ClickFix attack. The clipboard is pre-loaded with a malicious command. --- 2/ The injection point is wp-emoji-loader.min.js - a legitimate WordPress core file. The attacker hid their obfuscated loader here to evade detection. --- 3/ The PowerShell payload fetches a binary from 158.94.208.104/x7GkP2mQ9zL4/my_1.bin and executes it in-memory via VirtualAlloc + CreateThread. No file on disk. Classic shellcode injection -> RAT deployment. --- 4/ IOCs: 🔴 C2: 158[.]94.208.92 🔴 C2: 158[.]94.208[.]104 🔴 Payload path: /x7GkP2mQ9zL4/my_1.bin 🔴 Compromised file: wp-emoji-loader.min.js --- 5/ We attempted to notify @motorbeam via LinkedIn, email, and X before publishing. No response received. Disclosing now to protect the public. If you visited motorbeam.com and ran anything in PowerShell - assume compromise. #ThreatIntel #ClickFix #Morphisec #Infosec

@LexiLominite mine literally breaks 90 percent of the time while I try to install something new or upgrade new packages lmfao

Why is it so hard to run this , i mean why upgrading to pip is so hard , even creating virtualenv for every package and activating it i easier than upgrading it 😭😂..

🚨 Red Teaming Toolkit ⚡ This repository contains cutting-edge open-source security tools (OST) that will help you during adversary simulation and as information intended for threat hunter can make detection and prevention control easier Credit: github.com/infosecn1nja/R… #redteam #pentest #Pentesting #infosec #infosecurity NB: didn't checked all links

Getting started with windows kernel exploitation Part 1: mdanilor.github.io/posts/hevd-0/ Part 2: mdanilor.github.io/posts/hevd-1/ Part 3: mdanilor.github.io/posts/hevd-2/ Part 4: mdanilor.github.io/posts/hevd-3/ Part 5: mdanilor.github.io/posts/hevd-4/ #windows

Crowdstrike Analysis: It was a NULL pointer from the memory unsafe C++ language. Since I am a professional C++ programmer, let me decode this stack trace dump for you.

I made a powershell module for hiding payloads in the pixels of an image That payload that's embedded can then be extracted and executed with the one liner that is also generated for you it really doesnt get much stealthier than this 😈

tl;dr being a failure is cool and badass Failure is the standard for any sort of malware development, research, or reverse engineering. We think of ideas all the time, research them, work on developing them, then it implodes and fails to come to fruition. Collectively, we've got dozens of failed, botched, or incomplete projects due to various setbacks and failures. Often times the code is scrapped, put on a metaphorical shelf, and hope the code will be of value sometime later down the road (sometimes years later, or never). If you're new and you invested several hours, days, weeks, or months and your code ends up being a dead end: Welcome to the club. Attached image is a screenshot of failed or incomplete projects. This is just the tip of the iceberg.

@fs0c131y You’re in Paris, France, and this is where you took the photo from

#OSINT quiz: Where am I?

The last couple days have been so wildly productive and i am proud of myself I completely rebuilt the engine, api, and website for my powershell polymorphic reverse shell generator and now that I have done so much work on it again I need help testing it against different AVs. if you have access to crowdstrike,elastic, sentinel one etc and would be down to help me do some testing hit me up please and thank you. Happy to test it against anything

I will be conducting a proper malware analysis on this suspicious executable file soon and share what exactly it does!

On performing a WHOIS Lookup, I found out that this domain was recently created in April. Further when I inspected the website, it asked me to download a ZIP file named Contract+Preview 04.05.[dot]zip. Which contained an executable disguised as a PDF file.

I recently got a phishing mail titled "Advertising Promotion For You Corel Software YouTube", stating the following message, Incoming mail ID is corel.ksl@kakao.com.

🔍🛡️ Exploring Opportunities as a Penetration Tester! 🛡️🔍 Hey there, wonderful LinkedIn community, I'm eagerly searching for thrilling opportunities in the cybersecurity domain as a Penetration Tester! 💼💻 Here's a sneak peek into what I bring to the table:

This man resigned from Microsoft after 22 years, just to become a farmer 😭

Hacking devices are great. Here are hacker tools you should know. They are awesome.

Feels great again to continue my hacking journey almost after a putting a pause to it about for a year. Now, I shall comeback by getting the PNPT certificate🔥

Some People Said, "You're too young to achieve this". But they never saw the story behind. It's been 7055 days since I was born. And I always wonder what I've done so far. Because I always feel there's something I still need to do and this is the only thing that keeps pushing me forward. This is not something I wanted to show, but just felt like writing it out. Because people always assume that mine is pure luck. Here it is, how all it started back in my 8th grade[Year: 2018] Backstory: Me and my brother used to play @ClashofClans so heavily(kinda addicted) and I shared my gmail account to some unknown friend of mine so that he can continue playing this game as I need to prepare for the exams. And as expected, he changed the password, thus leading me here. Age 12: Started Learning about #Hacking Age 13: Wrote first “Hello World” program in C. Age 14: Hacked into my Computer Teacher’s gmail account. Age 14: Won 2nd Prize at Science Fair competition for “Hacking Project: Social Engineering” Age 15: Hacked into India’s Top School systems exposing over 30L+ student details. Age 15: Failed #CEH (Cried a lot lol 😂) Age 15: Started doing #bugbounties Age 16: Moved out of my hometown for better opportunities. (Also education) Age 16: Passed #PNPT but didn’t get certified due to some reasons. (Got banned) Age 16: earned my first $XXXX bounty Age 17: Slowly started focusing in Web3 Age 17: Made my first $10,000+ via Bug Bounties in almost a year. [Thanks to @immunefi & @HackenProof ] Age 17: Got my First Job [ Quick story: hacked into the company —> reported to the COO @rahulparikh94 —> COO offered a job if what I'm claiming is real and asked to prove it in-front of the tech team —> Done —> Joined the Company ] Age 17: Top Researcher of Hackenproof @2022 Age 18: Hacked into a “Hacking Company” - Top #Web3 Security Firm Age 18: Found a critical bug at Crypto-Exchange, securing over $400m-$500m in value. [ CVSS: 10.0 ] Age 18: Gave First Talk at @nullhyd Age 18: Hacked into Two Biggest E-Commerce Companies which are making a yearly turnover of around $10,00,000+ each. [Update: Sealed a private auditing deal with one of the company and working as security advisor & closely in talk in another company for better relationships] Age 19: Gave Talk at DEFCON Delhi(@dc_9111 ) on Web3 Security Age 19: Joined @TECHFUND as Security Researcher [Web3] Age 19: Gave Talk at Lovely Professional University on Web3 & Web3 Security And still a lot to do more. Should really thank to all the people who supported me right from the beginning i.e from my parents, teachers & friends to all the executives ie. COOs, CEOs, Employees that I've worked with and special thanks to my first mentor @nullshock1 for your early support and current mentors @0xSmit @RealJohnnyTime @MitchellAmador @0xrudrapratap and others for your constant support and guidance. More importantly, I'm blessed to have some real friends like @LexiLominite @IamRenganathan @cyberzyro1 @BhalgamaVedant who sticked with me right from the beginning. Love you guys! [NOTE]: There are still lots of people to whom I owe for their support throughout. I'll always strive to give my very best in whatever way I can. Regards, Gowtham Naidu Ponnana #infosec

@C5pider Lol nice! That feeling when you bypass it with internet connected is just pure satisfaction

I bypassed Windows Defender !!!