Chaplin

69 posts

Chaplin

@ChaplinSec

Deutschland Katılım Mayıs 2021

136 Takip Edilen20 Takipçiler

Chaplin retweetledi

BSidesFrankfurt@BSidesFRA·22 Ağu

Cracking Compromised Edge Devices Join Evgen Blohm and Marius Genheimer from SECUINFRA Falcon Team for a deep dive into forensic investigations of compromised edge devices from Cisco, Fortinet, Citrix, and Ivanti. Discover the exploits used, the motives of nation-state and cybercriminal attackers, and creative techniques for analyzing these complex appliances. Gain practical tips to investigate and secure your network equipment in this eye-opening session! bsidesfrankfurt.org

English

630

Chaplin retweetledi

BSidesFrankfurt@BSidesFRA·19 Haz

BREAKING! Save the date! Workshops at BSidesFrankfurt on Thu, August 28, 2025. First come, first serve. Details soon - block your calendar Thu+Fri!

English

621

Chaplin retweetledi

BSidesFrankfurt@BSidesFRA·18 Şub

Exciting News! The date and location for the next BSidesFrankfurt are officially set! Mark your calendars: Friday, August 29, 2025, at Campus Westend, Goethe University. Stay tuned for ticket sales and further updates. In the meantime, revisit past recordings and help spread the word! We’re also looking for sponsors - a great opportunity to support the cybersecurity community and gain valuable exposure. If you're interested, reach out to us! Recordings (updated monthly): @BSidesFrankfurt" target="_blank" rel="nofollow noopener">youtube.com/@BSidesFrankfu…

English

996

Chaplin retweetledi

SECUINFRA FALCON TEAM@SI_FalconTeam·13 Şub

🚨Malware distributed via Steam Fancy a bit of after work gaming? Beware of infostealer malware distributed via the Steam store! Using @steamdb we managed to visually identify a very suspicious file in the game files. Luckily, we managed to retrieve a sample for analysis, which will follow in this thread.

SteamDB@SteamDB

A game called PirateFi released on Steam last week and it contained malware. Valve have removed the game two days ago. Users that played the game have received the following email:

English

19.2K

Chaplin retweetledi

BSidesFrankfurt@BSidesFRA·8 Mar

This year's #BSidesFrankfurt is bigger and better, now at University Campus Frankfurt. Join us for insightful tracks, international keynotes, and a special kids' track with hands-on hacking courses. Interested in inspiring young minds? We're seeking volunteer teachers!

English

1.3K

Chaplin@ChaplinSec·18 Ara

@vxunderground @InvictusIR

GIF

QME

vx-underground@vxunderground·18 Ara

We are happy to announce our friends at @InvictusIR have hooked us up 2 seats to their Microsoft Cloud Incident Response course. Comment below for a chance to win:) This is $3,274 of IR material 😭🙏 Course details: academy.invictus-ir.com/advanced-incid…

English

515

413

62.6K

Chaplin retweetledi

SECUINFRA FALCON TEAM@SI_FalconTeam·7 Tem

Great catch @StopMalvertisin #APT29🎣! We created a #Yara hunting rule to look for similar SVGs and found this sample: test.svg MD5: 5d327af805d36036c79cca2a027c1168 First seen: 2023-06-10 Uses a b64 encoded payload called test[.]zip, contains a legit procexp64.exe. 1/2🧵

Kimberly@StopMalvertisin

Interesting #APT29 document uploaded to VT yesterday. Invitation - Santa Lucia Celebration.msg f29083f25d876bbc245a1f977169f8c2 The email itself is from June 23 2023 and contains an .SVG attachement which drops an .ISO image called "invitation.iso"

English

10.2K

Chaplin@ChaplinSec·28 Şub

@Volexity @volatility @tlansec @attrc Are also going to stream the sessions?

English

170

Volexity@Volexity·28 Şub

We are excited to announce the return of @Volexity Cyber Sessions! Our next #meetup will be May 10 @ 6:30PM. Come listen as @tlansec & @attrc share their talks on #threatintel, #dfir & #memoryforensics. Doors open at 6:30PM. Limited seating. Reserve now! meetup.com/volexity-cyber…

English

10.9K

Chaplin retweetledi

SECUINFRA FALCON TEAM@SI_FalconTeam·7 Şub

📰 #ESXiArgs #Ransomware is currently affecting more than 2000 #ESXi #Hypervisors around the world. In our lastest blog post we detail the analysis of the #malware artifacts, new #Yara rules to detect it and recommendations to keep your systems safe. ➡️ secuinfra.com/en/techtalk/hi…

English

7.6K

Chaplin retweetledi

SECUINFRA FALCON TEAM@SI_FalconTeam·13 Oca

Picking up where we left off yesterday: We created two #Yara rules for the #Magniber #Ransomware delivery method. You can find them in our GitHub Repository and on @abuse_ch Yaraify ⬇️ Have a nice weekend and happy hunting 🔍 github.com/SIFalcon/Detec… yaraify.abuse.ch/yarahub/rule/R…

SECUINFRA FALCON TEAM@SI_FalconTeam

#Magniber #Ransomware is continuing to spread fake Windows Update installers (.msi), but since yesterday the threat actors are also distributing .iso archives instead of .zip files. You can find our brief analysis of the msi and the lnk file below ⬇️ 1/3🧵

English

2.4K

Chaplin retweetledi

Alessandro Di Carlo@samaritan_o·4 Oca

Great research! Keep this path in mind if you're having trouble finding evidence of execution: "C:\Windows\appcompat\pca” New Windows 11 Pro (22H2) Evidence of Execution Artifact! aboutdfir.com/new-windows-11…

English

138

15.7K

Chaplin retweetledi

SECUINFRA FALCON TEAM@SI_FalconTeam·5 Tem

We analyzed a recent #Bitter #APT attack from their active campaign against Bangladesh featuring Microsoft Office exploitation, their #ZxxZ 2nd stage #backdoor and a previously undocumented #espionage tool we call #AlmondRAT. You can read our report here: secuinfra.com/en/techtalk/wh…

English

112

Chaplin@ChaplinSec·4 Tem

@c3rb3ru5d3d53c @malwrhunterteam @Myrtus0x0 @f0wlsec

QAM

ςεяβεяμs - мαℓωαяε яεsεαяςнεя@c3rb3ru5d3d53c·4 Tem

Destroying #Bitter #APT's #ZxxZ #Backdoor ✅ #Exploit+#Shellcode Analysis ✅ Building it's C2 Server to Execute a #Meterpreter Payload ✅ YARA/Suricata/Sigma ✅ #Ghidra Project ✅ #Malware Reverse Engineering ✅ Config Extraction c3rb3ru5d3d53c.github.io/malware-blog/2… youtube.com/watch?v=m3jrWo…

YouTube

ςεяβεяμs - мαℓωαяε яεsεαяςнεя tweet media

English

121

339

Chaplin retweetledi

Nathan McNulty@NathanMcNulty·8 Mar

This is super cool! Idea 💡 Sign up for Defender for Endpoint trial: aka.ms/MDEtrial Azure credits: azure.microsoft.com/en-us/offers/m… Set up Streaming API to a Storage account: docs.microsoft.com/en-us/microsof… Generate data with Atomic Red Team and similar. For 30d, expect ~1GB/device.

Matt Zorich@reprise_99

Not sure if this got enough love when it was announced, but you should 100% sign up to the free Azure Data Explorer instance - aka.ms/kustofree. 100 GB of storage, load up whatever data you want (csv, json, txt) and go ham with it

English

Chaplin retweetledi

Malwrologist@DissectMalware·17 Şub

Puzzled why a yara rule did or didn't match? Let me introduce yaradbg.dev, a web-based #yara #debugger! With #YaraDbg, you can see the: 1⃣ evaluation steps 2⃣ matched strings 3⃣ relationship among the rules

GIF

English

224

488

Chaplin retweetledi

James@jamesspi·4 Şub

If you're using @elastic agent with the @osquery manager integration, remember that you can run @yararules on demand, or schedule them, or both!

English

127

Chaplin retweetledi

SECUINFRA FALCON TEAM@SI_FalconTeam·4 Şub

🚨N-W0rm Analysis Part 2 is now online 🚨 #nw0rm YARA: github.com/SIFalcon/Detec… Article Part 1: secuinfra.com/en/techtalk/n-… Article Part 2: secuinfra.com/en/techtalk/n-… #DFIR #Malware #infosec #CyberSecurity #YARA #100DaysofYARA

English

Chaplin retweetledi

SECUINFRA FALCON TEAM@SI_FalconTeam·1 Şub

🚨N-W0rm Analysis Part 1 This article shows our analysis of a N-W0rm sample. This appears to be a relatively new sample and according to Malware Bazaar the first sample was seen on the 18th January 2022. secuinfra.com/en/techtalk/n-… #nw0rm #DFIR #Malware #infosec #CyberSecurity

English

Chaplin retweetledi

SECUINFRA FALCON TEAM@SI_FalconTeam·28 Oca

🚨Deep Dive into N-W0rm 🚨 (Article next week, stay tuned) 🚨Hashes: 3d8ff7f298f64d9150a11e61dcbfd87b 9ce8d6f136b95fab140bc8904666003a e04e4cb7e410b885babba54cd59d5ae9 83dc22a1493e609b8b16f732e909418f 08587e04a2196aa97a0f939812229d2d #ThreatIntel #Malware #DFIR #nW0rm

English

Chaplin retweetledi

SECUINFRA FALCON TEAM@SI_FalconTeam·24 Oca

Cobalt Strike, a Defender’s Guide – Part 2 by @TheDFIRReport - thank you for sharing! thedfirreport.com/2022/01/24/cob… #DFIR #CobaltStrike

English

Keşfet

@steamdb @vxunderground @InvictusIR @StopMalvertisin @Volexity @volatility @tlansec @attrc