DrStache

341 posts

DrStache

@DrStache_

CTF player with @AperiKube 🧊 Co-author of @AZORult_Tracker 🦅

France Katılım Temmuz 2016

628 Takip Edilen1.2K Takipçiler

DrStache retweetledi

HACK2G2@hack2g2·21 Tem

🗓️ Annonce Samedi 16 septembre se tiendra notre événement phare : la HitchHack 2023 ! Une journée complète dédiée pour des conférences ! Nous cherchons des conférenciers pour cet évènement ; plus de détails dans les tweets suivants ⬇️

Français

6.3K

DrStache@DrStache_·5 Haz

@kmkz_security @Blaklis_ @joaxcar Here are two recent examples where reflected XSS were exploited by APT groups. twitter.com/billyleonard/s… proofpoint.com/us/blog/threat…

billy leonard@billyleonard

TAGs favorite 🤖 @wxs has been finding new FROZENLAKE (APT2⃣8⃣) daily, including XSS on 🇺🇦 gov websites they are using for cred phishing. For the past few months, FL has been shipping phished creds to compromised Ubiquiti devices .. 6/🧵

English

1.4K

kmkz@kmkz_security·4 Haz

@Blaklis_ @joaxcar Well.. how many real life incident started with this? Ask for a friend... so yeah useless except in BB sadly

English

450

Johan Carlsson@joaxcar·3 Haz

This one was weird "we had a regression and many others reported it, so we will lower the bounty to 10%". I mean, either you have a vulnerability or you dont. Blaming regression was a new one..

publiclyDisclosed@disclosedh1

Reddit disclosed a bug submitted by mrzheev: hackerone.com/reports/1962951 - Bounty: $500 #hackerone #bugbounty

English

28.9K

DrStache retweetledi

Aperi'Kube@AperiKube·20 Mar

Aperi'Kube termine deuxième au #BreizhCTF2023 🥈 Merci à @gcc_ensibs et aux copains (cc @Zeecka_, @b0oml) pour les challs, et un gros GG aux admins pour l'infra ! @teamBrewette RDV l'année prochaine 🤗

Français

5.7K

DrStache@DrStache_·23 Ara

@dor0n1 @James_inthe_box @jstrosch @JAMESWT_MHT @executemalware @fumik0_ @ViriBack @Mister_Ch0c It's not maintained, but I try to keep LP-DB up to date lp-db.github.io/lp-db/

English

dor0n@dor0n1·23 Ara

@James_inthe_box @jstrosch @JAMESWT_MHT @executemalware @fumik0_ @ViriBack @Mister_Ch0c u still Update this one?

English

Josh Stroschein | The Cyber Yeti@jstrosch·23 Ara

#opendir stealer #panel - poss #vidar or #arkei? hxxp://152.89.218[.]27/zz/ @James_inthe_box @JAMESWT_MHT @executemalware

Josh Stroschein | The Cyber Yeti tweet media

5.7K

DrStache retweetledi

Aperi'Kube@AperiKube·20 Haz

Après une longue absence, Aperi'Kube remporte la 1ère place au #FakeCTF 🎉! Merci aux organisateurs @teamfakenews et bravo aux autres équipes ! Cc @teamBrewette et FC Ronald 👌.

Français

DrStache@DrStache_·2 May

@Abjuri5t @AZORult_Tracker @HybridAnalysis @fr3dhk @abuse_ch @ViriBack @malbeacon Yeah, Delis LLC is full of AZORult C2 azorult-tracker.net/s/asn/AS211252

English

John F - abjuri5t.bsky.social@Abjuri5t·1 May

Cluster of #malware C2s hosted on 45.133.1.0/24 - DELIS LLC 🔥 45.133.1[.]13 45.133.1[.]20 45.133.1[.]45 45.133.1[.]107 45.133.1[.]191 Includes #C2 servers for #AZORult #Redline #Mirai and #Lokibot cc @AZORult_Tracker @HybridAnalysis @fr3dhk @abuse_ch @ViriBack @malbeacon

English

DrStache@DrStache_·29 Mar

@pr0xylife @ankit_anubhav @x3ph1 @Max_Mal_ @1ZRR4H @Ledtech3 Panels' statistics azorult-tracker.net/s/asn/AS60567

Català

proxylife@pr0xylife·24 Mar

@ankit_anubhav @x3ph1 @Max_Mal_ @1ZRR4H @Ledtech3 Have some more :) They really are being creative... bazaar.abuse.ch/sample/12a5eb4… http://84.38.132.]43/roth/AttRoth2.jpg http://84.38.132.]43/roth/Roth2.jpg c2' http://185.29.8.]100/Panel/index.php

English

Ankit Anubhav@ankit_anubhav·23 Mar

#Azorult RabbitHole Malspam ⬇️ ISO attachment ⬇️ VBS unzip ⬇️ PowerShell launch ⬇️ Binary to ASCII conversion ⬇️ Download fake png from opendir ⬇️ Compile payload on fly using aspdot_net ⬇️ Theft ⬇️ POST to C2 ⬇️ Persistence by moving file to startup bazaar.abuse.ch/sample/e93cc14…

English

DrStache@DrStache_·12 Oca

@Marco_Ramilli @_odisseus @Arkbird_SOLG @JAMESWT_MHT @JCyberSec_ You can follow the evolution of the number of victims since November on @AZORult_Tracker azorult-tracker.net/panel/6198ca8f…

English

Marco Ramilli@Marco_Ramilli·8 Oca

It looks like being a quite successful Command&Control server (427 infected host controlled). Please put it in your blacklists 👍 🔗: ://drossmnfg .com/stallion/panel/admin.php 🦠: #AZORult #malware #C2

English

DrStache retweetledi

Haax@Haax9_·9 Oca

[FR] Hey Twitter! Il y a plus d'an, je publiais un premier article dédié à l'analyse et la géolocalisation d'une photo prise depuis un avion via #OSINT #GEOINT. Après plusieurs semaines (mois...) de procrastination, publication aujourd'hui du volume 2 ! Au programme... [1/3]

Français

DrStache@DrStache_·20 Kas

@H_Miser @x0rz twitter.com/PRODAFT/status…

PRODAFT@PRODAFT

PRODAFT Threat Intelligence (PTI) team has issued a new report on the inner workings of the notorious #Conti ransomware group which is currently recognized as the most dangerous #ransomware operation in terms of its revenue and target selection. prodaft.com/resource/detai…

QME

Hash Miser@H_Miser·20 Kas

@x0rz what's the source of that screenshot?

English

x0rz@x0rz·20 Kas

I love how they casually mention having a shell on Conti server 🤩

pancak3@pancak3lullz

“One of the most valuable pieces of threat intelligence we discovered is the the real IP address of Conti’s TOR hidden service and contirecovery[.]ws, and 217.12.204.135, on Tuesday, 28 September 2021 21:30:03 UTC.”

English

225

DrStache retweetledi

ANSSI@ANSSI_FR·1 Eki

L'#ECSC2021 s'achève ce soir avec une 4⃣ place amplement méritée pour l’Équipe France. 🇫🇷 Félicitations à toutes les équipes et aux joueurs & coachs de la #TeamFR pour cette compétition. @ecsc2021 Rendez-vous l'année prochaine en 🇦🇹 pour l’#ECSC2022 !

Français

107

DrStache retweetledi

AZORult Tracker@AZORult_Tracker·21 Eyl

For those who are curious about how Azorult Tracker works, @DrStache_ and @b0oml had the opportunity to present the project at the #hitchhack2021 organized by @hack2g2. The replay is available (it's in French 🇫🇷). youtube.com/watch?v=h8SJ5R…

YouTube

English

DrStache retweetledi

HACK2G2@hack2g2·24 May

Reprise des festivités de la #hitchhack2021 en live à 14h avec @DrStache_ et @b0oml pour "@AZORult_Tracker : behind the scene" 🦅

GIF

Français

DrStache@DrStache_·2 Nis

@ViriBack The login page and css files are similar to the TRON stealer panel. github.com/lucianmaxx/TRO…

English

Dee@ViriBack·1 Nis

#Avalon ? #Malware C2 on atarbiyahpulpen[.online/login.php app.any.run/tasks/01b6288b…

Indonesia

DrStache@DrStache_·11 Şub

LP-DB now contains over 300 login pages 🎉 lp-db.github.io/lp-db/ Thanks to @ANeilan for the contributions!

English

DrStache@DrStache_·8 Şub

@OSINTDojo We can then validate the location via google maps: 47.24471937419535, -122.43736565558046

English

DrStache@DrStache_·8 Şub

@OSINTDojo According to the date on the photo, it was taken at 5:17:37 on February 5, 2021. We search for the camera IP on maxmind's GeoIP2 database in order to locate it: Tacoma, Washington, United States. shodan.io/host/128.208.2… maxmind.com/en/geoip-demo

English

OSINT Dojo@OSINTDojo·8 Şub

For today’s #MondayMotivation #OSINT challenge, see if you can answer the following questions about the attached photo. Which University runs the ISP for this webcam? At what time did the webcam take this photo? What is the lat/long of the attached photo?

English

DrStache@DrStache_·1 Şub

@OSINTDojo We can finaly use the Shodan API in order to find the port that was exposed on the IP address 14.250.13[.]233. #historic-data" target="_blank" rel="nofollow noopener">help.shodan.io/developer-fund…

English

DrStache@DrStache_·1 Şub

@OSINTDojo Searching for "Dong Hoi, Tinh Quang Binh" on Google image we find this website quangbinhtravel.vn/du-lich-thanh-… It contains a picture of a hotel that looks like the one on the webcam view, the Vinpearl Hotel.

English

OSINT Dojo@OSINTDojo·1 Şub

For today’s #MondayMotivation #OSINT challenge, see if you can answer the following questions about the attached photo. What city is this webcam located in? What is the name of the hotel in the background? What port was previously open on this device that is now closed?

English

Keşfet

@kmkz_security @Blaklis_ @joaxcar @gcc_ensibs @Zeecka_ @b0oml @teamBrewette @dor0n1