
EncapsulateJay
146 posts

EncapsulateJay
@EncapsulateJ
SOC Analyst @HuntressLabs Volunteer @TheDFIRReport


Anyone looking for 2 knocked loose tickets for academy tomorrow face value DM me x

Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware In April, we observed an intrusion that began with a malicious MSI masquerading as Sysinternals RAMMap and ended in domain-wide deployment of The Gentlemen ransomware. The intrusion featured EtherRAT, Ethereum-based EtherHiding C2 configuration, TryCloudflare tunnels, GoTo Resolve, Rclone exfiltration to Wasabi, and a newer malware framework named TukTuk. TukTuk stood out for its resilient C2 design, using SaaS and cloud platforms such as ClickHouse and Supabase, with support for Ably, Dropbox, GitHub Issues, direct HTTP, Slack, and Arweave-based dead-drop configuration retrieval. Detection opportunities included! ➡️ Full report is linked in the replies. #ThreatIntel #ThreatHunting #DigitalForensics







🐈 Cat’s Got Your Files: Lynx Ransomware 🎉New report out by @Friffnz, Daniel Casenove & @MittenSec!🎉 Attackers used stolen creds to access RDP, quickly pivoted to a DC with a second compromised admin, created impersonation accounts, mapped the environment, and more.



🌟New report out today!🌟 Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs Analysis and reporting completed by @r3nzsec, @EncapsulateJ, @rkonicekr, & Adam Rowe Audio: Available on Spotify, Apple, YouTube and more! Report:⬇️

NEW LAB: Scattered Spider (UNC3944) 🕷️🕸️ Scattered Spider hits indie studio AB Projekt Blue, deploying ransomware and stealing unreleased game code. Test your skills on: 👀 Social Engineering & MFA Fatigue 👀 Credential Theft via OST Files 👀 Bring Your Own Vulnerable Driver (BYOVD) 👀 EDR Manipulation 👀 Custom Ransomware Binary 👀 RMM Exploitation Lab Contributors Adversarial Emulation @q8fawazo Incident Response @r3nzsec Threat Intelligence @CuratedIntel Solve it here 👉 xintra.org @XintraOrg






More art than science.









