Rambo

437 posts

Rambo

@R44MB00

OSCP, CRTE, Hacker, Researcher

Medellín, Colombia Katılım Ekim 2016

449 Takip Edilen107 Takipçiler

Sabitlenmiş Tweet

Rambo@R44MB00·1 Nis

Real interesting stuff. "When everything you can want to know about a program’s behaviour can be found by RE, then source code for software becomes more like blueprints for a building: a record at best of what was intended or specified, but not necessarily of what got built."

English

Rambo retweetledi

Tom Hegel@TomHegel·3 Şub

The Notepad++ CN APT incident - Quick reference to help keep up: 1. Incident overview: (notepad-plus-plus.org/news/hijacked-…) 2. @rapid7 MDR Analysis with IOCs: (rapid7.com/blog/post/tr-c…) 3. @ValidinLLC Infrastructure Analysis w/ new IOCs/pivot methods: (validin.com/blog/exploring…) ...

English

329

27.8K

Rambo retweetledi

MalDev Academy@MalDevAcademy·8 Oca

As promised, today we released DumpBrowserSecrets a tool which extracts passwords, tokens, cookies and other data from several browsers. github.com/Maldev-Academy…

English

195

1.1K

66K

Rambo@R44MB00·5 Eki

Had such a great time speaking at BSides Toronto! @BSidesTO thank you for having me and everyone for attending. Slides and video to be available soon. #hacktheplanet #malware #opensource

English

105

Rambo@R44MB00·25 Oca

One of our latest finds while combing through open source packages. #npm #malware #hacktheplanet

Ax Sharma@Ax_Sharma

Security researcher Juan Aguirre aka @R44MB00 analyses #npm package 'distube-config' caught dropping Windows info-stealing malware under the guise of 'UnityLibraryManager.exe' 🎭 blog.sonatype.com/fake-distube-c… #opensource

English

Rambo retweetledi

eversinc33 🤍🔪⋆｡˚ ⋆@eversinc33·6 Haz

Dumbest AMSI bypass I know so far, but it works: sideloading a fake amsi.dll to a copied version of powershell which simply return S_OK / AMSI_RESULT_CLEAN for every command. I would have thought that there was some kind of signature check upon loading amsi.dll but apparently not

English

262

885

105.7K

Rambo@R44MB00·6 Nis

The burnout is real! 🥴🔥🔥🥴 Friendly reminder to do something for yourself today.

English

Rambo retweetledi

Sonatype@sonatype·19 Oca

.@Sonatype's Juan Aguirre (@R44MB00) gets back to the basics on how to research and identify threats. ⏪ Juan dives into the waters 🌊 of malware analysis and provides best practices for analyzing Python malware 🐍 bit.ly/3GU6c74

English

244

Rambo retweetledi

vx-underground@vxunderground·6 Ara

Surprise! Another ChatGPT tweet! Except this time it is people making ChatGPT punch itself in the face *Images via @Kevin2600

English

187

1.4K

Rambo retweetledi

MalwareHunterTeam@malwrhunterteam·16 Kas

Very legit IP address, right? 😂

English

116

184

1.7K

Rambo retweetledi

Orange Tsai 🍊@orange_8361·8 Ağu

🔥 msrc-blog.microsoft.com/2022/08/08/mic…

Haifei Li@HaifeiLi

Someone woke me up for Microsoft releasing Office symbols, did the sun raise from the west today?

QME

120

Rambo retweetledi

PT SWARM@ptswarm·4 Ağu

🔥 A tip for getting RCE in Jetty apps with just one XML file!

English

238

720

Rambo@R44MB00·20 Tem

I would love to see more of this and also personally work more on it.

Haifei Li@HaifeiLi

Personally, I'd prefer to see the community pay more attentions on novel attack surface/vector research rather than particular bugs. Attack surface/vector research is the real work, bugs are just expected results. :)

English

Rambo retweetledi

Ax Sharma@Ax_Sharma·6 Haz

LockBit ransomware has published a new page on its data leak website today, saying that the 356,841 files they allegedly stole from Mandiant will be leaked online. - @serghei bleepingcomputer.com/news/security/…

English

Rambo@R44MB00·5 Haz

I wonder what the password is? #airport #opsec #hacktheplanet #vivaair

English

Rambo retweetledi

shubs@infosec_au·3 May

A few months ago, I collaborated with @HusseiN98D to find critical vulnerabilities in a bank. It involved finding a 0day in dotCMS. You can read about the discovery and exploitation process here: blog.assetnote.io/2022/05/03/hac…

English

177

582

Rambo retweetledi

Corben Leo@hacker_·27 Nis

Authorization. Easy to understand. Critical if implemented incorrectly. Want to see an example? (dumb question Corben, yes, why not) Last month, I found an auth bypass that lead to a full account takeover. Here's how I found it:

English

226

809

Rambo retweetledi

The Bug Bounty Hunter@tbbhunter·26 Nis

Exploiting remote code execution within VirusTotal platform in order to gain access to its various scans capabilities. cysrc.com/blog/virus-tot…

English

Rambo retweetledi

Ax Sharma@Ax_Sharma·25 Nis

For anyone puzzled by strange stuff on NPM lately 🤔 Random #opensource packages, each with HUNDREDS OF 'security placeholder' versions but no malicious code are being published daily. cc @R44MB00

English

Rambo@R44MB00·20 Nis

@mcipekci @SynackRedTeam 393 bugs ~ 300k 82 bugs ~ 200k Now that's growth and improvement! Looks like a lot of effort and time put in to the example sqli , but a clear reward can be seen in the numbers. Awesome stuff!

English

Mustafa Can İPEKÇİ@mcipekci·20 Nis

As of today I passed half million milestone on @SynackRedTeam with 200k of it on last 90 days. So far this month about to catch previous one too, we will see what is going to happen in next 10 days :). #bugbounty #bugbountytips

English

270

Rambo retweetledi

Maddie Stone@maddiestone·19 Nis

Today we're sharing our Year in Review of 0-days exploited in-the-wild in 2021. Here's our takeaways from this record breaking year. googleprojectzero.blogspot.com/2022/04/the-mo…

English

217

526

Keşfet

@rapid7 @ValidinLLC @BSidesTO @sonatype @Kevin2600 @serghei @HusseiN98D @mcipekci