Doel Santos

839 posts

Doel Santos banner
Doel Santos

Doel Santos

@SantosDoel

Threat Intel and enjoyer of memes

Katılım Eylül 2011
492 Takip Edilen222 Takipçiler
Doel Santos retweetledi
vx-underground
vx-underground@vxunderground·
vx-underground tweet media
Microsoft Threat Intelligence@MsftSecIntel

Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux. The file name transformers.pyz appears deliberately chosen to mimic the widely used Hugging Face Transformers library and blend into ML/dev environments. The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran. To mitigate this threat: isolate affected Linux hosts, block 83[.]142[.]209[.]194, hunt for /tmp/transformers.pyz, pgmonitor[.]py, and pgsql-monitor.service, and rotate exposed credentials.

ZXX
32
853
8.6K
412K
Doel Santos retweetledi
Men of Tribe
Men of Tribe@menoftribe·
@claudeai Happens every day now...
Men of Tribe tweet media
English
15
221
5.5K
338.9K
Renzon
Renzon@r3nzsec·
DFIR analysts who use macOS as their daily driver deserve free and native forensic tooling. So I built one. 🍎 Introducing 𝗜𝗥𝗙𝗹𝗼𝘄 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 — a timeline analysis app built from the ground up for Mac-based DFIR folks, forensic investigators, or SOC analysts. Built in appreciation of, and inspired by, Eric Zimmerman’s Timeline Explorer. Every feature in this tool was shaped by real IR casework. Handling massive timelines, parsing artifacts here and there, and pivoting across logs during active investigations. I built IRFlow Timeline to be the native macOS timeline analyzer that actually keeps up with a live case. Every button and view is intentional; if it’s in the app, it’s because I needed it mid-case and realized the standard tools fell short. No dependencies. Zero setup. Just drag, drop, and analyze. #dfir #incidentresponse #timeline #macos #threathunitng #digitalforensics
English
20
118
503
39.3K
Doel Santos retweetledi
Unit 42
Unit 42@Unit42_Intel·
🏆 Unit 42 research wins the Péter Szőr Award at #VB2025! The development of our Attribution Framework by Andy Piazza, Kyle Wilhoit, Robert Falcone and David Fuertes is recognized as outstanding technical security research. Read it here: bit.ly/46nvHvB
Unit 42 tweet media
English
1
17
58
9.4K
Doel Santos retweetledi
Andy Piazza
Andy Piazza@klrgrz·
New job post! We’re hiring a senior principal threat researcher to join one of my teams - read: seasoned threat hunter with lots of experience in large datasets. jobs.smartrecruiters.com/PaloAltoNetwor…
English
5
29
77
18.3K
Doel Santos retweetledi
Unit 42
Unit 42@Unit42_Intel·
Our telemetry revealed an interesting case of #BoggySerpens (#MuddyWater) against a Middle East target: Persistence through scheduled task that runs PowerShell to abuse AutodialDLL registry key. AutodialDLL loads DLL for C2 framework. Details at bit.ly/4aIQDMU
Unit 42 tweet media
English
0
58
142
20.1K
Doel Santos retweetledi
BSidesCharm
BSidesCharm@BSidesCharm·
BSidesCharm extends its deepest sympathies to all affected by the Key Bridge tragedy. Our hearts are with the individuals and families impacted, and we commend the swift action of our first responders to save lives. Let us unite in support and solidarity as Charm City. We will monitor and communicate any impact to our friends attending our event.
English
0
10
26
3K
Doel Santos retweetledi
Bryce
Bryce@bryceabdo·
github malware devs posting about their new repos
English
3
28
124
19.4K
Doel Santos retweetledi
Unit 42
Unit 42@Unit42_Intel·
2023-10-12 (Thursday): The latest example of #DarkGate malware distributed through Microsoft Teams. Attacker poses as target organization's CEO and sends victim a Teams invite. Message contains password-protected zip archive. IOCs available at bit.ly/3rY1hi1
Unit 42 tweet mediaUnit 42 tweet mediaUnit 42 tweet mediaUnit 42 tweet media
English
1
95
254
47.2K
Doel Santos retweetledi
vx-underground
vx-underground@vxunderground·
Here is the full video of the Polish CBZC (Central Bureau for Combating Cybercrime) arresting individuals associated with DDoS as a Service providers. Viewer discretion is advised. The levels of dorkiness are off of the charts.
English
40
83
481
182.4K
Doel Santos
Doel Santos@SantosDoel·
Doyle is going to be my new haxx0r name! Having a great time at @SLEUTHCON
Doel Santos tweet media
English
0
1
11
500
Doel Santos retweetledi
Brett Callow
Brett Callow@BrettCallow·
"#Dallas Police Department computers are still down after the city’s system was attacked by #ransomware on Wednesday, so it’s hard for them get information on prior calls to the home, they say." wfaa.com/article/news/c…
English
1
9
15
11.1K
Doel Santos retweetledi
vx-underground
vx-underground@vxunderground·
.@Activision was breached December 4th, 2022. The Threat Actors successfully phished a privileged user on the network. They exfiltrated sensitive work place documents as well as scheduled to be released content dating to November 17th, 2023. Activision did not tell anyone.
vx-underground tweet mediavx-underground tweet mediavx-underground tweet mediavx-underground tweet media
English
66
442
2.2K
598.8K

Keşfet

@claudeai @Unit42_Intel @r3nzsec @SASSnRaaS @vxunderground @SLEUTHCON @jkamdjou @elonmusk