Edoardo Rosa

199 posts

Edoardo Rosa

@_notdodo_

Security Engineer: loving cloud, red teaming, automation and learning

Katılım Şubat 2013

205 Takip Edilen164 Takipçiler

Edoardo Rosa@_notdodo_·16 Mar

@luc4m @BleepinComputer @securityaffairs @csirt_it @h2jazi @StopMalvertisin @WhichbufferArda @serghei @LawrenceAbrams @mayank_jee @github

QAM

109

lc4m@luc4m·16 Mar

IoC: GH account: hishamaboshami App ID: Ov23liQMsIZN6BD8RTZZ Almost 4k attempts in few minutes.. be careful 🧐 @BleepinComputer @securityaffairs @csirt_it @h2jazi @StopMalvertisin @WhichbufferArda @serghei @LawrenceAbrams @mayank_jee

English

2.1K

lc4m@luc4m·16 Mar

#phishers get creative to hack into project maintainers. TTP: - GH account with name "GitHub Notification" - open issue to well know security repo with "Security Alert: Unusual Access Attempt" - the fake login authenticate rouge third party app. Smells #DPRK? @vxunderground

English

15.8K

Edoardo Rosa@_notdodo_·10 Şub

@malwrhunterteam @github invisibleferret stage virustotal.com/gui/file/c83ab…

English

Edoardo Rosa@_notdodo_·10 Şub

@malwrhunterteam @github yeah, I reported it on Friday but I have the repository locally and uploaded here virustotal.com/gui/file/d958d…

English

207

Edoardo Rosa@_notdodo_·10 Şub

please watchout; this repo https://github].[com/TechDevNest[/]BTSwap is dropping #BeaverTail and #InvisibleFerret some IoCs: 216.173.115[.]200:1244 67.203.7[.]205:1244 45.59.163[.]55:1244 95.179.135[.]133:1244 node ~/.vscode/test.js python3 "~/.npl" @github @malwrhunterteam

English

2.2K

Edoardo Rosa@_notdodo_·10 Şub

@github @malwrhunterteam virustotal.com/gui/file/06972…

QME

180

Edoardo Rosa@_notdodo_·10 Şub

@github @malwrhunterteam virustotal.com/gui/file/1cd0c…

QME

201

Edoardo Rosa retweetledi

Fabrizio Margotta@fam4r·18 Eyl

Ongoing spam campaign involving github repos. Domain github-scanner[.]com puts malicious content in users clipboard upon button click and requiring for Windows payload execution cc @malwrhunterteam

English

12.3K

Edoardo Rosa retweetledi

JAMESWT@JAMESWT_WT·19 Eyl

#Ursnif SMB 62.173.145.]113 [.]164 #Italy Change from exe To Vbs > Url > exe payload Samples bazaar.abuse.ch/browse/tag/62-… Url http://serverlogins].com/pit.exe Run app.any.run/tasks/0f33d667… cc @felixw3000 @58_158_177_102 @fumik0_ @sugimu_sec @bry_campbell

JAMESWT@JAMESWT_WT

@Tac_Mangusta @James_inthe_box @AgidCert @guelfoweb @reecdeep @executemalware @malwrhunterteam @VirITeXplorer #Ursnif SMB 62.173.145.]113 #Italy Samples bazaar.abuse.ch/browse/tag/62-… cc @58_158_177_102 @felixw3000 @fumik0_

English

8.6K

Edoardo Rosa retweetledi

Luca Bongiorni@CyberAntani·15 Ağu

Ok fellas... I am droppping a thread about all the cool #Hackers 🧑‍💻🥷stuff I have found around #Aliexpress... It will keep growing with the time! #HackerArsenal

GIF

English

123

624

171.2K

Edoardo Rosa retweetledi

On Rugby@onrugby_it·27 May

La squadra rinuncia alla finale per dare il suo sostegno onrugby.it/2023/05/27/la-…

Italiano

440

Edoardo Rosa@_notdodo_·19 May

@VodafoneIT Ma dato che è palese che c'è un problema non converrebbe magari prima farci sapere di cosa si tratta e darci almeno dei tempi. Giusto per evitare di fare il reboot della station inutilmente solo per far prendere tempo al supporto. downdetector.it/problemi/vodaf…

Italiano

Vodafone it@VodafoneIT·19 May

@_notdodo_ Ciao Edoardo, puoi riprovare adesso a mandarci un messaggio privato con i tuoi dati? Grazie mille, ^SB

Italiano

Edoardo Rosa@_notdodo_·19 May

@VodafoneIT tutto ok? Da 3 giorni provo ad andare sull'area riservata (per segnalare un disservizio ovviamente) e prima Ops! poi da oggi nemmeno il login sembra più dare soddisfazioni.

Italiano

116

Edoardo Rosa@_notdodo_·19 May

@VodafoneIT Non riesco a mandarvi un DM. I dettagli sono quelli degli screenshots sopra: internet fisso andato e quello mobile a singhiozzi da giorni

Italiano

Vodafone it@VodafoneIT·19 May

@_notdodo_ Ciao Edoardo, siamo a tua disposizione per darti assistenza; ti invitiamo a mandare un DM con i dettagli della tua richiesta. Grazie, ^SI.

Italiano

Edoardo Rosa@_notdodo_·1 Nis

@JAMESWT_MHT It looked like Emotet because hijacked an old Emotet email thread (I'm no expert, sorry). The onenote payload downloads a DLL (entry point "#7") from http://77[.]91[.]101[.]159/it2/DQncBcJ3wbjrb1TNb7GxtPq9jM0xgNY7ew~~/6qHnEun7fuZXPvjYKuE691Q9NIiWdMM_OA~~

English

JAMESWT@JAMESWT_WT·31 Mar

another onenote sample bazaar.abuse.ch/sample/932e654… cc @_notdodo_ not looks emotet

English

770

JAMESWT@JAMESWT_WT·31 Mar

H/T @pr0xylife Onenote sample > Bat > curl url > Dll geofenced ITA🔽 bazaar.abuse.ch/browse/tag/BR-… Url urlhaus.abuse.ch/url/2592658/ Run app.any.run/tasks/c212e16c…

English

18K

Edoardo Rosa@_notdodo_·8 Mar

@intigriti Hey I'm there!

GIF

English

Intigriti@intigriti·18 Oca

That's all folks! Only joking you can read the full article with all of these plus more 🫵 go.intigriti.com/bugbytes-190

GIF

English

2.7K

Intigriti@intigriti·18 Oca

EXTRA EXTRA read all about it, a peak into this week's #BugBytes

GIF

English

12.4K

Edoardo Rosa@_notdodo_·9 Ara

If you don't know what to do with the Oracle cloud free tier instance here's an idea: github.com/notdodo/pulumi… If not inspired at least you have a quick way to destroy and start again! #freetier #oracle #pulumi #k8s #k3s

English

Edoardo Rosa retweetledi

Bishop Fox@bishopfox·27 Kas

A #pentesting tool for your #hacking arsenal: Use nuvola to dump + perform automatic & manual #security analysis on #AWS environments, configurations, and services via predefined, extensible and custom rules created w/ a simple #Yaml syntax. Try it today! bfx.social/3TUVYIm

English

Edoardo Rosa retweetledi

Datadog, Inc.@datadoghq·5 Eki

We are proud to release Datadog's first security study: "The State of AWS Security - A Look Into Real-World AWS Environments" Read the report to learn about key mechanisms to secure AWS environments and how organizations worldwide are implementing them. dtdg.co/state-of-aws-c…

English