bobrossthemalwarehunter

234 posts

bobrossthemalwarehunter

bobrossthemalwarehunter

@bobross_malware

I like malware, memes, infosec, and Happy little trees https://t.co/KaB4YF30Dx

Katılım Aralık 2018
537 Takip Edilen77 Takipçiler
星
@HOSHIgensin·
最後の昇竜のあとsa3入らない? 助けて上手い人
日本語
15
1
155
188.6K
bobrossthemalwarehunter retweetledi
HasanBroker
HasanBroker@hasanbroked·
https://breached[.]st/threads/hello-breachforums.86013/ Site is launched.
English
10
1
62
7.6K
bobrossthemalwarehunter retweetledi
cr3ghost
cr3ghost@cr3ghost·
Adding to this list. All free. No paywall. No signup. exploitreversing.com - 700+ pages of malware analysis and exploit research class.malware.re - full university malware analysis course malwareunicorn.org - RE101, RE102, macOS RE, PE injection azeria-labs.com - ARM assembly, shellcode, heap exploitation revers.engineering - applied RE series and hypervisor development pwn.college - buffer overflows to kernel exploitation p.ost2.fyi - 30+ courses, WinDbg, IDA, Ghidra, UEFI, kernel exploitation corelan.be - 41 tutorials spanning 17 years of exploit dev fuzzysecurity.com/tutorials.html - 19-part series, usermode to kernel windows-internals.com - Windows internals, secure kernel, VBS, KDP, dynamic analysis YouTube: @_JohnHammond" target="_blank" rel="nofollow noopener">youtube.com/@_JohnHammond @LiveOverflow" target="_blank" rel="nofollow noopener">youtube.com/@LiveOverflow @lauriewired" target="_blank" rel="nofollow noopener">youtube.com/@lauriewired @allthingsida" target="_blank" rel="nofollow noopener">youtube.com/@allthingsida @OpenSecurityTraining" target="_blank" rel="nofollow noopener">youtube.com/@OpenSecurityT… Thousands of dollars worth of knowledge. All free. #ReverseEngineering #MalwareAnalysis #InfoSec
cr3ghost tweet mediacr3ghost tweet mediacr3ghost tweet mediacr3ghost tweet media
RussianPanda 🐼 🇺🇦@RussianPanda9xx

I have been seeing reverse engineering / malware analysis courses that cost thousands of dollars. Do you know you can actually learn that for free, right? There are also a bunch of other courses out there that are way cheaper or even free: - courses.0ffset.net - malwareanalysis-for-hedgehogs.com - invokere.com - github.com/RPISEC/MBE - guyinatuxedo.github.io/index.html - openanalysis.net - p.ost2.fyi - taomm.org

English
7
261
1K
59.1K
bobrossthemalwarehunter
bobrossthemalwarehunter@bobross_malware·
SimpleHelp RMM Authentication Bypass (CVE-2026-48558) TLDR:- OIDC accepts identity tokens without verifying the signature. forge a JWT that says you're an admin technician and it just believes you. CVSS 10.0, already used to drop Djinn Stealer lol Link:- helpnetsecurity.com/2026/06/30/sim…
English
0
0
1
83
bobrossthemalwarehunter
bobrossthemalwarehunter@bobross_malware·
Hackers Disable Defender, Sysmon, and WAF Before Dumping Credentials With Mimikatz TLDR:- they kill the telemetry first (defender off, sysmon unloaded, waf blind) then dump. mimikatz is the last & least interesting step lol Link:- cybersecuritynews.com/hackers-disabl…
English
0
0
1
22
bobrossthemalwarehunter retweetledi
vx-underground
vx-underground@vxunderground·
> Peter Stokes > Scattered Spider guy > Arrested > Microsoft helps FBI > Read court documents > Page 12 > Microsoft tracks Stokes from GDID > Microsoft Global Device Identifier (GDID) > Stokes used Windows > Page 34 > GDID assigned to each OS install > GDID unique to each device > GDID only change if OS wiped > Stokes GDID 6755467234350028 > GDID reported internet activity to Microsoft > GDID showed Stokes using Ngrok > GDID reported Stokes IP address > GDID showed Stokes web activity > GDID showed timestamps of web activity > GDID mapped with video game activity > GDID showed games played > GDID undocumented > GDID only mentioned in one MSDN document > Azure UCDOStatus > Azure Monitor Logging
vx-underground tweet media
English
255
1.4K
10.9K
1.3M
bobrossthemalwarehunter retweetledi
The Hacker News
The Hacker News@TheHackersNews·
🚨 Update - Citrix CVE-2026-8451 is now under active exploitation, less than 24 hours after disclosure. A Frankfurt IP hit sensors for 5 hours, delivering the watchTowr exploit only after a 200 OK response and skipping 404s. Learn the malformed SAML exploit path works: thehackernews.com/2026/07/citrix…
The Hacker News tweet media
English
4
62
197
59.5K
bobrossthemalwarehunter retweetledi
hacker.house
hacker.house@hackerfantastic·
Wild things going on at the water coolers of @HuntressLabs this week. According to a former employee, an insider threat has been tipping off cyber criminals about LE operations.
hacker.house tweet media
English
3
7
34
5.1K
vx-underground
vx-underground@vxunderground·
tl;dr really effective malware multi-staged, multiple programming languages, use as many dependencies as possible. AI making this easier to do. AVs struggling Historically, in regards to malware development, the end goal was minimalism. It was in your best interest to strip as many dependencies, shred the file size down, and make it position independent. I think, as of ... now ... we need to take a different approach. I think instead of stripping binaries, we (Red Team, Threat Emulation, malware developers) should intentionally introduce dependencies. I have witnesses two unique things in the malware landscape since the AI boom. 1. Increase in malware slop. I continue to see stagers which contain notes in them. This is not intentional and this does not "trick" the analyst. This is a colossal mistake on the malware developers part. However, despite it being slop, AI has made malware more diverse. I am seeing more and more malware in Lua, Node JS (including SEA and nexe), Java, and Python. I am seeing more and more malware doing inter-process communication across multiple programming languages. Of course all of these have existed prior to AI, but I am seeing an explosion in these languages. This also has resulted in malware researchers creating new tools to combat this malware diversity. 2. Anti-malware services struggling. When I encounter a binary that is a Node JS SEA blob (Electron JS .exe, self-contained using SEA), which extracts a .JS payload, which uses obfuscated Java or heavily obfuscated Lua, all of these languages require a VM (PVM, LVM, JVM, whatever) for interpretation. Thus, with heavy obfuscation and multistaging, static analysis fails and the heavy abstraction makes it difficult for traditional hooking or minifilters to be effective, in essence there is too much noise. Many of these payloads with heavy dependencies easily avoid static analysis and even some emulation systems because they fail to account for the necessary dependencies which are required to emulate it correctly. pic maybe related idk
vx-underground tweet media
English
23
40
774
25.9K
League of Legends
League of Legends@LeagueOfLegends·
We've finally done it. We figured out a way to go back to the good ol' days. But can @RiotPabro get @RiotMeddler on board? Tune in to MSI Finals on July 11 at 11pm PDT to find out.
English
666
1.3K
13.8K
3.4M
Nightmare Eclipse
Nightmare Eclipse@ChaoticEclipse0·
I think it's over. I don't think I can do it anymore. My road ends here (hopefully I succeed.)
Nightmare Eclipse tweet media
English
74
24
744
31.8K
bobrossthemalwarehunter retweetledi
Nightmare Eclipse
Nightmare Eclipse@ChaoticEclipse0·
Welp it's official, blogger started removing my posts as well, crazy how even google is hating me now. Is that like supposed to make stop ? Kinda feeling even more motivated.
English
51
132
1.6K
50.6K
Justin Liverman
Justin Liverman@the_cia_hacker·
i literally bragged about the feds paying for my two Verizon phone bills ($500 /month) because i stopped paying but knew they have a FISA warrant on me they kept paying my phone bills for 6 months ($3,000) i bragged about it near my phone & i swear the next month they stopped☹️
English
15
23
2.4K
161.1K
Jeff Cross
Jeff Cross@jeffbcross·
GitHub’s report today confirms that the compromised Nx Console extension was used as the initial access vector in this attack. This is a difficult thing to read as the CEO of Nx, and I want to be direct about it: we take responsibility for the role our software played in this incident. I’m grateful to the GitHub, Microsoft, and independent security teams that moved quickly to investigate, contain, and share information publicly. This incident highlights that there need to be deeper, more fundamental changes to how we and other maintainers need to think about securing developer tooling and open source distribution. We are already making major changes to our publishing, automation, and extension security posture, and we’ll continue sharing those changes publicly as we implement them. We’re also beginning conversations with other high-profile open source maintainers about how we can work together on some of the deeper structural problems around software supply chain security. A lot of the assumptions the ecosystem has operated under for years no longer hold. Our focus right now is supporting affected users, hardening Nx, and helping push the broader ecosystem toward stronger supply chain security practices. Updates and guidance: github.com/nrwl/nx-consol…
English
30
151
741
158.4K