Daniel

163 posts

Daniel

@dansomware

threat research @proofpoint // tweets are probably someone else's

Katılım Ağustos 2010

694 Takip Edilen338 Takipçiler

Daniel retweetledi

Threat Insight@threatinsight·27 Kas

Proofpoint has tracked this technique since August 2024, and call it “brooxml”. Our researchers do not consider this a zero-day or vulnerability in general. We’ve released Emerging Threats and YARA signatures at the end of this thread.

ANY.RUN@anyrun_app

🚨ALERT: Potential ZERO-DAY, Attackers Use Corrupted Files to Evade Detection 🧵 (1/3) ⚠️ The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox The #ANYRUN team discovered that as part of this #zeroday attack, threat actors attempt to conceal the file type by deliberately corrupting it, making it difficult for certain security tools to detect 📌 Our sandbox solves this problem thanks to interactivity. It launches these broken files in their corresponding programs, which allows it to identify #malicious behavior See example: app.any.run/tasks/6839e806… 🚫 Although these files operate successfully within the OS, they remain undetected by most security solutions due to the failure to apply proper procedures for their file types They were uploaded to VirusTotal, but all antivirus solutions returned "clean" or “Item Not Found” as they couldn't analyze the file properly

English

179

39.6K

Daniel@dansomware·16 Kas

@ImposeCost And further, that when the time of useful observance has run its course, that justice is served.

English

Daniel@dansomware·16 Kas

@ImposeCost I don't necessarily think you're implying this, but it kind of sounds like "well, it's more valuable to provide access and watch what's done with it", which I can't necessarily fault, provided the ability to do real damage is mitigated.

English

Daniel retweetledi

Greg Lesnewich@greglesnewich·29 Ağu

When the ecrime gang finds something… else If you like weird infection chains, WebDAV, Python, custom backdoors with novel C2 methods, and use of Dumpulator, PCAPs, and more, the gang @selenalarson @Myrtus0x0 @ffforward got you covered! proofpoint.com/us/blog/threat…

English

19.9K

Daniel@dansomware·21 Ağu

@ex_raritas @TheGamblingBird Since no one has mentioned, we have some great vegetarian/vegan options too. Would check out Apteka and Onion Maiden.

English

Andrew Northern 𓅓@ex_raritas·21 Ağu

@TheGamblingBird @dansomware chime in.

English

Daniel retweetledi

Threat Insight@threatinsight·29 Ara

In this special holiday edition of DISCARDED, Mindy Semling joins as guest host for a 2nd annual "Ask Me Anything" episode. In this lively discussion, Selena & Crista answer questions from the audience and bid farewell to the 2023 cybersecurity landscape. ow.ly/9LRB50QmsIV

English

1.5K

Daniel retweetledi

[email protected]@rpargman·21 Ara

Great blog just published on an interesting cluster of #DarkGate malware distribution activity that used high-volume email campaigns, compromised websites with fake browser updates, steganography in CSS, and TDS filtering deliver DarkGate: proofpoint.com/us/blog/threat…

English

8.6K

Daniel retweetledi

Greg Lesnewich@greglesnewich·17 Eki

proofpoint.com/us/blog/threat… confused by the fake browser landscape? me too - thats why I'm glad my teammates track this come for the clarity, stay for the inject examples to show the differences between the kits!

English

3.1K

Daniel@dansomware·15 Eki

@ex_raritas Yeah, sex is cool, but have you tried roasting friends and family for violation of flag code? Looking at you, thin blue line.

English

199

Andrew Northern 𓅓@ex_raritas·14 Eki

The American flag 🇺🇸 towel really is the country pashmina.

English

449

Daniel retweetledi

Andrew Northern 𓅓@ex_raritas·14 Eki

Want to see something new and exciting? Are you a blue teamer and want to see a novel new way threat actors have been observed exploiting LNK files in the wild? Are you a red teamer and want to see how this exploit works on a technical level and how I recreated it? Are you a CTI professional who evangelizes about the benefits of attribution? Are you an infosec professional or enthusiast who loves video game humor? This talk is for you! Join us in person or online here: na.eventscloud.com/website/58627/ I’ll be sharing the stage with @aRtAGGI from Google Cloud (Mandiant). This promises to be a very fun and informative talk. I hope to see you. @MITREattack

English

4.4K

Daniel@dansomware·14 Eki

@sherrod_im @ImposeCost And that's our challenge to meet as leaders

English

Daniel@dansomware·14 Eki

@sherrod_im @ImposeCost I fundamentally agree but also have empathy for "don't rock the boat" because in an industry that is fraught with burnout, finding a sustainable operational tempo is imperative. It's easy for transformation to feel like "no matter how hard you work you can never be comfortable".

English

117

Daniel@dansomware·14 Eki

@wesdrone Do detainees at Guantanamo have TTPs? What's the ID for hunger strike?

English

105

Wes Drone@wesdrone·14 Eki

DeSantis using “Tactic, technique and procedure” in conversation. Just wait until someone tells him about Att&ck.

DeSantis War Room 🐊@DeSantisWarRoom

DESANTIS hits back at left-wing activist pushing Hamas propaganda, defends Israel. Activist: “What do you think about the annihilation and the decapitation of all the Palestinians in Gaza, right now?” DeSantis: “They are not decapitating babies’ heads. They are not intentionally” killing civilians. Activist: “I watched on Al Jazeera!” DeSantis: “Well, I would be very careful with Al Jazeera — that’s funded by a lot of these Middle East governments.” Activist: “Israel has been killing Palestinians the whole time Gaza has existed” DeSantis: “Israel put out a warning: 'we’re going to go in this area. Civilians leave.' Hamas tells them not to leave. Hamas wants them to be human shields — that’s their tactic, technique, and procedure. How many other armed forces give warnings to get out before they [conduct airstrikes]? I think Israel’s probably the only one in the world that does that.”

English

1.2K

Daniel@dansomware·10 Eyl

We're like 5 social media layers deep now.

English

Daniel@dansomware·10 Eyl

So Twitter -> Reddit is a really common occurrence ... I feel like there is a disparity in the amount of amazing comments highlighted in reverse. Especially ones that roast @elonmusk

English

153

Daniel@dansomware·1 Eyl

@ImposeCost Was it the browser, or were they functionally your ISP?

English

Daniel retweetledi

Threat Insight@threatinsight·30 Ağu

Like forensic scientists, threat analysts are always on the hunt for digital fingerprints. 🔎 In this DISCARDED #podcast episode, we discuss the China #cybercrime threat landscape and the importance of staying aware of past trends. Stream now at ow.ly/P7hP50PFFi4.

English

5.6K

Daniel retweetledi

Greg Lesnewich@greglesnewich·28 Ağu

🚨 Job Openings! Our team is looking to hire for 2 positions on our APT tracking team. Primary responsibilities & day-to-day will be disrupting state-aligned or state-sponsored actors trying to deliver malware, phish, or otherwise engage with our customers, in email data.

English

130

38K

Daniel@dansomware·22 Ağu

@ex_raritas @d0rkph0enix @kickswithatwist Technically we do have a team building budget 🤔

English

Andrew Northern 𓅓@ex_raritas·22 Ağu

@d0rkph0enix @kickswithatwist @dansomware when?

English

238

Lina@d0rkph0enix·22 Ağu

My boss had these commissioned for the team, hand painted and adorned with our names and company logo, we’re going to wear them as a team tomorrow to the general session!! So, so dope. Well done, @kickswithatwist!! #PaloAltoNetworks

English

164

9.5K

Keşfet

@ImposeCost @selenalarson @Myrtus0x0 @ffforward @ex_raritas @TheGamblingBird @thegamblingbird @aRtAGGI