Mark Dufresne

620 posts

Mark Dufresne

Mark Dufresne

@mark_dufresne

Detection and Intel @sublime_sec

Katılım Mart 2009
557 Takip Edilen1.1K Takipçiler
Mark Dufresne retweetledi
Shea Serrano
Shea Serrano@SheaSerrano·
if you can somehow watch this and walk away from it saying something like “yup that’s my guy that’s who i’m gonna vote for” then i want you to know that you are just a full-on idiot
English
224
3.1K
29.9K
1M
Mark Dufresne retweetledi
Antonio Cocomazzi
Antonio Cocomazzi@splinter_code·
Excited to share my latest research about FIN7 🔥 The discovery of a new abuse for the Windows built-in driver ProcLaunchMon.sys (TTD Monitor driver) to tamper with EDRs has been an interesting surprise. Enjoy the read 👇 sentinelone.com/labs/fin7-rebo…
English
7
74
213
22.5K
Mark Dufresne retweetledi
Mark Baggett
Mark Baggett@MarkBaggett·
Yesterday I learned that @SentinelOne blocks the Windows application white listing and digital signature bypass that I’ve been using for 10 years. Now I’ll need to find a new way to digitally sign any binary as Microsoft (on S1 customers). Well done @SentinelOne.
English
0
3
24
2.2K
Mark Dufresne retweetledi
Antonio Pirozzi
Antonio Pirozzi@_antoniopirozzi·
Our analysis on the intriguing #liblzma supply chain case 🔥 By following all the interactions we provided an interesting angle on the TA's motivations and plan to Inject Further Vulnerabilities. It was a pleasure to work with @vx__notduck1e on this!! sentinelone.com/blog/xz-utils-…
English
0
3
11
493
Mark Dufresne retweetledi
SentinelOne
SentinelOne@SentinelOne·
⚔️ Here are the top threats our WatchTower team observed and investigated in 2023—and a look ahead to the 2024 threat landscape. From the top bad actors, to the top vulnerabilities exploited, to the top threats by OS, and more. Read the report: sentinelone.com/resources/watc…
SentinelOne tweet media
English
0
9
17
8.9K
Mark Dufresne retweetledi
Alex Delamotte
Alex Delamotte@spiderspiders_·
Back in 2021, the Babuk source code leaks fascinated me. At the time, it was unprecedented ransomware drama. 🍿 Like any self-respecting malware archivist, I grabbed the zip file and threw away the key for a few years. 1/?
SentinelOne@SentinelOne

🔐 @LabsSentinel researcher @spiderspiders_ unpacks the growing trend of ESXi locker use among ransomware groups. The report exposes how groups like @Conti and @REvil are exploiting ESXi lockers. sentinelone.com/labs/hyperviso… #infosec #ranosmware #Sentinellabs

English
1
7
18
6.9K
Mark Dufresne retweetledi
J. A. Guerrero-Saade
J. A. Guerrero-Saade@juanandres_gs·
We’ve been working at breakneck pace to release IOCs for ongoing software supply chain campaign that we call SmoothOperator. Attackers trojanized installers for #3CX PBX software. We’ve blocked thousands of attempted infections as of March 22nd. Details 👇🏻 s1.ai/smoothoperator
J. A. Guerrero-Saade tweet media
English
4
23
55
17.1K
Mark Dufresne retweetledi
SentinelLabs
SentinelLabs@LabsSentinel·
New SentinelLabs Research on WIP26 - s1.ai/WIP26 🟣 New actor targeting telco in the Middle East 🟣 Abuses Microsoft 365 Mail, Google Firebase, and Dropbox for C2 🟣 Targeted WhatsApp msgs -> Dropbox -> loader -> backdoors @milenkowski @CollinFarr @joeychen @QTrust
SentinelLabs tweet media
English
1
15
28
8.1K
Mark Dufresne retweetledi
Daniel Stepanic
Daniel Stepanic@DanielStepanic·
Our team has been observing an intrusion in Southeast Asia over the last few weeks. We have seen bunch of TTP's including: - Malicious IIS Modules (#DoorMe update) - Webshell usage - Exfiltrating mailboxes - New .NET malware #SiestaGraph - Dropping vulnerable drivers
Elastic@elastic

#ElasticSecurityLabs is tracking an active intrusion by multiple threat actors into the Foreign Affairs office of an Association of Southeast Asian Nations (ASEAN) member. Find out more in this post: go.es.io/3FXCb7j

English
0
20
59
10.2K
Mark Dufresne retweetledi
Elastic
Elastic@elastic·
#ElasticSecurityLabs is tracking an active intrusion by multiple threat actors into the Foreign Affairs office of an Association of Southeast Asian Nations (ASEAN) member. Find out more in this post: go.es.io/3FXCb7j
English
0
42
71
24.1K
Mark Dufresne retweetledi
Elastic
Elastic@elastic·
We’re proud of the #ElasticSecurityLabs team and the incredible amount of work that went into creating the 2022 Elastic Global Threat Report. @mark_dufresne shares a behind-the-scenes look into how the report was built. Read more here: go.es.io/3OxutUd
English
0
11
9
0
Mark Dufresne retweetledi
Devon Kerr
Devon Kerr@_devonkerr_·
Happy Friday, Twitter! If you don't know @_xDeJesus let me correct that-- Terrance is a member of the Threat Research and Detection Engineering team @elastic. His most recent publication to Elastic Security Labs is part one of three on Google Workspaces: elastic.co/google-workspa…
English
1
14
21
0
Mark Dufresne retweetledi
Joe Desimone
Joe Desimone@dez_·
Had some fun with this - exploiting the Process Explorer driver for kernel code execution. Will msft ever add to their own blocklist? 🤔 elastic.co/security-labs/…
Joe Desimone tweet media
English
14
180
592
0
Mark Dufresne retweetledi
Devon Kerr
Devon Kerr@_devonkerr_·
Let me be the first to welcome Mika Ayenson to Elastic Security Labs, the most enthusiastic detection engineer I know: elastic.co/security-labs/… Which tools do detection engineers use? Now ya know!
English
1
12
37
0