Ben

784 posts

Ben banner
Ben

Ben

@polygonben

Threat Research - https://t.co/ZoRAd6zMGy

in ur c2 😬 Katılım Kasım 2022
1.1K Takip Edilen1.6K Takipçiler
Sabitlenmiş Tweet
Ben
Ben@polygonben·
🚨Recent MuddyWater APT campaign, linked to Iranian intelligence, exposed by Ctrl-Alt-Intel 😬 - 10+ CVEs used - Custom-developed C2s - EtherHiding malware - Sensitive data stolen ctrlaltintel.com/threat%20resea… Super fun collab-ing with @ice_wzl_cyber to get this published 🔥
English
7
67
206
46.4K
Ben retweetledi
Ctrl-Alt-Intel
Ctrl-Alt-Intel@ctrlaltintel·
9 McNuggets & a McChicken burger helped us link a Russian hacker to 🇷🇺 government😅 Denis Obrezko was put on the international wanted listed by Russia, following an FBI arrest in Phuket last November. Our independent investigation shows Obrezko has closes ties to the Moscow👇
Ctrl-Alt-Intel tweet mediaCtrl-Alt-Intel tweet media
English
3
33
116
21.9K
Ben retweetledi
Andrew Thompson
Andrew Thompson@ImposeCost·
Attribution Matters. Impose Cost: Angelo Martino, 41, of Land O’Lakes, Florida, formerly employed as a ransomware negotiator, was sentenced today to 70 months for his role in conspiring with Blackcat/ALPHV (BlackCat) actors to extort multiple victims, as well as conspiring with other former cybersecurity professionals to attack additional victims in 2023. justice.gov/opa/pr/florida…
English
6
11
65
4.3K
Ben retweetledi
Ctrl-Alt-Intel
Ctrl-Alt-Intel@ctrlaltintel·
Hunting for C2 #OPSEC failures w. @Huntio: VShell edition 🧵 Context: - VShell is a Chinese-developed CS alternative - VShell is developed on the NPS codebase - Often used by Chinese APT groups, but also seen in the wider cybercrime ecosystem (1/8)
English
1
10
38
3.7K
Ben retweetledi
Jason Sawyer
Jason Sawyer@foilmanhacks·
If you have spare change, I mean literal spare change, money you can genuinely afford to part with, I'd appreciate a donation. If not, like and follow and boost my work. That helps just as much. This post is very much a last resort and I appreciate any support given. Thank you for reading this far. Genuinely. linkedin.com/in/foilman gofundme.com/f/jason-needs-…
English
0
5
17
547
Ben retweetledi
Ctrl-Alt-Intel
Ctrl-Alt-Intel@ctrlaltintel·
One of our researchers has published a blog for @beensquatted exposing an ongoing macOS stealer & backdoor campaign 🔥 Originating from typosquatted domains, a threat actor is using ClickFix lures to deliver a persistent macOS loader hat hosts C2 using Polygon smart contracts👇
English
1
7
30
2.3K
Jason Sawyer
Jason Sawyer@foilmanhacks·
There are so many people who deserve their roses but rarely get them. It would literally be impossible to name them all. But here are just some of the many, many people who stood by me. If your name isn't here, don't think I don't appreciate you. Here's just one of each of their many attributes: @khanjicyber: a guide and a beacon of hope @notbrvnd0n: always there with steady support @loop0420: never fails to check in on me @rickcsong: a big business guy who still makes time to call and check in @NetAskari: always sending me cool cyber stuff @nattyfried: like an older brother to me @Crimeonadime: selfless to the core @AidanOsint: someone I owe a genuine thank you @abdo_mhanni: genuine through and through @IntCyberDigest: forgiving and empathetic Now rapid fire: @Alph4betSoup, @IntelOpsV3, @0x686967, @polygonben, @urharmless, @kimmydotzip, @dutch_osintguy, @BashBunny, @NotNordgaren, @Harrris0n, @maybeitsjayy And to Kirwin, thank you. And to the rest, I simply don't have enough chars to type. And last but certainly not least, the most important of all, my Mum. Who has handled all the messy paperwork. Who has sleepless nights from the trauma of the crash. Who came in even when I was stinky, smelly, and vomiting. Who spent as much as she could afford trying to make me eat when my stomach wasn't working. Who fights for me when I am too weak to fight for myself. And to the rest of my friends and family, thank you.
English
11
8
48
2.1K
Ben
Ben@polygonben·
@foilmanhacks Thank you man ❤️ Never forget the words from the Lifesaver: “Don’t bend to the mental strain … against all odds we must strive for essential gain” You don’t realize how much you’ve done to keep me sane 🫶
English
0
0
1
99
Ben retweetledi
NtAlertThread
NtAlertThread@ElementalX2·
Thrilled to announce our (@spontiroli & me) from @Acronis TRU Team, new & in-depth research, where we saw Mustang Panda targeting India's Hydropower Sector, government sector and many more, using implants which we call as SHARDLOADER v1.0, v1.1, MINIRECON, ZOHOMURK. We worked with Indian Computer Emergency Response Team, @IndianCERT on data-sharing and multiple other purposes leading to disruption of a live campaign, which had been targeting Philippines as well. While, we had been already tracking the first campaign, we saw a second campaign using @Zoho as a C2(exfil mechanism) widely adopted across Indian Government. Another interesting feature, which we found that the threat actor went slightly offensive causing issues inside the analyst's VMs, while leaving a bunch of OPSEC issues inside the implants and using similar launcher binaries. Read our research here: The implant was also seen and reported by @smica83 🐐& thanks to @IndianCERT on working with us to disrupt the ongoing and live campaigns.
NtAlertThread tweet mediaNtAlertThread tweet mediaNtAlertThread tweet mediaNtAlertThread tweet media
English
3
23
67
10.6K
Ben retweetledi
NtAlertThread
NtAlertThread@ElementalX2·
Possible MINIRECON implant used to target India🇮🇳 FileName: Letter to His Excellency the President[.]zip SHA-256: 6c8784885506b0fa3b0543be3c5caec1a4b3c689331d1012847505c61440b2be
NtAlertThread@ElementalX2

Thrilled to announce our (@spontiroli & me) from @Acronis TRU Team, new & in-depth research, where we saw Mustang Panda targeting India's Hydropower Sector, government sector and many more, using implants which we call as SHARDLOADER v1.0, v1.1, MINIRECON, ZOHOMURK. We worked with Indian Computer Emergency Response Team, @IndianCERT on data-sharing and multiple other purposes leading to disruption of a live campaign, which had been targeting Philippines as well. While, we had been already tracking the first campaign, we saw a second campaign using @Zoho as a C2(exfil mechanism) widely adopted across Indian Government. Another interesting feature, which we found that the threat actor went slightly offensive causing issues inside the analyst's VMs, while leaving a bunch of OPSEC issues inside the implants and using similar launcher binaries. Read our research here: The implant was also seen and reported by @smica83 🐐& thanks to @IndianCERT on working with us to disrupt the ongoing and live campaigns.

English
1
5
26
1.9K
Ben retweetledi
mRr3b00t
mRr3b00t@UK_Daniel_Card·
This isn't secret, it's not a weapon either... the kid was fucking stupid and used a machine to do crime in config that is insanely stupid (if we consider they probably didn't want to get caught) they used edge in its default config, hey had opted in to telemerty. The takes online and articles like this are fucking ridiclous
Secure Zona@securezona

Microsoft's secret weapon exposed. The FBI used a Windows Global Device Identifier (GDID)—a persistent, OS-level hardware fingerprint—to completely unmask a high-profile hacker despite them using a VPN. If you're on Windows, telemetry is always watching.

English
24
45
597
39.7K
Ben retweetledi
Jason Sawyer
Jason Sawyer@foilmanhacks·
I dumped NetNut's frontend source code for their global and Chinese portals. Anyone can now see how it worked internally. They claim to be ethical and to not route through real people's devices, their schema tells a different story. (Source code link at the end)
Jason Sawyer tweet mediaJason Sawyer tweet media
English
2
17
73
7.4K
Ben retweetledi
d1v35h
d1v35h@d1v35hresearch·
#Mandarin-speaking threat actor is targeting Vietnam by impersonating the Vietnam Government's Tax Public Service Portal to distribute a malicious Fake eTaxMobile APK vn-dichvucong[.com 398db8ea60f9249bf902bb10e21de621 @malwrhunterteam @skocherhan @smica83 #Vietnam #Malware
d1v35h tweet mediad1v35h tweet mediad1v35h tweet media
English
2
18
53
4K
Ben retweetledi
Ben retweetledi
Hunt.io
Hunt.io@Huntio·
𝗛𝘂𝗻𝘁 𝟯.𝟬 𝗶𝘀 𝗹𝗶𝘃𝗲. 𝗣𝘂𝗹𝗹 𝘁𝗵𝗲 𝘁𝗵𝗿𝗲𝗮𝗱. 🚀 Most threat hunting tools stop at the lookup. You get a result, maybe a tag, and then you're on your own figuring out what connects to what. We built v3 to fix that. Every indicator, whether it's an IP, a domain, or a hash, should open into the full picture automatically. 👉 Here's what's new: hunt.io/blog/introduci… → 60+ API endpoints across C2, AttackCapture, Vulnerability Intel, SQL, and more → Remote MCP server, connect Claude or other AI tools straight to Hunt data → Cloudflare Buster turns one domain into a full infrastructure cluster → Passive DNS History gives you a real timeline of DNS changes, not just a point-in-time snapshot → Attack Reports turns exposed attacker directories into structured campaign reports, tied to specific IPs, IOCs, and CVEs → Exploit Capture indexes 54,000+ AI-classified files staged in attacker open directories right now → Provider Radar now includes Registrar intelligence, catching domain provisioning patterns before those domains go live in an attack → Flattened data architecture so HuntSQL joins are finally possible, no workarounds → And much more! And the best part: you get 14 days free, no credit card needed. Open an account and start hunting today 👇 portal.hunt.io/sign-up
GIF
English
1
18
27
4.3K