Ralcaz

Sample is now on VT! 🚩Hash: 89339821cdf6e9297000f3e6949f0404 🎯Actor name: UNC3886 🔹Comment: This blog post discusses UNC3886's intrusion path and subsequent actions that were performed in the environments after compromising the guest virtual machines to achieve access to the critical systems… 🌐URL: cloud.google.com/blog/topics/th… 🔎OnVT: virustotal.com/gui/file/89339…

@ViriBack Hi Dee, could you please send me a DM with your contact email?

Once upon a time... in a galaxy far, far away...

‼️At the end of last year, there was a series of coordinated attacks in Polish cyberspace. 📌Today, our team is publishing a report describing the technical analysis of these events. We show the scheme of operation and the tools used by the attackers. ➡️cert.pl/uploads/docs/C…

root@bsidesmalaga:~# ./init_cfp.sh [+] PROTOCOL: CALL FOR PAPERS [+] TARGET: BSides Málaga 2026 [+] STATUS: OPEN 📷 INJECT PROPOSAL: bsidesmalaga.com #BSidesMalaga #Infosec #CFP #CyberSecurity

We've already received some amazing talks, but the CFP is still open! You have until January 18 to submit. 💉 INJECT PROPOSAL: bsidesmalaga.com

> bro built VLC > turned down stupid money just to keep it ad-free > and still gave it to us for free absolute legend 🐐

Remember, you can still send your proposal to bsidesmalaga.com #cfp #bsides #malaga

Let me blow your mind real quick: When you use Remote Desktop (RDP), Windows secretly takes screenshots of what you are doing. It’s called the RDP Bitmap Cache. To make the connection faster, Windows saves small tiles (images) of the remote screen to your hard drive in a bin file. Even if the session is over and the remote server is destroyed... your laptop still holds the cache files. Forensics teams use tools like BMCViewer to stitch those tiles back together. They won't just see logs but the literal email, document, or picture you were looking at. 💀

We're LIVE from the Google Cybersecurity Engineering Center in Malaga! ⚡🛡️ The init.g sessions are kicking off, we're excited to meet the talent that will redefine the future of cybersecurity. Learning, networking, and lots of good hacking. init.g(malaga) { return SUCCESS; }

Ayer estuve en Santiago de Compostela, la misma ciudad donde hace 21 años lancé VirusTotal como emprendedor. Esta vez vuelvo con otro rol: acompañando como mentor el lanzamiento de Omnia. Ojalá siga la misma suerte… muy pronto se abrirá la lista de invitaciones :)

Good question: not really, VirusTotal stays neutral in the industry. We don’t compete with antivirus vendors, they’re our partners and contributors, the ones who make VT possible. Our mission is to help the whole ecosystem get better threat intel, not to build another scanner

Simpler Access for a Stronger VirusTotal We’re simplifying access to VirusTotal with clearer tiers and flexible options, keeping the platform open, collaborative, and built around our contributors. Read more: blog.virustotal.com/2025/10/simple…

Our team at @Mandiant just published urgent research on an espionage campaign by China-nexus actors using the BRICKSTORM backdoor. They’ve been in victim networks undetected for over a year, targeting tech & legal sectors for IP theft and intel on US trade and national security.

Should we treat Code Insight as just another engine in the score? Thoughts?

The new VirusTotal plugin for IDA Pro now integrates Code Insight into your reversing workflow, allowing you to save and use relevant analyses to contextualize other functions. blog.virustotal.com/2025/08/integr…

Applying AI Analysis to PDF Threats Code Insights now catches phishing, vishing, QR-lures, and other PDF-based scams by correlating visual content with internal structure. blog.virustotal.com/2025/08/applyi…

Integrating Code Insight into Reverse Engineering Workflows blog.virustotal.com/2025/08/integr…

🛠️Hetty es un kit de herramientas HTTP, una alternativa de código abierto a Burp Suite Pro ✓ Cliente HTTP para editar/repetir peticiones ✓ Proxy MITM con logs y búsqueda ✓ Intercepta y revisa respuestas ✓ Con interfaz web github.com/dstotijn/hetty

Detection coverage update: Sigma rules for CVE-2025-53770 (“ToolShell”) My team member @_swachchhanda_ contributed a set of Sigma rules that detect different stages of the recent SharePoint exploitation (CVE-2025-53770). The rules are now public: github.com/SigmaHQ/sigma/… They provide coverage for: - Web shell deployment - Post-exploitation behavior - IIS log artefacts (initial exploitation) These rules help detect both the initial access vector and follow-up activity using host and network data sources. They complement our YARA rules for the payloads themselves: github.com/Neo23x0/signat… References: - research.eye.security/sharepoint-und… - msrc.microsoft.com/blog/2025/07/c… #SharePoint #CVE202553770 #ToolShell #Sigma