Tsof

@G60930953 how do you know?

Update: This is likely a DPRK🇰🇵 backdoor

DFIR analysts who use macOS as their daily driver deserve free and native forensic tooling. So I built one. 🍎 Introducing 𝗜𝗥𝗙𝗹𝗼𝘄 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 — a timeline analysis app built from the ground up for Mac-based DFIR folks, forensic investigators, or SOC analysts. Built in appreciation of, and inspired by, Eric Zimmerman’s Timeline Explorer. Every feature in this tool was shaped by real IR casework. Handling massive timelines, parsing artifacts here and there, and pivoting across logs during active investigations. I built IRFlow Timeline to be the native macOS timeline analyzer that actually keeps up with a live case. Every button and view is intentional; if it’s in the app, it’s because I needed it mid-case and realized the standard tools fell short. No dependencies. Zero setup. Just drag, drop, and analyze. #dfir #incidentresponse #timeline #macos #threathunitng #digitalforensics

"The unusual command copied to the user's clipboard abused the SSH ProxyCommand option to quietly invoke the Windows Installer (msiexec) and download a payload, marking the start of the intrusion."

@G60930953 @MorphisecL @morphisec You've run into those script kiddle Vietnamese guys😅🤣

@MorphisecL @morphisec you annoyed a threat actor, you are doing something well.

@RussianPanda9xx @MaxRogers5 Heyy, you deserve this, congratulations 😇🥰

Okay wait... this actually happened?! 🥹💙 SANS Difference Makers 2025 - Community Choice Winner Practitioner of the Year - Cyber Defense This is the proudest moment of my life. A huge thank you to @MaxRogers5 for nominating me. That meant more than you know. To the incredible cybersecurity community - every single vote, every word of encouragement, every share - YOU did this. This award belongs to all of us. The late nights analyzing malware, chasing the bad guys, the blog posts, the "hey did you see this sample?" DMs - that's what this community is about. @SANSInstitute, thank you for shining a light on the defenders. Thank you for making quiet . louder 🔊

They can go cry me a river. womp womp

DESKTOP-I1P3HMO Bang_Luong_Thang_11_2025.csv E001,John Smith,Manager,3000,500,400,200,3700,Excellent performance E002,Alice Johnson,Accountant,2200,300,150,100,2550,Accurate and punctual E003,Michael Brown,HR Officer,2000,250,200,50,2400,Great teamwork E004,Emma Davis,Sales Executive,1800,400,350,80,2470,Exceeded sales targets E005,David Wilson,IT Support,2100,200,100,120,2280,Reliable support E006,Sosona Mikari,IT Dev,2300,200,100,100,2500,

Hello, while investigating the Midnight or EndPoint ransomware, for which a decryption tool was recently released, I discovered several suspicious points and decided to compile a brief report about them Report : github.com/errbody/DPRK-R… #Ransomware #Kimsuky #Lazarus #APT

TERABYTES OF FORENSIC TEST IMAGES HUNDREDS OF CTFs dfir.training/downloads/test… #DFIR #CTF

New @Huntress blog! @Purp1eW0lf and I share some old defense evasion tactics from a well-commented script used by Xinglocker in 2021 still being used today! Make sure you can detect them! #detectionengineering #ransomware huntress.com/blog/why-old-r…

#DFIR #CSIRT #SOC Great post about the CVE-2025-53770 #SharePoint #Vulnerability ⤵️ research.eye.security/sharepoint-und… First #Webshell found in some servers were exploited➡️ 📦spinstall0.aspx 🔥IOCs: 02b4571470d83163d103112f07f1c434

A follow up on last week’s FileFix blog. FileFix (Part 2) mrd0x.com/filefix-part-2/

🚨 EMERGING THREAT: MOMMY ACCESS BROKER Leaked guide linked to mommy reveals how this actor exploits CVEs and sells access to high-value targets like governments and telecoms. 🔗 Read the full report: hubs.la/Q03v1Bkn0 #threatintel #cybersecurity #threathunting

FileFix - A ClickFix Alternative mrd0x.com/filefix-clickf…

Finally had some time to publish these blogs. Enjoy! Spying On Screen Activity Using Chromium Browsers mrd0x.com/spying-with-ch… Camera and Microphone Spying Using Chromium Browsers mrd0x.com/spying-with-ch…

We had a blast speaking at the Ransomware Summit! 🎤💥 Huge thanks to everyone involved! 🎥 Missed our keynote? No worries — you can catch the full session here: 👉 youtube.com/live/nhB-xkmbS…

Watch Gemini execute a SOC runbook for proactive threat hunting! Using MCP tools, IoCs from a Google Threat Intelligence collection are found (and blocked) in SecOps—showcasing the AI-powered runbooks. #AI #SecOps #ThreatHunting #MCP #GoogleCloudSecurity youtube.com/watch?v=4JpnI7…

How to threat hunt Living Off The Land binaries helpnetsecurity.com/2025/05/29/thr…

Possible #APT32/#OceanLotus Installer abusing MST Transforms 🇻🇳 hxxp://194.87.108[.]94:80/ dmpdump.github.io/posts/Possible…