Naka-pin na Tweet
"Not memory for memory’s sake, not accumulation of knowledge, but synthesis and application"
-- Bruce Lee
#ThreatIntel #proudToBeDefender
English
Przemek Skowron
1.6K posts
Przemek Skowron
@evilrez
Move && Eat && Hunt && Repeat. My tweets are my own.
Poland Sumali Mayıs 2009
2.1K Sinusundan935 Mga Tagasunod
Przemek Skowron nag-retweet
Wrzuciliśmy taki raporcik :) polecam lekturę bo chyba czegoś takiego jeszcze w .pl nie opublikowano :)
RIFFSEC@getriffsec
💎 RS raport: Fałszywe inwestycje Fałszywe inwestycje to nie pojedynczy scam i przypadkowy telefon. To pełny, wieloetapowy model działania, który zaczyna się od reklamy, a kończy na call center, zdalnym dostępie do urządzenia i próbą ponownego oszukania tej samej ofiary. Właśnie opublikowaliśmy raport pokazujący ten schemat od środka: ➡️ Reklama / clickbait ➡️ Zbieranie leadów (formularze, fake landing pages) ➡️ Call center / „broker” ➡️ Zdalny dostęp do urządzenia (AnyDesk, TeamViewer, etc.) ➡️ Retargeting ofiary (ponowne próby wyłudzenia) 👉 Po polsku, do pobrania za darmo. 👉 riffsec.com/fake-invest202… W środku jest 47 stron materiału CTI opartego na danych z kanałów przestępczych, dark webu i zamkniętych grup Telegram. Są screeny, tłumaczenia, przykłady deepfake, analiza sprzedaży leadów, przestępczych CRMów, call center i nadużyć legalnych narzędzi takich jak TeamViewer, AnyDesk czy screen share w WhatsApp. Raport wyszedł spod ręki @Ags76042421 oraz @AdamLangePL. W środku komentarze: Agnieszki Gryszczyńskiej, @TomaszJaroszek, @adamhaertle, @mjbroniarz, oraz @KrzysztofZelin1 To nie jest raport o samych reklamach. To raport o infrastrukturze, procesach i skali. Czyli o tym, jak działają „korporacje leadowe”, jak wygląda rynek danych ofiar i jak przestępcy skalują ten model w różnych krajach Europy. 👉 Po polsku, do pobrania za darmo. 👉 riffsec.com/fake-invest202… Źródła: RIFFSEC
Polski
@SquiblydooBlog Hi there! I would like to say thank you for your amazing and rich in details threads on using Yara for various purposes! Are you considering publishing the entire content in one place later? - not just Yara rules but context, workflow around building them. Thanks!
English
#100DaysofYara - day 10
There are a few lines of thinking around automatic YARA generation. I'm exploring these as part of this challenge. Today's we'll look at MCRIT.
MCRIT asks what do we learn by comparing samples? Can we find functions unique to the family?
rule at end
1/5
English
@cyb3rjerry @virustotal Good to hear that and always happy to help :)
English
I GOT IN TOUCH WITH SOMEONE AT @virustotal GANG. Lessons learned: do NOT use the contact us form on VT as it seems ro go straight to /dev/null, go through GTI instead! Thank you @evilrez and thank you Dingus!
English
@craiu 💯! What do you think on sharing more information about the overlap nature? - like the overlap is based on TTPs, infrastructure used for conducting intrusions, specific patterns of activity or in malware strains observed in particular campaigns.
English
Every public CTI blog should start like this - by linking it to other companies’ or researchers work on the same threat actor / cluster.
English
See you online! :) Yashray is one of my favourite #100DaysOfYara participants. Highly recommended!
GIF
Yashraj Solanki@RustyNoob619
Super excited to say that I will be doing my first ever solo workshop at @DEATHCon2025. It will be on writing YARA for malware attribution (I know this is a scary word) 🐧 There are plenty of other cool workshops on all things Detection Engineering & Threat Hunting Mo Deets ⬇️
English
@ale_sp_brazil @kienbigmummy All the best Alexandre! Whatever you decide, be happy with yourself :)
English
@kienbigmummy Since I went back to working on my true passion, my dear friend, my life has changed, and that is truly priceless, because this life is too valuable to do anything else.
English
I took this photo (MAY 24, 2025) a few minutes ago. After some difficult and challenging years, I have grown my hair back and I am ready to return to speaking at conferences in the near future.
Every day is worth it, and having time is being lucky.
#personal
English
@dnak0v Sometimes silence is better than saying anything - I’m not saying it to you Daniel.
English
Cybersecurity is full of exceptional people - and true friends. Don’t miss them while drowning in alerts.
English
Who else is joining? :)
/ˈziːf-kɒn/@x33fcon
🔒 Blue Teamers, unlock the power of #GenAI for #ThreatIntel! Learn from the best - @fr0gger_- at "Generative AI for Threat Intelligence" , #x33fcon 2025. This 2-day hands-on course builds real-world skills. Automate your TI workflows, master advanced prompt engineering, and build your own AI-powered CTI system with Python 🐍 Key Wins🏆: Unlock GenAI’s value with practical CTI use cases, wield techniques like RAG & multi-agent systems, and craft a custom TI system to boost your edge. Spots are limited! 👉 Learn more: x33fcon.com/#!t/GenAIforTI… 👉 Register: #Training_Registration" target="_blank" rel="nofollow noopener">x33fcon.com/#!training.md#…
#cybersec #BlueTeam #training English
@dnak0v Been following r2 for ~10 years, so I’m well aware of what it can do 🙂 I was the person who ported Cutter to Windows, so definitely not making statements from a position of ignorance
The UX of r2 is just not good in my opinion 🤷♂️ Doesn’t mean I don’t want it to succeed though!
English
I'm looking forward to meeting you in person. :) This is a rare opportunity to take this course in Europe!
Thomas Roccia 🤘@fr0gger_
And if you are in Europe the training will also be available @x33fcon in June 👇 x33fcon.com/#!t/GenAIforTI…
English
@Glacius_ Furthermore, a clustering formula would be appreciated as well - to understand how you connect the dots 😎
English
Since it's a new year, it's always good to remind people to share their confidence level, while attributing an attack. You'll save a lot of time for others 😁
English
What a kind guy with whom I would like to work with. I need to check whether I can hire in Germany or not 🫠
Gi7w0rm@Gi7w0rm
Since I officially finished my bachelor degree last month, I am now looking for work. If you are offering a job in Cyber Threat Intelligence, please reach out! More infos in the first comment below. #infosec #CTI #JobSearch
English
@c_APT_ure Use a name that resonates with you personally. It should align with your goals rather than be a one-size-fits-all solution. Consider adding a transparent explanation of how you connect the dots, allowing others to assess how these activities relate to what they are tracking. BOOM
GIF
English
What vendors identify as “threat actors” are often better described as “activity clusters.”
Guilty, though I‘m not a vendor nor working for one 😉
#DESKTOPgroup may not actually be a TA/TG
Florian Roth ⚡️@cyb3rops
I might need to read the full documentation since I’ve only gone through the abstract and briefly checked the linked JSON file. However, I already disagree with the initial comment claiming that “using different names for the same threat actor is confusing” because… it might not actually be the same threat actor. What vendors identify as “threat actors” are often better described as “activity clusters.” These clusters may overlap significantly (e.g., APT28 and Sofacy), but sometimes they overlap less. As a result, activity observed by one vendor might be attributed to a threat actor name used by another vendor, despite differences in visibility. There’s a reason why analysts often say, “the activity we observed aligns with what X tracks as Y.” It’s the correct approach to assign your own name and then map it to other vendors’ names where appropriate. This isn’t just a nuisance – it’s a necessity.
English
Przemek Skowron nag-retweet
Tomorrow: Out of the Woods LIVE (Dec. 5, 12–1:30 PM ET). Explore how to achieve impactful results in threat hunting. Join the discussion on tools, strategies, and skills—or just listen in. Sign up here: hubs.la/Q02-dHl10
English
@jackcr All the best Jack! You are strong, kind and from the bottom of my heart I wish you happy thanksgiving! Thank you.
English
4 months ago I had my second heart attack. Today I’m thankful for everyday that I’m still upright. Here’s to many many more. Happy thanksgiving everyone.
English