Omar

471 posts

Omar

@beacon_exe

Senior Security Researcher @Kaspersky GReAT - tweets and opinions are my own

شامل ہوئے Aralık 2020

514 فالونگ649 فالوورز

Omar ری ٹویٹ کیا

Boris Larin@oct0xor·26 Mar

We analyzed the Coruna exploit kit and found intriguing code overlaps with Operation Triangulation. Full analysis on our blog: link below.

English

429

36.3K

Omar ری ٹویٹ کیا

TLPBLACK@wearetlpblack·17 Mar

Alice left the Wonderland - tlpblack.net/blog/20260317-…

English

3.9K

Omar ری ٹویٹ کیا

Boris Larin@oct0xor·16 Mar

Heartbroken to hear about the passing of @Skvern0. He was one of the best threat hunters in the industry - even APTs were afraid of him. I’m grateful for the time we worked together and for everything I learned from him. Rest in peace.

English

557

77.5K

Omar ری ٹویٹ کیا

Kaspersky@kaspersky·25 Şub

Kaspersky GReAT researcher @malware_owl discovered CVE-2026-3102 — a command injection vulnerability in ExifTool (≤13.49) on macOS. A crafted image file with malicious metadata can trigger arbitrary code execution. Update to v13.50 now! #Kaspersky #GReAT #Cybersecurity #VulnerabilityResearch #OpenSource #InfoSec #macOS

English

9.3K

Omar ری ٹویٹ کیا

Kaspersky@kaspersky·25 Şub

Arkanix Stealer didn’t just steal data. It ran like a startup. • MaaS model • Discord marketing • Referral program • C++ & Python variants • Crypto & browser data theft Short-lived campaign. Long-term implications. Full analysis: kas.pr/w692 #Malware #Infostealer #ThreatIntel #CyberSecurity

English

1.2K

Omar ری ٹویٹ کیا

Georgy Kucherin@kucher1n·3 Şub

It turned out there are many more payloads used in the Notepad++ attack! To stay undetected, its masterminds were COMPLETELY changing execution chains about every month. Here are more IPs used in the attack: 45.76.155[.]202 45.32.144[.]255 Read below for many other IoCs! [1/8]

English

234

1.2K

106.4K

Omar ری ٹویٹ کیا

blackorbird@blackorbird·4 Ara

A full iOS zero-day exploit chain used in the wild against targets in Egypt. #Intellexa #Predator Stage 1: Initial RCE via JSKit Framework (Safari WebKit Exploitation)Entry Point: The chain starts with a zero-day RCE vulnerability in Safari's WebKit rendering engine, patched by Apple as CVE-2023-41993 (a memory corruption issue in the JIT compiler). Stage 2: Sandbox Escape and Kernel Privilege EscalationVulnerabilities Exploited: CVE-2023-41992: Kernel IPC use-after-free (sandbox escape + local privilege escalation, LPE). CVE-2023-41991: Code-signing bypass (LPE). Stage 3: Persistence and Surveillance Setup (PREYHUNTER Modules)Components: Divided into two modules—"watcher" and "helper"—deployed via the escalated privileges from Stage 2. cloud.google.com/blog/topics/th… github.com/blackorbird/AP…

English

407

54.8K

Omar@beacon_exe·7 Kas

GhostCall by BlueNoroff is still going crazy.

BadlandYW@BadlandYW

⚠️ URGENT WARNING ⚠️ I’m sharing this as something urgent and important please be careful, everyone. Linda is my friend. She used to work in capital markets, and we met years ago. Yesterday, she asked me to join a meeting. I thought it was for a project and accepted. She sent me a calendar invite, and I joined the meeting this morning at 9 AM. It was supposed to be on Google Meet, but no one was there. Then they sent me a Zoom link. I clicked it and opened it in my browser. When I joined, everything looked broken and the page asked me to run a “system update.” Instead, I chose to download Zoom manually and asked for the meeting ID. They refused to give it and said the update would be “easier.” That’s when I deleted everything and shut it down. I told them my computer couldn’t handle the update and that we should continue on Meet. Strangely, my camera wouldn’t turn off no matter what I did. I calmly closed all tabs, deleted everything, restarted my browser, and ran a full virus scan. Then I realized Linda had been hacked, and the hackers were after me. To those hackers: waving at you 👋 you almost got me, but not this time. Linda was someone I really trusted. Let this be a reminder to everyone: If someone asks you to download or install something don’t do it!

English

530

Omar@beacon_exe·28 Eki

@3ffaaat مش عارف اقولك ايه ياعم 🤣🤣❤️❤️❤️

العربية

3Mr ®🇵🇸@3ffaaat·28 Eki

securelist.com/bluenoroff-apt… اخواني واخواتي، استمتعوا بجهلكم وخشوا اعملوا سكرول لريسيرش عمنا عمر أمين الي محتاج ٥١ دقيقة قراءة وسنين فهم. عمر امين دا ثروة قومية محتاج تأمين مخبراتي وربي.

العربية

318

Omar@beacon_exe·28 Eki

couldn't ask for a better partner in crime at #TheSAS2025 stage. Check out our full research, uncovering #GhostCall and #GhostHire of #Bluenoroff here: securelist.com/bluenoroff-apt…

hypen@hypen1117

It was truly an honor to be part of #TheSAS2025 as a speaker! I and Omar (@beacon_exe) shared some juicy insights from our extensive research on #BlueNoroff's #GhostCall and #GhostHire campaign, part of #SnatchCrypto. You can find our research below. ✅ securelist.com/bluenoroff-apt…

English

1.9K

Omar ری ٹویٹ کیا

Boris Larin@oct0xor·28 Eki

Yesterday’s hackyard party was wild - still recovering 😅 #TheSAS2025

English

3.8K

Omar@beacon_exe·27 Eki

@oct0xor @hypen1117 Thank you, Mr boris!!!! 🫡

English

277

Omar ری ٹویٹ کیا

Boris Larin@oct0xor·27 Eki

My teammates @hypen1117 and @beacon_exe are absolute gods of PowerPoint. Their slides design is on another level! #TheSAS2025

English

5.4K

Omar ری ٹویٹ کیا

Sergey Lozhkin@61ack1ynx·27 Eki

New "Dante" malware from former "Hacking team" securelist.com/forumtroll-apt…

English

Omar ری ٹویٹ کیا

Saurabh Sharma@SaurabhSha15·22 Eki

We(@kucher1n and myself ) discovered a new advanced threat campaign, PassiveNeuron, is actively targeting Windows Server environments in government, financial and industrial organisations across Asia, Africa and Latin America. For more details - securelist.com/passiveneuron-…

English

702

Omar ری ٹویٹ کیا

Boris Larin@oct0xor·7 Eki

The SAS conference (@TheSAScon) looks AMAZING this year!🔥 Love the talks lineup, the venue, the GTA theme (!!!), and the special guest! I’m also presenting something secret👀 I’ve got one extra ticket - DM me if I might know you and you’d like to come!

English

2.4K

Omar ری ٹویٹ کیا

TheSAS2025@TheSAScon·10 Eyl

#TheSAS2025 agenda is almost ready! Keep an eye on the website updates as we iron out the final details with our stellar speaker lineup this week. What to expect? 🕵️‍♂️ One in three talks covers recent APT TTPs and investigations. We expect four mind-blowing talks on 🚘 and telematics infrastructure and at least a couple on important topics like browser security and the realities of using EOL devices. Expect a swirl of topics and slides in our favorite PechaKucha format too! ⚡️ So, bookmark this link and secure your spot before it's too late 👉 kas.pr/6rx9

English

759

Omar ری ٹویٹ کیا

Saurabh Sharma@SaurabhSha15·19 Ağu

We recently analyzed GodRAT, a new malware strain derived from Gh0stRAT, actively targeting financial organizations. More details here - securelist.com/godrat/117119/

English

818

Omar ری ٹویٹ کیا

TheSAS2025@TheSAScon·11 Ağu

Finally, Defcon is adopting #TheSAS2025 best practices! 🥃 🥃 We’ve been doing this with EVERY speaker for over 10 years. That’s why no moderator hosts the entire day. 🤪

Eric Geller@ericgeller

Former NSA Director Paul Nakasone just did a jello shot with @defcon founder Jeff Moss as day 1 of the conference kicks off.

English

Omar ری ٹویٹ کیا

TheSAS2025@TheSAScon·1 Ağu

#CFP extended — your last chance to rock the floor at #TheSAS2025! Just 10 days left to propose your research for the BIG stage and share your findings with peers from world-class cybersecurity organizations. If you research: ▪️ Transportation and smart city vulnerabilities ▪️ New tactics and tricks from notorious #APTs ▪️ Ransomware ▪️ Best incident response practices ▪️ Supply chain and #OSS security ▪️ OT and critical infrastructure security ▪️ Vulnerabilities and fixes then our program committee is waiting for you! ⚠️ Submit your topic by August 10th ⏩ kas.pr/6rx9

English

8.3K

دریافت کریں

@Skvern0 @malware_owl @3ffaaat @oct0xor @hypen1117 @kucher1n @TheSAScon @elonmusk