Yorick Koster

@yorickkoster

Offensive security research & tools

Netherlands
securify.nl/en/
Joined June 2013
31 Photos and videos Photos and videos

Tweets

You blocked @yorickkoster

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @yorickkoster

  1. Retweeted
    Oct 16

    Looks like the latest framework version has been released.

    3 replies 47 retweets 182 likes
    Undo
  2. Retweeted
    Oct 14

    A new post about security implications of recent Unicode issues found in the Windows registry. TL;DR: No uppercase table loaded? EoP!

    1 reply 18 retweets 58 likes
    Undo
  3. Retweeted
    Oct 12

    Mortal Kombat will be 30 years old in 2022. But 2021 marks 30 years since we actually BEGAN working on the game. To celebrate, it seemed like a fun idea to share some behind-the-scenes stuff. This clip shows how we created Scorpion’s iconic (GET OVER HERE!) spear move. (1 of 9)

    1,137 replies 15,579 retweets 63,406 likes
    Show this thread
    Show this thread
    Undo
  4. Retweeted
    Oct 8

    Android banking apps in the US heavily under attack with specific bot updates and campaigns, including families with automated transfer system (ATS) capabilities.

    We can’t explain the sudden focus on the US 🇺🇸, new day limits in apps perhaps? Here is a clear trend: top families such as , , updated there ATS and overlays targets this week for US android banking apps.
    1 retweet
    Undo
  5. Retweeted
    Oct 8

    We can’t explain the sudden focus on the US 🇺🇸, new day limits in apps perhaps? Here is a clear trend: top families such as , , updated there ATS and overlays targets this week for US android banking apps.

    5 retweets 13 likes
    Undo
  6. Retweeted
    Oct 7

    New DriverEntry post: Side Channel Attacks on iPhone with iTimed Toolkit (by ):

    15 retweets 37 likes
    Undo
  7. Retweeted
    Oct 7

    PIC your Katz! Say hello to HandleKatz, our position independent Lsass dumper abusing cloned handles, direct system calls and a modified version of minidumpwritedump() brought to you by

    5 replies 176 retweets 354 likes
    Undo
  8. Retweeted
    Oct 7

    Click me if you can, Office social engineering with embedded objects

    1 reply 29 retweets 53 likes
    Undo
  9. Retweeted
    Oct 3

    () has switched back to voicemail scam with new app ICON. Sample: e93a4e8bec4e2bf47157e55be150c8fb62c38cd4ca180b473f53259fa44cdd48

    1 reply 16 retweets 19 likes
    Undo
  10. Retweeted
    Oct 1

    As mobile payments are skyrocketing, mobile fraud-by-malware has grown at a similar pace and is now reaching worrying heights. Campaigns like , () and are momentarily more active than ever before and are terrorising the entire financial sector.

    6 retweets 11 likes
    Undo
  11. Retweeted
    Oct 1

    Our article in the One Conference magazine contains a (limited amount of) free access codes to try out our online cybersecurity escape room. There are still some codes left, so be sure to grab one before they are all gone!

    4 retweets 3 likes
    Undo
  12. Retweeted
    Sep 27

    ThreatFabric writes about ERMAC, a new Android banking trojan based on Cerberus and operated by BlackRock actor(s).

    7 retweets 10 likes
    Undo
  13. Retweeted
    Sep 27

    ERMAC, a new malware that is already being widely distributed as part of an ongoing campaign, steals users' financial information and login passwords from 378 banking and wallet apps. Read details:

    4 replies 146 retweets 171 likes
    Undo
  14. Retweeted
    Sep 24

    Some MTI context on (new bot based on Cerberus) as reported by , its operated by the threat actor behind , considering his strong track record targeting 378 banking and wallet apps we expect to see more in the coming days.

    2 replies 14 retweets 17 likes
    Show this thread
    Show this thread
    Undo
  15. Retweeted
    Sep 24

    "Big name" company say something -> mainstream news jumps on it. Meanwhile the reality: that "new" malware is not new & some "not big name" people (us) tweeted about this campaign multiple times before, but ofc for mainstream "small people" not exists... 😫

    5 replies 13 retweets 26 likes
    Show this thread
    Show this thread
    Undo
  16. Retweeted
    Sep 23

    Repeat after me.. the bug belongs to the researcher! If the researcher chooses to print the exploit in ASCII hex and hang it from a bridge after finding it.. that’s up to them.

    In my LinkedIn post comments right now. Incredible.
    4 replies 14 retweets 76 likes
    Show this thread
    Show this thread
    Undo
  17. Retweeted
    Sep 23

    Using chimera technique to abuse -2021-40444. File path with ?.wsf as suffix and manipulated RAR archive:

    3 retweets 9 likes
    Undo
  18. Retweeted
    Sep 18

    Generating a hook with to intercept traffic from Android flutter based apps. r2pipe script performs basic search and pattern matching to find ssl_crypto_x509_session_verify_cert_chain(). Inspired by 's blogposts.

    4 replies 46 retweets 145 likes
    Show this thread
    Show this thread
    Undo
  19. Retweeted
    Sep 17

    Microsoft will no longer require users to enter a password to access their accounts. Instead, they'll have to use an app, a verification code or facial recognition. Check it out ⬇️

    65 replies 1,007 retweets 3,034 likes
    Undo
  20. Retweeted
    Sep 15

    Android banking trojan src and builder panel leak is a fact, we are already see an increase in new samples.

    5 retweets 5 likes
    Undo

@yorickkoster hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·