Pinned Tweet
34
18
246
Follow
Paul Rascagnères
@r00tbsd
Threat Researcher 's GReAT | I recommend never to listen to me. Also a 3D hobbyist & a short filmkaker more details here:
Paul Rascagnères’s Tweets
New:
#Turla is one of the most skilled hacker groups operating.
, Lea Frey and I've spent close to a year chasing down leads. We were able to identify, we think, two developers, their employers, and from there, their ties to the FSB.
interaktiv.br.de/elite-hacker-f
35
858
1,838
Show this thread
Situation in Quebec and Canada is improving and we are finally reaching the conditions where we will be able to hold Recon Montreal 2022…IN PERSON!
The training will be from May 30th to June 2nd and the conference will be on June 3rd to 5th.Stay tuned!We will be announcing soon
6
53
158
The very important goal has been achieved, for the benefit of the entire information security society: we decrypted Intel XuCode!
13
384
1,502
Show this thread
This is wild.
The Pixel 6's Android 13 build contains the new virtualization framework and pKVM (details on that here blog.esper.io/android-desser), so you can now do shit like this.
Quote Tweet
And here's Windows 11 as a VM on Pixel 6 twitter.com/kdrag0n/status…
Show this thread
12
133
636
Show this thread
To all Russia-Ukraine «experts» with « US intelligence sources», sitting somewhere West and safe: think twice and maybe wait to get more clearance before you tweet. It’s not about your retweets and followers but our lives here, in Ukraine. Imagine reading all this for a month
97
932
4,417
Show this thread
Topics to follow
Sign up to get Tweets about the Topics you follow in your Home timeline.
Carousel
Just blogged: using ClrMD and NativeAOT to write native WinDbg extensions in C#.
4
43
113
I've found a super-nice Ghidra extension that allows to run Python3 (also, js and ruby, sorry). Forked & patched it to make it work with the recent 10.2-dev
2
28
90
My daughter loves Midori Kuma...
1
2
22
The ultimate backdoor doesn't exi-
58
1,131
4,333
Show this thread
wow this blew up, uuhhh please note the DFx unlock requirement for enabling the instructions. In other words u need to be Intel or have a bypass in order to access this. See
7
71
313
Show this thread
New details:
- Chinese spies mined WSJ Google docs about Taiwan, Uyghurs, tech regulation, Biden + Harris
- Scores of reporters were personally notified their files were hacked
- Some told documents related to 20 or more of their stories were breached
32
455
535
Journalists writing on China should consider themselves as systematical targets. And they should protect their sources accordingly.
Privacy advocate think a lot about NSA powers.
Well, other countries can spy on you too.
1
7
14
Show this thread
The second article of MAS (Malware Analysis Series) is available for reading! The PDF version (96 pages) can be downloaded from:
exploitreversing.com/2022/02/03/mal
Have an excellent day.
#malware #malwareanalysis #reverseengineering #programming #threathunting
11
359
819
Quote Tweet
ESET's @matthieu_faou spoke at #CYBERWARCON about some curious watering hole activity with a nexus to the Middle East. 6/x youtu.be/A74dUU1hpEs
Show this thread
5
19
Join me in this webinar to get an in-depth understanding of #MoonBounce's internals and underlying story.
Quote Tweet
Webinar Alert
In spring of 2021, @kaspersky researchers identified a novel threat against UEFI in the wild - a benign #UEFI #firmware image named as Moonbounce
Find out in-depth about Moonbounce with Mark @_marklech_
Register now
bit.ly/3HeVozt
#hardwear_io
1
19
47
Meta intel teams are kicking asses. And thats a good reminder that there are bigger problems than just NSO group. Great report btw 💯
3
13
49
Show this thread
Het nieuwe paspoort kan vanaf 7 februari 2022 worden aangevraagd bij uw gemeente in België of, bij de consulaire post in het buitenland. De prijs die Buitenlandse Zaken aanrekent, blijft ongewijzigd.
ℹ️ Meer info over het paspoort: diplomatie.belgium.be/nl/Diensten/Di
2:16
71.3K views
30
301
564
Show this thread
Every once in a while, whenever a critical vulnerability affects Linux and everyone starts exploiting it, we remember that Linux audit logs are crap
14
48
339
The German domestic intelligence services just published an analysis of #APT27 HyperBro malware, with some IOCs and Yara rules to detect loading DLL and encoded thumb.dat file. They state that there is an ongoing campaign against German commercial companies.
Quote Tweet
Das Bundesamt für Verfassungsschutz warnt vor einer #Cyberangriffskampagne gegen deutsche Wirtschaftsunternehmen durch die Gruppierung #APT27.
Nähere Informationen und Handlungsempfehlungen finden Sie im aktuellen Cyberbrief: verfassungsschutz.de/SharedDocs/kur
1
39
61
#ESETresearch uncovers new Mac malware DazzleSpy, delivered using watering hole on a pro-democracy Hong Kong radio station website. Payload was launched as root without user interaction, using exploits for Safari and macOS. welivesecurity.com/2022/01/25/wat 1/7
4
217
346
Show this thread
The exploit for Safari is quite complex and massive. I really wanted to understand exactly what the vulnerability was and how it was mitigated, so I dived into the world of browser exploits for a few days and tried to explain how leaking object addresses was possible.
Quote Tweet
#ESETresearch uncovers new Mac malware DazzleSpy, delivered using watering hole on a pro-democracy Hong Kong radio station website. Payload was launched as root without user interaction, using exploits for Safari and macOS. @marc_etienne_ @cherepanov74 welivesecurity.com/2022/01/25/wat 1/7
Show this thread
2
55
169
Show this thread
Quick blog about finding malware by brute forcing uncommon string mutations, includes examples of Nobelium's FLIPFLOP, Meterpreter style "stack push" strings, a handful of scripts, sample yara rules and string lists to get you started. #100DaysofYARA
3
71
157
Show this thread
What a shitty day...
GIF
1
1
10
So many experts in Ukraine these days I am impressed. I wonder the percentage of them who can really put the country on a map.
GIF
4
5
28
New UEFI implant. Unlike predecessors, this requires boot guard for prevention, not secure boot
Speaking of those, here is the lecture and hands-on exercises I went through with #gccsec students last week for analyzing UEFI implants and hacking tools
github.com/tandasat/Secur
Quote Tweet
[1/n] Today I'm sharing the details of a research done by @vaber_b, @legezo, Ilya Borisov and myself on a UEFI firmware implant found in the wild, dubbed #MoonBounce. We assess that this formerly unknown threat is the work of the infamous #APT41. A 
securelist.com/moonbounce-the
securelist.com/moonbounce-theShow this thread
2
53
140
[] Que s’est-il vraiment passé les 13 et 14 janvier dans les infrastructures numériques du gvt ukrainien ? Il y a dans cette histoire bcp de cyberbrouillard & de questions, mais c'est d'évidence + sérieux qu'une vague de défigurations de sites web.
3
21
33
Show this thread
Quote Tweet
[1/n] Today I'm sharing the details of a research done by @vaber_b, @legezo, Ilya Borisov and myself on a UEFI firmware implant found in the wild, dubbed #MoonBounce. We assess that this formerly unknown threat is the work of the infamous #APT41. A
securelist.com/moonbounce-the
securelist.com/moonbounce-theShow this thread
3
19
63
[1/n] Today I'm sharing the details of a research done by , , Ilya Borisov and myself on a UEFI firmware implant found in the wild, dubbed #MoonBounce. We assess that this formerly unknown threat is the work of the infamous #APT41. A 🧵
11
335
554
Show this thread
First known cases of #NSO #Pegasus used to catch actually bad guys are starting to appear, like I suggested a few days ago. Details a bit unclear and no official confirmation. Article: m.calcalistech.com/Article.aspx?g
3
13
27
I'll be careful here, and I could be wrong, but looking at the MinGW based payloads of WhisperGate it is hard to trace anything that alludes to Sandworm, certainly not in complexity or attention to detail. The motivations of the actor, on the other hand, could be the same.
7
19
Protip of the day do not pivot on mainstream packer, do not pivot on mainstream downloader. Do not analyse AgentTesla or any other public RATs. #EnjoyLife
2
10
40
The hashes for the two-stage destructive malware are now in VirusTotal:
stage1.exe: virustotal.com/gui/file/a196c
stage2.exe: virustotal.com/gui/file/dcbba
19
282
625
Show this thread
Great share from MS. Thank you for listening and replying to us.
Quote Tweet
The hashes for the two-stage destructive malware are now in VirusTotal:
stage1.exe: virustotal.com/gui/file/a196c
stage2.exe: virustotal.com/gui/file/dcbba
Show this thread
8
39
For the ppl who upload fake files on VT with ransom strings inside and generates false hits. I recommend you to have a life. You will see it is nice to do stuffs, build objets or whatever. You will thank me in few years.
3
8
47
Out of the many questions running in my head with regards to the latest affairs in Ukraine one keeps repeating - who uses MBR in 2022?
7
6
31
There is similar samples on VT... Are they related to the incident? If yes, why did you make the choice to put hashes from samples not on VT in the blog post? #SharingIsCaring
Quote Tweet
Microsoft identified a unique destructive malware operated by an actor tracked as DEV-0586 targeting Ukrainian organizations. Observed activity, TTPs, and IOCs shared in this new MSTIC blog. We'll update the blog as our investigation unfolds. msft.it/6017ZQ8jH
Show this thread
1
2
17