Après on se souviendra de certains vainqueurs dans l’art du coupage de câbles internet…

1

Show this thread

Félix Aimé

@felixaime

3h

Ma copine (avocate) « Mais bien sûr »… 😂

1

Reminder: "Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications." docs.microsoft.com/en-us/windows/

42

665

2,328

Félix Aimé

@felixaime

Apr 15

🧐

Quote Tweet

Kilian SEZNEC

@KSeznec

· Apr 15

A new #Industroyer2 sample popped on VT virustotal.com/gui/file/d6966

3

Félix Aimé

@felixaime

Apr 14

Next time it will be « use internal servers to pivot » 😂

1

BTW I love the diamon model of « CHERNOVITE », especially the infrastructure. Or the art to say nothing.

1

3

Show this thread

Topics to follow

Sign up to get Tweets about the Topics you follow in your Home timeline.

Carousel

Félix Aimé

@felixaime

Apr 14

Blah blah blah. Still waiting (real) samples, no FUD for just marketing purpose. The published papers are completely empty regarding real and actionable intel.

Quote Tweet

Robert M. Lee

@RobertMLee

· Apr 13

PIPEDREAM should best be thought of as an ICS attack framework. It has numerous modules and can be modified easily to target different industries/equipment/environments. It is a very flexible framework that takes advantage of native functionality in these environments.

Show this thread

2

1

7

The fact that 12+ years after the last real improvement to BinDiff, people still use it, and it is still good, is among the proudest achievements of my life. That, and everybody please thank the heck out of

@AdmVonSchneider

for keeping BinDiff alive.

Quote Tweet

Brian in Pittsburgh

@arekfurt

· Apr 13

Even researchers who reversed then patch just assumed MS knew what it was talking about when it said SMB was involved. twitter.com/OphirHarpaz/st…

4

18

163

I don't know what people like about the Incontroller / Chernovite reports For me as a detection engineer, they contain 0 usable information They're like "The Chronicles of Narnia" but without a wardrobe I've never been more annoyed by an ATT&CK technique listing

8

19

95

📢CERTFR-2022-CTI-001 - Mise à jour de la publication d’éléments de connaissance sur la menace cyber liée aux tensions internationales actuelles : publication de 3 signatures de détection Sigma pour ProxyLogon et ProxyShell. Elles sont à votre disposition !

1

68

100

Here is the sample I refer to: 6ac740ebf98df7217d31cb826a207af6

1

6

Looks like #NOBELIUM. They used a variant Trello downloader + unhooking of NTDLL quite recently and it matches our YARA on that.

Quote Tweet

Dmitry Melikov

@DmitriyMelikov

· Apr 8

Interesting docx that imitates the document of the Israeli embassy. Contains a js that unpacks the dll. doc > bfc36f03b9752ca9d49ffb4d259129ad dll > E031C9984F65A9060EC1E70FBB84746B @InQuest @IdoNaor1 @James_inthe_box #ThreatHunting #maldoc

Show this thread

1

16

56

All you need to know about #MarsStealer, here:

blog.sekoia.io

Mars, a red-hot information stealer - SEKOIA.IO Blog

Mars Stealer is an information stealer sold on underground forums by MarsTeam since June 22, 2021, with the malware-as-a-service model.

1

17

34

Félix Aimé

@felixaime

Apr 5

I can't wait... too much time alone in my cave!

I took my tickets for the next

@Botconf

in Nantes! See you there! 🕺🌈

1

16

GIF

1

How it was / How its going #AcidRain #SurfBeam2.

GIF

1

2

3

We wanted to share IOCs related to an infrastructure cluster that

@sekoia_io

dubbed "Banana Sulfate". Still no attribution regarding the threat actor behind it 👻 Download the IOCs below and check your logs 🧐 Report: hubs.la/Q017bGRB0 | VT: bit.ly/3NCPFHj

13

27

Félix Aimé

@felixaime

Apr 1

BG.

Quote Tweet

Jean-Philippe SALLES

@JPS_CTI

· Apr 1

Dernier jour à l'@ANSSI_FR en tant chef de la #CTI. Une extraordinaire aventure dans une administration d'exception qui a su donner sa chance au petit analyste que j'étais ! Je quitte l'ANSSI fier, mais aussi triste. J'aime cette équipe que je laisse !

Show this thread

1

2

Transfer your PC clipboard to a nearby mobile device: xclip -o -s c | qrencode -o - | feh --force-aliasing -ZF -

A screenshot from the iOS camera app. A QR code is showing in full screen on my monitor, and iOS has annotated it with the QR's contents:

xclip -o -s c | qrencode -o - | feh --force-aliasing -ZF -

read image description

ALT

20

255

1,258

I hope that one day Ukrainians will be able to forgive Russians for the war of Putin

2

4

24

Félix Aimé Retweeted

Nate Beach-Westmoreland

@NateBeachW

Mar 29

US company published a CTI blog post in 2014→company was purchased→the new parent co was purchased→blog disappears. The original post was never archived or saved in a public report repo. Where did I find a copy? The original co's never-deleted Korean blog on a public platform

GIF

read image description

ALT

1

21

Show this thread

Félix Aimé Retweeted

Malwarebytes Threat Intelligence

@MBThreatIntel

Mar 29

ℹ️ Latest from our Threat Intelligence team: Spear phishing campaign targets Russian dissidents with Cobalt Strike and (new to us) RAT. blog.malwarebytes.com/threat-intelli

1

26

49

Browser Add-On: Fake Profile Detector (Deepfake, GAN). Right-click on a profile picture, our model will detect if that image contains a GAN generated or real person. #osint #socmint

13

277

790

Félix Aimé

@felixaime

Mar 28

Quand tu te lèves le matin et que t'entends sur France Inter qu'un expert (sic.) a parlé de risque de "dissémination d'armes cyber" en Ukraine🇺🇦, t'as juste envie de vomir ton petit dèj.

2

18

I just released DLLirant, a tool to automatize the DLL Hijacking researches on a specified binary, this is a first version, not perfect but useful anyway for red teamers #redteam #infosec github.com/Sh0ckFR/DLLira

3

166

545

Me and the boys finding and replacing "BerserkBear; EnergeticBear; Dragonfly" with "FSB" without violating an NDA.

Quote Tweet

Active Measures, LLC

@FCDserviceA_llc

· Apr 15, 2021

Me and the boys finding and replacing "APT 29" with "SVR" without violating an NDA.

2

9

51

Félix Aimé

@felixaime

Mar 24

Some re-use of #NOBELIUM EnvyScout HTML to execute Meterpreter? HTML - 187dccf9b35ff7035b38d2806bc4aafd EXE (Go!) - 3c04b3b04419d5a22f054318f8f25fbc

8

24

Félix Aimé

@felixaime

Mar 23

Breaking... breaking... euh...

Quote Tweet

ESET research

@ESETresearch

· Mar 23

#BREAKING #ESETresearch discovered an ongoing #MustangPanda campaign using new #Korplug variant deployed with elaborate custom loaders. Every stage of the deployment process uses anti-analysis techniques and control-flow obfuscation 1/6 @barberousse_bin welivesecurity.com/2022/03/23/mus

Show this thread

4

💥 The extorsion group Lapsus$ that already succeeded in breaching several high profile companies is running riot and sowing confusion. In this blogpost, our Threat & Detection Research team answers your interrogations by drawing the profile of the group.

sekoia.io

Lapsus$: when kiddies play in the big league - SEKOIA.IO

1

16

21

Replying to

Cyber security is the only industry in the world where 75% of the industry just writes policy and doesn't have any technical clue. It's like a mechanics garage where 75% of them write the procedure on how to change a tyre but only 25% know how.

3

12

57

Félix Aimé

@felixaime

Mar 22

LAPSUS$ is the new LulzSec. With OPSEC fails included.

1

4

19

Want to make a difference in the fight against #cybercrime ? Due to continued growth, we are looking for an Operations Lead and for a DevOps Engineer. Check the job profiles: csis.com/operations-lea csis.com/devops-enginee #CyberSecurity #Jobs #jobsearch

4

2

Written a quick blog post about abusing Kerberos to locally bypass UAC. Unclear if this technique has been documented before, but at the very least I describe why it works :) tiraniddo.dev/2022/03/bypass

6

221

544

Félix Aimé

@felixaime

Mar 20

Il y a de sacrés fous 😍.

youtube.com

ISS captured through my backyard telescope

www.instagram.com/sebastianvoltmerRecently I was able to take this images of the International Space Station (ISS) under best viewing conditions (seeing) ...

1

4

L'agenda est dispo: bit.ly/3KLMpqW! RDV le 7 Avril pour évoquer ensemble des sujets du Lab (Titan M, (Qb)bernetes, carhacking, Polkadot...) & des logiciels Quarkslab (attestation à distance, l'évaluation du niveau de sécurité d'une app & l'analyse de sécurité sur mesure)