taha ז‎

@lordx64

Dir. Threat Intelligence , Looking at web3 layer 4

lordx64.medium.com
Joined July 2009
218 Photos and videos Photos and videos

Tweets

You blocked @lordx64

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @lordx64

  1. Pinned Tweet
    14 Dec 2020

    A one liner to decrypt SUNBURST backdoor strings: “de4dot.exe SolarWinds.Orion.Core.BusinessLayer.dll —strtyp delegate —strtok 060009d9” the rest is history : BeforeAfter

    10 replies 169 retweets 531 likes
    Show this thread
    Show this thread
    Undo
  2. 2 hours ago

    Non-TLS traffic on TLS ports is also bad sign 🤷‍♂️

    TLS traffic to non-TLS ports in CapLoader
    TLS traffic to non-TLS ports is often a bad sign.
    Show this thread
    1 like
    Undo
  3. Retweeted
    6 hours ago

    When the CEO is on cable news talking about how the organization's security is "absolutely impenetrable" and doesn't realize what's coming next...

    6 replies 11 retweets 90 likes
    Undo
  4. Retweeted
    11 hours ago

    Investigating an Active CobaltStrike Cluster 🔥 🟣 Hosted on 23.227.198.0/24 🟣 Port 757 for C2 🟣 Protonmail + MonoVM for DNS 💥Associated with: , , , , Thanks to , & for sharing intelligence publicly!

    2 replies 29 retweets 98 likes
    Show this thread
    Show this thread
    Undo
  5. Retweeted
    19 hours ago

    Today, bored ape holder "s27" lost their bubble gum ape and matching mutants ($567k at current floors) in an instant. This is a thread on how it happened, and how to prevent something similar from happening to you. 1/🧵

    440 replies 2,102 retweets 5,829 likes
    Show this thread
    Show this thread
    Undo
  6. 19 hours ago

    Show this thread
    Show this thread
    Undo
  7. 20 hours ago

    Scam

    This Tweet is unavailable.
    1 reply
    Show this thread
    Show this thread
    Undo
  8. Retweeted
    Apr 3

    I'm currently suffering with Covid-19. In "celebration", here is a twitter thread describing my Covid lockdown project: hacking a Casio CFX-9850G calculator, from 1996 with 32KB of RAM and a 128x64 LCD screen, to run custom machine code. (1/25)

    49 replies 421 retweets 2,085 likes
    Show this thread
    Show this thread
    Undo
  9. Apr 4

    Hey lets setup a call when you can 🤝

    17/ With the help of an anon friend I track them down to be from Dubai, France, UK based on the team’s digital footprint. The other names Amir Adjaouti & Remy Goma came up. This audio from a BB AMA features both “Jeff” & “Greg” talking.
    Show this thread
    1 reply 2 likes
    Undo
  10. Retweeted
    Apr 4

    1/ Time for another $960k NFT rug this time involving Laurent Correia a popular French influencer with a reality TV show.

    162 replies 649 retweets 2,249 likes
    Show this thread
    Show this thread
    Undo
  11. Retweeted
    Apr 4

    🚨📝 New threat research blog, "Power Hour", published today by . Please enjoy 🌶🌶 Blog includes: - FIN7 archaeology & evolution ⛏ - deep dive - BIRDWATCH (~) - Supply chain (😱) neat stuff in thread 🧵⤵️

    2 replies 63 retweets 124 likes
    Show this thread
    Show this thread
    Undo
  12. Retweeted
    Apr 3

    So a proof of concept is done. I was able to build a small rootkit with eBPF that allows for RCE over any listening TCP connection. You heard that right. Any TCP connection. Right now there is a detectable userspace element, but stay tuned for more.

    13 replies 131 retweets 486 likes
    Show this thread
    Show this thread
    Undo
  13. Retweeted
    Apr 4

    I have released publicly a NSA report entitled "Catalog of Enigma Cipher Machine Wirings" that I obtained through a FOIA request in 2007. The full report or in chapters is available here:

    2 replies 27 retweets 57 likes
    Undo
  14. Apr 4

    Now that we done with ransomware, i am looking forward for the next trendy threat: insider threats! Question: we will need to include insider threats into our security program, but from where we should start? Answer: STAKEHOLDERS

    Undo
  15. Apr 3

    Rust programming language was created in 2010. Why i feel like it was just created moments ago?

    1 reply 2 likes
    Undo
  16. Apr 3

    InstaCyber and BlueHornet walk into a bar ..

    6 likes
    Undo
  17. Apr 3

    Heard about: Chinese Intelligence Law?

    2 likes
    Show this thread
    Show this thread
    Undo
  18. Apr 3

    Lol this is old news. We all know EVERY chinese company MUST collaborate with chinese government.

    BREAKING: We have EVIDENCE that Tencent is actively engaging in cyber espionage campaigns with APT3, who we've gone ahead and ruined.
    Show this thread
    1 reply 5 likes
    Show this thread
    Show this thread
    Undo
  19. Apr 3

    How should we call bots having reverse proxy issues?

    12 replies 49 retweets 339 likes
    Undo
  20. Apr 3

    I love when my tweets age well. Today MailChimp confirmed today that their service has been compromised by an insider targeting crypto companies cc

    Who would have thought insider threat is gonna be a 2022 thing?
    2 likes
    Undo
  21. Retweeted
    25 Dec 2020

    In my quest to write a fast IPv4+6 parser, I have written a slow-but-I-think-correct parser, to use as a base of comparison. In doing so, I have discovered more cursed IP address representations that I was previously unaware of. A thread!

    39 replies 548 retweets 1,950 likes
    Show this thread
    Show this thread
    Undo

@lordx64 hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·