Yun @YunZhengHu
Joined May 2011-
Tweets720
-
Followers374
-
Following692
-
Likes5K
Attention: we are sharing a one-off special report on Cactus ransomware group campaign targeting Qlik Sense (data viz & business intelligence tool): shadowserver.org/what-we-do/net… 2894 IPs found vulnerable to CVE-2023-48365 91 IPs found compromised by Cactus ransomware group
The xz package tar's were backdoored. Only discovered because the backdoor slowed down sshd enough for Andres Freund to investigate. Consider the case where the backdoor didn't cause perf issues... How long would this have gone undetected? openwall.com/lists/oss-secu…
🚀 Our open-source Dissect project now supports reading Fortinet firmware files! 🛡️ Easily mount, browse or dump FortiGate firmware files hassle-free with Dissect. No extra steps needed! #Dissect #Fortinet #FortiGate #Firmware github.com/fox-it/dissect…
Discover the latest insights on Blister malware in our new blog. We examine past payloads and delve into recent developments. 🕵️♂️🩹 #BlisterMythic #Blister blog.fox-it.com/2023/11/01/pop…
We hypothesize that the adversary patched this authentication bypass using the implant by returning a 404 whenever the request URI contains a percent sign. In other words, the implant ensured nobody other than the initial actor would be able to compromise the Cisco device. [2/2]
🙋♂️Update! With Cisco IOS XE CVE-2023-20198 exploitation details now public, we're releasing our Suricata rules. These rules monitor for a percent-encoded-percent which can be used to bypass authentication on unpatched Cisco IOS XE devices. github.com/fox-it/cisco-i… [1/2]
🚨IMPORTANT🚨 We have observed that the implant placed on tens of thousands of Cisco devices has been altered to check for an Authorization HTTP header value before responding [1/3]
🚨Fox-IT and @DIVDnl have revealed that a exploitation campaign targeting Citrix NetScalers has backdoored approximately 2K NetScalers worldwide! Check your NetScalers for indicators of compromise, even after patching CVE-2023-3519!🔒 🔗blog: blog.fox-it.com/2023/08/15/app…
New blog post about scalable forensics timeline analysis using Dissect and Timesketch zawadidone.nl/scalable-foren…
In this blog post, we share our research on version identification of Citrix ADC and Gateway servers and how we measured the update adoption on the internet for CVE-2022-27510 & CVE-2022-27518, two critical CVEs with a CVSS v3 score of 9.8 blog.fox-it.com/2022/12/28/cve…
Merry Christmas 🎄! Here’s a new 13Cubed episode about Dissect -- a powerful, now open source, IR framework. Enjoy! youtube.com/watch?v=A2e203… #DFIR #forensics
@forensic_matt @foxit Been using dissect.cstruct in projects the last two, three years. Pretty output also.
Join us for a webinar on Dissect, Fox-IT’s in-house developed enterprise-scale forensics framework for data acquisition and analysis. It has enabled our IR practice to push its capabilities, increase its speed and provide more value to our customers.event.on24.com/wcc/r/3910820/…
#flareon9 is happening. Let your family know you'll miss them. mandiant.com/resources/anno…
The flow analyzer myself and @Bazumo wrote for ICC 2022 is now finally public! It comes out of the box with fancy Attack/Defence features, like Suricata integration, traffic tagging, automatic exploit generation, and more! github.com/OpenAttackDefe… #icc_games
When you find out that your name is a valid Cobalt Strike stager URI 😂
Blog: A brief look at Windows telemetry: CIT aka Customer Interaction Tracker by @Schamperr Includes code to parse the CIT database which is in Windows version until at least version 7 and is further source of forensic data. research.nccgroup.com/2022/04/12/a-b…
RIFT Blog: Mining data from Cobalt Strike beacons, by @YunZhengHu It includes the open-source release of our historical Beacon dataset (2018-2022) and Python library called dissect.cobaltstrike for dissecting and parsing Cobalt Strike related data. research.nccgroup.com/2022/03/25/min…
Francisco Dominguez @FSDominguez
1K Followers 691 Following Has been dabbling for a while in offense & defense. Information should be free.
Fox-IT @foxit
15K Followers 315 Following IT-Security company creating special security, intelligence and forensics solutions. Fox-IT is part of NCC Group.
𝗥𝗼𝗻𝗮𝗹�.. @cryptoron
18K Followers 3K Following Cyber Security / Hunt & Hackett / Ooit NFI/AIVD/Fox-IT/TIB/OVV/Kiesraad. Maakte podcast Cyberhelden. Zeilt nu een rondje rond de wereld.
Ollie Whitehouse @ollieatnowhere
5K Followers 1K Following CTO @NCSC Former: PortSwigger, Interrupt Labs, NCC Group, BlackBerry, Symantec and Atstake
Rickey Gevers @UID_
9K Followers 4K Following Exposed Russian, Chinese, Iranian & Indian state sponsored hackers. Founded @waarneming & @scatsec. Currently @RespondersNU. 4.669; 3.14159.
Wouter Jansen @www0ut
212 Followers 444 Following
Beefy_tires @Beefy_tires
11 Followers 192 Following
Naman Devnani @naman_devnani
332 Followers 5K Following Security Researcher | Purple Team | Bug Hunter | CTF Player | Science & Tech Enthusiast | R&D | All-Source Intelligence | CAP | DCSP | TTIA | BCDE
Sloan Golemba @SlGolemba
61 Followers 5K Following
sh4dy @sh4dy_0011
485 Followers 943 Following Student (Chemical Eng.) at IIT Roorkee| Reversing ,Low-Level Programming, AI | Learning Kernel and Browser Pwn
Sarah Marie @SarahMarie99888
104 Followers 3K Following
Melissa @wilson_melissa4
113 Followers 3K Following
Max @Max36757436
9 Followers 126 Following
Peataez @peataez71799
5 Followers 861 Following Follow me, maybe it's the beginning of our fate, we can talk
PixelPirate @PirateGazer
22 Followers 95 Following
Zemmi @ZemSEC
3 Followers 51 Following
Matt Davis @Monkey00Magic
3 Followers 30 Following
jaychouzzk @jaychouzzk
24 Followers 786 Following
Erwin Huggers @ehuggers
106 Followers 417 Following Officieel account. Zonder blauw vinkje... met veel retweets... veel rood/wit van PSV... ergert zich groen en geel... soms oranje, wat humor...
Jeff Collee @jeffcollee
95 Followers 264 Following
E=mc² @EmilioMacesic
122 Followers 738 Following You only live once, but if you do it right, once is enough
ThreatAlertNL @ThreatAlertNL
24 Followers 433 Following
twsqwtggxcgs @twsqwtggxcgs
0 Followers 153 Following
Oscar @Oscarvanos
63 Followers 202 Following
Alexkvw @Alexkvw
3 Followers 19 Following
Pjiet1337 @pjiet1337
0 Followers 124 Following
margitcommit @margitcommit
12 Followers 54 Following
Lennaert @lennaert89
2K Followers 3K Following Interested in #infosec #hacking #osint #dfir #bugbounty! Security Analyst @zerocopter Head CSIRT @divdnl @hacknotcrime Advocate Aut viam inveniam aut faciam.
Ralph Horn @0xgan
85 Followers 600 Following Data nerd lost in Cyber Teamlead CSIRT @divdnl Incident Responder @Northwave_Sec Membership: @curatedintel Interested in #infosec #hacking #osint #dfir #cti
Akhil Rapelly @rapelly11akhil
355 Followers 5K Following We hack to protect. Cybersecurity Consultant/Security Researcher/Infosec
JD Franke @franke_jd
0 Followers 55 Following
Randy B @texasaggie1
2K Followers 1K Following Husband. Dad. Businessman. Texan. Technology geek. Cybersecurity expert. CEO of tekRESCUE & tekRESCUE Digital.
Ryan Butler @Ryan_C_Butler
842 Followers 625 Following Principal Cloud Services Architect with @ahead doing all things DevOps and automation. Citrix Technology Professional x3 (CTP) 19-21
ice @ice98079542
105 Followers 2K Following
B1Z#3PT#3B35T @3b35t
6 Followers 357 Following The person who thinking too hard and have fun with it.
makelaris @makelariss
1K Followers 2K Following I breathe content. 🏴 CTF Technical Manager @hackthebox_eu. Opinions are my own. he/him
wh0am1 @security_sesha
2K Followers 3K Following Script Kiddie. OSWE | OSCP | CISSP. Tweets or likes are my bookmarks to access those on PC, mobile or in transit. https://t.co/2Z5GLioDFh
TheVamp @TheHaloVamp
513 Followers 1K Following Reversing, hacking, cracking, coding, caffeine junkie, OSCP, ALLES! - CTF Member | [email protected]
Dario Candia @DarioLp8
269 Followers 4K Following Ciberseguridad/SOC/Blue Team/Investigador/ Threat Intelligence/
Bonan Ruan @ImmerzZ
75 Followers 622 Following Ph.D. student in NUS (Cybersecurity). Opinions are my own.
shshp @shshp4
0 Followers 5K Following
Morty @MortyJin
70 Followers 895 Following
x+y+z=0 @flyawaytang520
2 Followers 219 Following
crazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not group
Moshe Ben Abu @mtrancer
1K Followers 1K Following
Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇
Francisco Dominguez @FSDominguez
1K Followers 691 Following Has been dabbling for a while in offense & defense. Information should be free.
Fox-IT @foxit
15K Followers 315 Following IT-Security company creating special security, intelligence and forensics solutions. Fox-IT is part of NCC Group.
𝗥𝗼𝗻𝗮𝗹�.. @cryptoron
18K Followers 3K Following Cyber Security / Hunt & Hackett / Ooit NFI/AIVD/Fox-IT/TIB/OVV/Kiesraad. Maakte podcast Cyberhelden. Zeilt nu een rondje rond de wereld.
Nicolas Krassas @Dinosn
122K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3
Andrew Thompson @ImposeCost
34K Followers 1K Following Head of Research and Discovery @Mandiant/@GoogleCloud. Understanding and countering adversaries. Posts attributable to me—not my employer.
bert hubert 🇺🇦 @bert_hubert
4K Followers 467 Following Voormalig toezichthouder, schrijft stukjes, nerd, amateur wetenschapper, techneut @Kiesraad, 🇪🇺 English: @bert_hu_bert, https://t.co/iOONLS8qMQ
Dirk-jan @_dirkjan
25K Followers 173 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
ESET Research @ESETresearch
32K Followers 30 Following Security research and breaking news straight from ESET Research Labs.
Ollie Whitehouse @ollieatnowhere
5K Followers 1K Following CTO @NCSC Former: PortSwigger, Interrupt Labs, NCC Group, BlackBerry, Symantec and Atstake
Troy Hunt @troyhunt
228K Followers 1K Following Creator of @haveibeenpwned. Microsoft Regional Director. Pluralsight author. Online security, technology and “The Cloud”. Australian.
Alex Plaskett @alexjplaskett
9K Followers 590 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.
13Cubed @13CubedDFIR
6K Followers 0 Following The official Twitter account for 13Cubed. Follow @davisrichardg for my personal account.
Wouter Jansen @www0ut
212 Followers 444 Following
Jan-Jaap Oerlemans @jjoerlemans
4K Followers 840 Following Bijzonder hoogleraar Inlichtingen en Recht & universitair docent Strafrecht | Universiteit Leiden | Cybercrime | Cybersecurity | Digitale onderzoeken
Shadowserver @Shadowserver
18K Followers 0 Following Our mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. Join our Alliance!
Grafana @grafana
59K Followers 135 Following #GrafanaCON 2024 talks are now available on our YouTube channel. Click the link to start streaming.
EdgeDB @edgedatabase
5K Followers 0 Following A maglev for your data. Discord 👉 https://t.co/SdR2EWdzP7 Join the hackathon 👉 https://t.co/aXytM4irmx
Craig Rowland - Agent.. @CraigHRowland
7K Followers 289 Following Agentless Linux security and incident response. Linux malware, digital forensics, intrusion detection, and long nights. Founder @SandflySecurity.
Maurice Heumann @momo5502
12K Followers 194 Following 🐍 DRM Developer & Reverse Engineer. My girlfriend rates me 4/5 stars.
runZero, Inc. @runZeroInc
2K Followers 7 Following Introducing runZero (formerly Rumble Network Discovery) Unmatched network visibility and asset inventory. Zero unknowns on your network. Try runZero for free.
3 Body Problem @3body
12K Followers 12 Following They are coming. 3 Body Problem is now playing on Netflix.
Sophia 🦊 @spookphia
10K Followers 1K Following Professional Script Kiddie 🤓 • GT86 & MK1 MX5 🏁 • @Security_Queens co-founder 👑 • Cyber Hunter @Hunted_HQ 🕵• @LHS_Chelt Admin 💚 • Views are my own
Mistral AI @MistralAI
91K Followers 0 Following Fast, open-source and secure language models. Join us https://t.co/INALdNGvCP
Cisco Talos Intellige.. @TalosSecurity
48K Followers 172 Following The Official Twitter account of the Cisco Talos Intelligence Group. Support requests: https://t.co/LGrHyYbolX
Is Now on VT! @Now_on_VT
1K Followers 292 Following Get notified when interesting APT/FIN indicators of compromise appear on https://t.co/Sb3PFMresB. A threat intelligence project by @craiu
Matthew @embee_research
12K Followers 1K Following Malware Researcher & Reverse Engineer | Creating and Sharing Educational Cyber Content
Kim Dotcom @KimDotcom
1.6M Followers 19K Following Entrepreneur, Innovator, Gamer, Artist, Internet Freedom Fighter & Father of 6
Tucker Carlson @TuckerCarlson
12.8M Followers 1 Following
Paul Ford @ftrain
48K Followers 3K Following Co-founder @aboard, often at @WIRED. https://t.co/okso6318TX, other places, etc.
Mitchell Hashimoto @mitchellh
113K Followers 136 Following Working on a new terminal. 👻 Prev: founded @HashiCorp. Created Vagrant, Terraform, Vault, and others. Passionate about indie software.
Jeff Collee @jeffcollee
95 Followers 264 Following
The PyPy Project @pypyproject
8K Followers 60 Following The developers of the PyPy project: a fast, compliant Python interpreter.
Python Software Found.. @ThePSF
651K Followers 132 Following The nonprofit organization behind the Python programming language. For help with Python code, see https://t.co/XDHPttz2Xv On Mastodon: @[email protected]
Oscar @Oscarvanos
63 Followers 202 Following
msm @MsmCode
2K Followers 64 Following Malware analyst. Cofounder of @p4_team, ALL opinions are of my employers, cats and friends. [email protected]
Lennaert @lennaert89
2K Followers 3K Following Interested in #infosec #hacking #osint #dfir #bugbounty! Security Analyst @zerocopter Head CSIRT @divdnl @hacknotcrime Advocate Aut viam inveniam aut faciam.
margitcommit @margitcommit
12 Followers 54 Following
Ryan Butler @Ryan_C_Butler
842 Followers 625 Following Principal Cloud Services Architect with @ahead doing all things DevOps and automation. Citrix Technology Professional x3 (CTP) 19-21
Md Ismail Šojal @0x0SojalSec
22K Followers 4K Following Cyber_Security_Researchers || 0SINT || Digital Forensics System Analysis / incident Response II Pwn || GH0ST_3xP10iT || 0ld Accounts Suspended @0xSojalSec ||
Zhuowei Zhang @zhuowei
34K Followers 197 Following link in bio ⬛⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩 ⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩🟩🟩 ⬛⬛🟧⬛🟩🟫🟫🟫🟫🟫🟫🟩 ⬛⬛🟧⬛🟫🟫🟫🟫🟫🟫🟫🟫 ⬛⬛🟧🟧🟫🟧🟩🟧🟧🟩🟧🟫🟧 ⬛⬛🟧🟧🟫🟧🟫🟧🟧🟫🟧🟫🟧 ⬛⬛⬛🟧🟧🟧🟧🟧🟧🟧🟧🟧🟧 ⬛⬛⬛🟩🟩🟧🟧🟫🟫🟧🟧🟩🟩 ⬛🟫🟫🟫🟫🟫🟧🟧🟧🟧🟩🟩🟫 🟫🟫🟧🟫🟫🟫🟫🟩🟩🟩🟩🟩🟧 🟫🟧🟧🟧🟫🟫🟧🟫🟫🟩🟩🟧🟧
TheVamp @TheHaloVamp
513 Followers 1K Following Reversing, hacking, cracking, coding, caffeine junkie, OSCP, ALLES! - CTF Member | [email protected]
Jelle Niemantsverdrie.. @jelle_n
1K Followers 2K Following Dad x2. National Security Officer at Microsoft. Aims for invisible and human-centered security. Public speaker. Chicago Booth MBA. AI MSc. Rower/runner/reader.
Lupe Laaw @1LupeLaaw
26 Followers 904 Following
crazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not group
Morty @MortyJin
70 Followers 895 Following
Bonan Ruan @ImmerzZ
75 Followers 622 Following Ph.D. student in NUS (Cybersecurity). Opinions are my own.
heige @80vul
11K Followers 1K Following (a.k.a. SuperHei) The Leader of KnownSec 404 Team ( ZoomEye https://t.co/fzvFAp6uxG SeeBug https://t.co/ldKpbhF9gg KCon https://t.co/46w4vX766n),Team: 0x557
Wouter @wgeurtzen
162 Followers 156 Following product manager @FoxIT, web enthousiast, tennis fanatic
jolmos @sha0coder
1K Followers 404 Following I like to create useful things, and sometimes not that useful things just for fun.
Michael @aelonius
254 Followers 782 Following #BlueTeam | #CyberSecurity Analyst | Always seek how can we be & do better. I am a fierce supporter of independence around the world. Tweets are my own.
Dave Maasland @DaveMaasland
4K Followers 3K Following Connecting & inspiring people to create a safer, digital world | Passion for IT Security | CEO @ESETNL
Jаsper 🚴🏳️�.. @Saszper
107 Followers 990 Following @[email protected] | DFIR & reversing pleb | digital privacy advocate | 🍞 lover | he/him or they/them
Steffen Moorrees @morris2009
288 Followers 184 Following Technical lead Forensics & Incident Response @ Fox-IT
Kaitai Project https:.. @kaitai_io
2K Followers 896 Following Kaitai Struct: declarative language to generate binary data parsers — https://t.co/gM1LiZYNBA
Tom van Veen @tom_vanveen
135 Followers 221 Following
New Blog: Sifting through the spines: identifying (potential) Cactus ransomware victims research.nccgroup.com/2024/04/25/sif…
This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Qlik Sense servers for initial access. blog.fox-it.com/2024/04/25/sif…
Attention: we are sharing a one-off special report on Cactus ransomware group campaign targeting Qlik Sense (data viz & business intelligence tool): shadowserver.org/what-we-do/net… 2894 IPs found vulnerable to CVE-2023-48365 91 IPs found compromised by Cactus ransomware group
We have been reverse engineering the XZ Utils backdoor and are sharing some initial findings: we've identified multiple hooking options to adapt to different environments, and a hardcoded fake public key that can appear in verbose SSH logs depending on attacker-controlled flags.
Want more epic Linux hack content? This was my go to for "real APT on Linux content" posted in 2021 and the author hasn't posted since... @IgorBog61650384 you ok? igor-blue.github.io/2021/03/24/apt…
The xz package tar's were backdoored. Only discovered because the backdoor slowed down sshd enough for Andres Freund to investigate. Consider the case where the backdoor didn't cause perf issues... How long would this have gone undetected? openwall.com/lists/oss-secu…
🚀 Our open-source Dissect project now supports reading Fortinet firmware files! 🛡️ Easily mount, browse or dump FortiGate firmware files hassle-free with Dissect. No extra steps needed! #Dissect #Fortinet #FortiGate #Firmware github.com/fox-it/dissect…
Check out our latest blog where we pluck the feathers off Android Malware Vultur's latest variants, revealing its most recent developments in masquerading malicious activity and how it maximises remote control over infected devices. blog.fox-it.com/2024/03/28/and…
@noperator @bishopfox Support for this was added to Dissect earlier this year, with all current encryption keys added last week (#568)! Unfortunately the described method in the blog doesn’t work as well for other processor architectures. github.com/fox-it/dissect…
@_JohnHammond Great walkthrough! That’s the same approach I took for Symantec Endpoint Protection and OneDrive except I use the dissect.cstruct module. That way, you can create a structure to walk through the file and adjust without having to rewrite a bunch of code. ☺️
@_JohnHammond A parser for this is in Dissect currently in review! github.com/fox-it/dissect…
@nas_bench FYI, a parser for these notepad files can be found here! github.com/fox-it/dissect…
had a great time presenting our #FortiGate firmware decryption journey at #hackerhotel recording can be found here: media.ccc.de/v/hackerhotel-…
We created Skrapa, a zero dependency and customizable Python library for scanning Windows and Linux process memory. Harnessing memory attributes, Skrapa elevates your capability to explore patterns in memory. 🔍 blog.fox-it.com/2024/01/25/mem…
So yes, we really did exploit an car IVI to run a playable doom, complete with touchscreen interaction!
Confirmed! NCC Group EDG (@NCCGroupInfosec, @_mccaulay, and @alexjplaskett) successfully used a 2-bug chain against the Alpine Halo9 iLX-F509. Style points for playing DOOM on the device! #Pwn2Own
not sure that its the same post-auth as the itw pulse secure exploit, but its *an* RCE 😛 Still need an auth bypass ..
created a small Python parser for the Microsoft NRBF format, @foxit flow.record output supported of course ;) github.com/sud0woodo/nrbf
Read our latest blog to find out how our Security Research Team reverse-engineered Windows Defender to uncover previously undocumented artefacts, which can now be recovered using Dissect! blog.fox-it.com/2023/12/14/rev…
Trends for United States
You might like
