Yun @YunZhengHu
Joined May 2011-
Tweets720
-
Followers374
-
Following692
-
Likes5K
Attention: we are sharing a one-off special report on Cactus ransomware group campaign targeting Qlik Sense (data viz & business intelligence tool): shadowserver.org/what-we-do/net… 2894 IPs found vulnerable to CVE-2023-48365 91 IPs found compromised by Cactus ransomware group
The xz package tar's were backdoored. Only discovered because the backdoor slowed down sshd enough for Andres Freund to investigate. Consider the case where the backdoor didn't cause perf issues... How long would this have gone undetected? openwall.com/lists/oss-secu…
🚀 Our open-source Dissect project now supports reading Fortinet firmware files! 🛡️ Easily mount, browse or dump FortiGate firmware files hassle-free with Dissect. No extra steps needed! #Dissect #Fortinet #FortiGate #Firmware github.com/fox-it/dissect…
Discover the latest insights on Blister malware in our new blog. We examine past payloads and delve into recent developments. 🕵️♂️🩹 #BlisterMythic #Blister blog.fox-it.com/2023/11/01/pop…
We hypothesize that the adversary patched this authentication bypass using the implant by returning a 404 whenever the request URI contains a percent sign. In other words, the implant ensured nobody other than the initial actor would be able to compromise the Cisco device. [2/2]
🙋♂️Update! With Cisco IOS XE CVE-2023-20198 exploitation details now public, we're releasing our Suricata rules. These rules monitor for a percent-encoded-percent which can be used to bypass authentication on unpatched Cisco IOS XE devices. github.com/fox-it/cisco-i… [1/2]
🚨IMPORTANT🚨 We have observed that the implant placed on tens of thousands of Cisco devices has been altered to check for an Authorization HTTP header value before responding [1/3]
🚨Fox-IT and @DIVDnl have revealed that a exploitation campaign targeting Citrix NetScalers has backdoored approximately 2K NetScalers worldwide! Check your NetScalers for indicators of compromise, even after patching CVE-2023-3519!🔒 🔗blog: blog.fox-it.com/2023/08/15/app…
New blog post about scalable forensics timeline analysis using Dissect and Timesketch zawadidone.nl/scalable-foren…
In this blog post, we share our research on version identification of Citrix ADC and Gateway servers and how we measured the update adoption on the internet for CVE-2022-27510 & CVE-2022-27518, two critical CVEs with a CVSS v3 score of 9.8 blog.fox-it.com/2022/12/28/cve…
Merry Christmas 🎄! Here’s a new 13Cubed episode about Dissect -- a powerful, now open source, IR framework. Enjoy! youtube.com/watch?v=A2e203… #DFIR #forensics
@forensic_matt @foxit Been using dissect.cstruct in projects the last two, three years. Pretty output also.
Join us for a webinar on Dissect, Fox-IT’s in-house developed enterprise-scale forensics framework for data acquisition and analysis. It has enabled our IR practice to push its capabilities, increase its speed and provide more value to our customers.event.on24.com/wcc/r/3910820/…
#flareon9 is happening. Let your family know you'll miss them. mandiant.com/resources/anno…
The flow analyzer myself and @Bazumo wrote for ICC 2022 is now finally public! It comes out of the box with fancy Attack/Defence features, like Suricata integration, traffic tagging, automatic exploit generation, and more! github.com/OpenAttackDefe… #icc_games
When you find out that your name is a valid Cobalt Strike stager URI 😂
Blog: A brief look at Windows telemetry: CIT aka Customer Interaction Tracker by @Schamperr Includes code to parse the CIT database which is in Windows version until at least version 7 and is further source of forensic data. research.nccgroup.com/2022/04/12/a-b…
RIFT Blog: Mining data from Cobalt Strike beacons, by @YunZhengHu It includes the open-source release of our historical Beacon dataset (2018-2022) and Python library called dissect.cobaltstrike for dissecting and parsing Cobalt Strike related data. research.nccgroup.com/2022/03/25/min…
Francisco Dominguez @FSDominguez
1K Followers 691 Following Has been dabbling for a while in offense & defense. Information should be free.Fox-IT @foxit
15K Followers 315 Following IT-Security company creating special security, intelligence and forensics solutions. Fox-IT is part of NCC Group.𝗥𝗼𝗻𝗮𝗹�.. @cryptoron
18K Followers 3K Following Cyber Security / Hunt & Hackett / Ooit NFI/AIVD/Fox-IT/TIB/OVV/Kiesraad. Maakte podcast Cyberhelden. Zeilt nu een rondje rond de wereld.Ollie Whitehouse @ollieatnowhere
5K Followers 1K Following CTO @NCSC Former: PortSwigger, Interrupt Labs, NCC Group, BlackBerry, Symantec and AtstakeRickey Gevers @UID_
9K Followers 4K Following Exposed Russian, Chinese, Iranian & Indian state sponsored hackers. Founded @waarneming & @scatsec. Currently @RespondersNU. 4.669; 3.14159.Wouter Jansen @www0ut
212 Followers 444 FollowingBeefy_tires @Beefy_tires
11 Followers 192 FollowingNaman Devnani @naman_devnani
332 Followers 5K Following Security Researcher | Purple Team | Bug Hunter | CTF Player | Science & Tech Enthusiast | R&D | All-Source Intelligence | CAP | DCSP | TTIA | BCDESloan Golemba @SlGolemba
61 Followers 5K Followingsh4dy @sh4dy_0011
485 Followers 943 Following Student (Chemical Eng.) at IIT Roorkee| Reversing ,Low-Level Programming, AI | Learning Kernel and Browser PwnSarah Marie @SarahMarie99888
104 Followers 3K FollowingMelissa @wilson_melissa4
113 Followers 3K FollowingMax @Max36757436
9 Followers 126 FollowingPeataez @peataez71799
5 Followers 861 Following Follow me, maybe it's the beginning of our fate, we can talkPixelPirate @PirateGazer
22 Followers 95 FollowingZemmi @ZemSEC
3 Followers 51 FollowingMatt Davis @Monkey00Magic
3 Followers 30 Followingjaychouzzk @jaychouzzk
24 Followers 786 FollowingErwin Huggers @ehuggers
106 Followers 417 Following Officieel account. Zonder blauw vinkje... met veel retweets... veel rood/wit van PSV... ergert zich groen en geel... soms oranje, wat humor...Jeff Collee @jeffcollee
95 Followers 264 FollowingE=mc² @EmilioMacesic
122 Followers 738 Following You only live once, but if you do it right, once is enoughThreatAlertNL @ThreatAlertNL
24 Followers 433 Followingtwsqwtggxcgs @twsqwtggxcgs
0 Followers 153 FollowingOscar @Oscarvanos
63 Followers 202 FollowingAlexkvw @Alexkvw
3 Followers 19 FollowingPjiet1337 @pjiet1337
0 Followers 124 Followingmargitcommit @margitcommit
12 Followers 54 FollowingLennaert @lennaert89
2K Followers 3K Following Interested in #infosec #hacking #osint #dfir #bugbounty! Security Analyst @zerocopter Head CSIRT @divdnl @hacknotcrime Advocate Aut viam inveniam aut faciam.Ralph Horn @0xgan
85 Followers 600 Following Data nerd lost in Cyber Teamlead CSIRT @divdnl Incident Responder @Northwave_Sec Membership: @curatedintel Interested in #infosec #hacking #osint #dfir #ctiAkhil Rapelly @rapelly11akhil
355 Followers 5K Following We hack to protect. Cybersecurity Consultant/Security Researcher/InfosecJD Franke @franke_jd
0 Followers 55 FollowingRandy B @texasaggie1
2K Followers 1K Following Husband. Dad. Businessman. Texan. Technology geek. Cybersecurity expert. CEO of tekRESCUE & tekRESCUE Digital.Ryan Butler @Ryan_C_Butler
842 Followers 625 Following Principal Cloud Services Architect with @ahead doing all things DevOps and automation. Citrix Technology Professional x3 (CTP) 19-21ice @ice98079542
105 Followers 2K FollowingB1Z#3PT#3B35T @3b35t
6 Followers 357 Following The person who thinking too hard and have fun with it.makelaris @makelariss
1K Followers 2K Following I breathe content. 🏴 CTF Technical Manager @hackthebox_eu. Opinions are my own. he/himwh0am1 @security_sesha
2K Followers 3K Following Script Kiddie. OSWE | OSCP | CISSP. Tweets or likes are my bookmarks to access those on PC, mobile or in transit. https://t.co/2Z5GLioDFhTheVamp @TheHaloVamp
513 Followers 1K Following Reversing, hacking, cracking, coding, caffeine junkie, OSCP, ALLES! - CTF Member | [email protected]Dario Candia @DarioLp8
269 Followers 4K Following Ciberseguridad/SOC/Blue Team/Investigador/ Threat Intelligence/Bonan Ruan @ImmerzZ
75 Followers 622 Following Ph.D. student in NUS (Cybersecurity). Opinions are my own.shshp @shshp4
0 Followers 5K FollowingMorty @MortyJin
70 Followers 895 Followingx+y+z=0 @flyawaytang520
2 Followers 219 Followingcrazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not groupMoshe Ben Abu @mtrancer
1K Followers 1K FollowingFlorian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Francisco Dominguez @FSDominguez
1K Followers 691 Following Has been dabbling for a while in offense & defense. Information should be free.Fox-IT @foxit
15K Followers 315 Following IT-Security company creating special security, intelligence and forensics solutions. Fox-IT is part of NCC Group.𝗥𝗼𝗻𝗮𝗹�.. @cryptoron
18K Followers 3K Following Cyber Security / Hunt & Hackett / Ooit NFI/AIVD/Fox-IT/TIB/OVV/Kiesraad. Maakte podcast Cyberhelden. Zeilt nu een rondje rond de wereld.Nicolas Krassas @Dinosn
122K Followers 735 Following Head of Threat & Vulnerability Mgmt @ Henkel AG & Co. KGaA https://t.co/NC1orlKrW3Andrew Thompson @ImposeCost
34K Followers 1K Following Head of Research and Discovery @Mandiant/@GoogleCloud. Understanding and countering adversaries. Posts attributable to me—not my employer.bert hubert 🇺🇦 @bert_hubert
4K Followers 467 Following Voormalig toezichthouder, schrijft stukjes, nerd, amateur wetenschapper, techneut @Kiesraad, 🇪🇺 English: @bert_hu_bert, https://t.co/iOONLS8qMQDirk-jan @_dirkjan
25K Followers 173 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.ESET Research @ESETresearch
32K Followers 30 Following Security research and breaking news straight from ESET Research Labs.Ollie Whitehouse @ollieatnowhere
5K Followers 1K Following CTO @NCSC Former: PortSwigger, Interrupt Labs, NCC Group, BlackBerry, Symantec and AtstakeTroy Hunt @troyhunt
228K Followers 1K Following Creator of @haveibeenpwned. Microsoft Regional Director. Pluralsight author. Online security, technology and “The Cloud”. Australian.Alex Plaskett @alexjplaskett
9K Followers 590 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.13Cubed @13CubedDFIR
6K Followers 0 Following The official Twitter account for 13Cubed. Follow @davisrichardg for my personal account.Wouter Jansen @www0ut
212 Followers 444 FollowingJan-Jaap Oerlemans @jjoerlemans
4K Followers 840 Following Bijzonder hoogleraar Inlichtingen en Recht & universitair docent Strafrecht | Universiteit Leiden | Cybercrime | Cybersecurity | Digitale onderzoekenShadowserver @Shadowserver
18K Followers 0 Following Our mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. Join our Alliance!Grafana @grafana
59K Followers 135 Following #GrafanaCON 2024 talks are now available on our YouTube channel. Click the link to start streaming.EdgeDB @edgedatabase
5K Followers 0 Following A maglev for your data. Discord 👉 https://t.co/SdR2EWdzP7 Join the hackathon 👉 https://t.co/aXytM4irmxCraig Rowland - Agent.. @CraigHRowland
7K Followers 289 Following Agentless Linux security and incident response. Linux malware, digital forensics, intrusion detection, and long nights. Founder @SandflySecurity.Maurice Heumann @momo5502
12K Followers 194 Following 🐍 DRM Developer & Reverse Engineer. My girlfriend rates me 4/5 stars.runZero, Inc. @runZeroInc
2K Followers 7 Following Introducing runZero (formerly Rumble Network Discovery) Unmatched network visibility and asset inventory. Zero unknowns on your network. Try runZero for free.3 Body Problem @3body
12K Followers 12 Following They are coming. 3 Body Problem is now playing on Netflix.Sophia 🦊 @spookphia
10K Followers 1K Following Professional Script Kiddie 🤓 • GT86 & MK1 MX5 🏁 • @Security_Queens co-founder 👑 • Cyber Hunter @Hunted_HQ 🕵• @LHS_Chelt Admin 💚 • Views are my ownMistral AI @MistralAI
91K Followers 0 Following Fast, open-source and secure language models. Join us https://t.co/INALdNGvCPCisco Talos Intellige.. @TalosSecurity
48K Followers 172 Following The Official Twitter account of the Cisco Talos Intelligence Group. Support requests: https://t.co/LGrHyYbolXIs Now on VT! @Now_on_VT
1K Followers 292 Following Get notified when interesting APT/FIN indicators of compromise appear on https://t.co/Sb3PFMresB. A threat intelligence project by @craiuMatthew @embee_research
12K Followers 1K Following Malware Researcher & Reverse Engineer | Creating and Sharing Educational Cyber ContentKim Dotcom @KimDotcom
1.6M Followers 19K Following Entrepreneur, Innovator, Gamer, Artist, Internet Freedom Fighter & Father of 6Tucker Carlson @TuckerCarlson
12.8M Followers 1 FollowingPaul Ford @ftrain
48K Followers 3K Following Co-founder @aboard, often at @WIRED. https://t.co/okso6318TX, other places, etc.Mitchell Hashimoto @mitchellh
113K Followers 136 Following Working on a new terminal. 👻 Prev: founded @HashiCorp. Created Vagrant, Terraform, Vault, and others. Passionate about indie software.Jeff Collee @jeffcollee
95 Followers 264 FollowingThe PyPy Project @pypyproject
8K Followers 60 Following The developers of the PyPy project: a fast, compliant Python interpreter.Python Software Found.. @ThePSF
651K Followers 132 Following The nonprofit organization behind the Python programming language. For help with Python code, see https://t.co/XDHPttz2Xv On Mastodon: @[email protected]Oscar @Oscarvanos
63 Followers 202 Followingmsm @MsmCode
2K Followers 64 Following Malware analyst. Cofounder of @p4_team, ALL opinions are of my employers, cats and friends. [email protected]Lennaert @lennaert89
2K Followers 3K Following Interested in #infosec #hacking #osint #dfir #bugbounty! Security Analyst @zerocopter Head CSIRT @divdnl @hacknotcrime Advocate Aut viam inveniam aut faciam.margitcommit @margitcommit
12 Followers 54 FollowingRyan Butler @Ryan_C_Butler
842 Followers 625 Following Principal Cloud Services Architect with @ahead doing all things DevOps and automation. Citrix Technology Professional x3 (CTP) 19-21Md Ismail Šojal @0x0SojalSec
22K Followers 4K Following Cyber_Security_Researchers || 0SINT || Digital Forensics System Analysis / incident Response II Pwn || GH0ST_3xP10iT || 0ld Accounts Suspended @0xSojalSec ||Zhuowei Zhang @zhuowei
34K Followers 197 Following link in bio ⬛⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩 ⬛⬛⬛⬛🟩🟩🟩🟩🟩🟩🟩🟩 ⬛⬛🟧⬛🟩🟫🟫🟫🟫🟫🟫🟩 ⬛⬛🟧⬛🟫🟫🟫🟫🟫🟫🟫🟫 ⬛⬛🟧🟧🟫🟧🟩🟧🟧🟩🟧🟫🟧 ⬛⬛🟧🟧🟫🟧🟫🟧🟧🟫🟧🟫🟧 ⬛⬛⬛🟧🟧🟧🟧🟧🟧🟧🟧🟧🟧 ⬛⬛⬛🟩🟩🟧🟧🟫🟫🟧🟧🟩🟩 ⬛🟫🟫🟫🟫🟫🟧🟧🟧🟧🟩🟩🟫 🟫🟫🟧🟫🟫🟫🟫🟩🟩🟩🟩🟩🟧 🟫🟧🟧🟧🟫🟫🟧🟫🟫🟩🟩🟧🟧TheVamp @TheHaloVamp
513 Followers 1K Following Reversing, hacking, cracking, coding, caffeine junkie, OSCP, ALLES! - CTF Member | [email protected]Jelle Niemantsverdrie.. @jelle_n
1K Followers 2K Following Dad x2. National Security Officer at Microsoft. Aims for invisible and human-centered security. Public speaker. Chicago Booth MBA. AI MSc. Rower/runner/reader.Lupe Laaw @1LupeLaaw
26 Followers 904 Followingcrazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not groupMorty @MortyJin
70 Followers 895 FollowingBonan Ruan @ImmerzZ
75 Followers 622 Following Ph.D. student in NUS (Cybersecurity). Opinions are my own.heige @80vul
11K Followers 1K Following (a.k.a. SuperHei) The Leader of KnownSec 404 Team ( ZoomEye https://t.co/fzvFAp6uxG SeeBug https://t.co/ldKpbhF9gg KCon https://t.co/46w4vX766n),Team: 0x557Wouter @wgeurtzen
162 Followers 156 Following product manager @FoxIT, web enthousiast, tennis fanaticjolmos @sha0coder
1K Followers 404 Following I like to create useful things, and sometimes not that useful things just for fun.Michael @aelonius
254 Followers 782 Following #BlueTeam | #CyberSecurity Analyst | Always seek how can we be & do better. I am a fierce supporter of independence around the world. Tweets are my own.Dave Maasland @DaveMaasland
4K Followers 3K Following Connecting & inspiring people to create a safer, digital world | Passion for IT Security | CEO @ESETNLJаsper 🚴🏳️�.. @Saszper
107 Followers 990 Following @[email protected] | DFIR & reversing pleb | digital privacy advocate | 🍞 lover | he/him or they/themSteffen Moorrees @morris2009
288 Followers 184 Following Technical lead Forensics & Incident Response @ Fox-ITKaitai Project https:.. @kaitai_io
2K Followers 896 Following Kaitai Struct: declarative language to generate binary data parsers — https://t.co/gM1LiZYNBATom van Veen @tom_vanveen
135 Followers 221 FollowingNew Blog: Sifting through the spines: identifying (potential) Cactus ransomware victims research.nccgroup.com/2024/04/25/sif…
This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Qlik Sense servers for initial access. blog.fox-it.com/2024/04/25/sif…
Attention: we are sharing a one-off special report on Cactus ransomware group campaign targeting Qlik Sense (data viz & business intelligence tool): shadowserver.org/what-we-do/net… 2894 IPs found vulnerable to CVE-2023-48365 91 IPs found compromised by Cactus ransomware group
We have been reverse engineering the XZ Utils backdoor and are sharing some initial findings: we've identified multiple hooking options to adapt to different environments, and a hardcoded fake public key that can appear in verbose SSH logs depending on attacker-controlled flags.
Want more epic Linux hack content? This was my go to for "real APT on Linux content" posted in 2021 and the author hasn't posted since... @IgorBog61650384 you ok? igor-blue.github.io/2021/03/24/apt…
The xz package tar's were backdoored. Only discovered because the backdoor slowed down sshd enough for Andres Freund to investigate. Consider the case where the backdoor didn't cause perf issues... How long would this have gone undetected? openwall.com/lists/oss-secu…
🚀 Our open-source Dissect project now supports reading Fortinet firmware files! 🛡️ Easily mount, browse or dump FortiGate firmware files hassle-free with Dissect. No extra steps needed! #Dissect #Fortinet #FortiGate #Firmware github.com/fox-it/dissect…
Check out our latest blog where we pluck the feathers off Android Malware Vultur's latest variants, revealing its most recent developments in masquerading malicious activity and how it maximises remote control over infected devices. blog.fox-it.com/2024/03/28/and…
@noperator @bishopfox Support for this was added to Dissect earlier this year, with all current encryption keys added last week (#568)! Unfortunately the described method in the blog doesn’t work as well for other processor architectures. github.com/fox-it/dissect…
@_JohnHammond Great walkthrough! That’s the same approach I took for Symantec Endpoint Protection and OneDrive except I use the dissect.cstruct module. That way, you can create a structure to walk through the file and adjust without having to rewrite a bunch of code. ☺️
@_JohnHammond A parser for this is in Dissect currently in review! github.com/fox-it/dissect…
@nas_bench FYI, a parser for these notepad files can be found here! github.com/fox-it/dissect…
had a great time presenting our #FortiGate firmware decryption journey at #hackerhotel recording can be found here: media.ccc.de/v/hackerhotel-…
We created Skrapa, a zero dependency and customizable Python library for scanning Windows and Linux process memory. Harnessing memory attributes, Skrapa elevates your capability to explore patterns in memory. 🔍 blog.fox-it.com/2024/01/25/mem…
So yes, we really did exploit an car IVI to run a playable doom, complete with touchscreen interaction!
Confirmed! NCC Group EDG (@NCCGroupInfosec, @_mccaulay, and @alexjplaskett) successfully used a 2-bug chain against the Alpine Halo9 iLX-F509. Style points for playing DOOM on the device! #Pwn2Own
not sure that its the same post-auth as the itw pulse secure exploit, but its *an* RCE 😛 Still need an auth bypass ..
created a small Python parser for the Microsoft NRBF format, @foxit flow.record output supported of course ;) github.com/sud0woodo/nrbf
Read our latest blog to find out how our Security Research Team reverse-engineered Windows Defender to uncover previously undocumented artefacts, which can now be recovered using Dissect! blog.fox-it.com/2023/12/14/rev…