Ashley Shen
@ashl3y_shen
Followers
3,433
Following
967
Media
41
Statuses
690
Security researcher @TalosSecurity / Ex-Googler / Black Hat & HITCON Review Board / Organizer of @rhacklette41 . These tweets are my own not my employer's.
Zurich, Switzerland
Joined March 2012
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Maggie Smith
• 785844 Tweets
Netanyahu
• 622037 Tweets
Beirut
• 486962 Tweets
القادسية
• 423643 Tweets
Nasrallah
• 306100 Tweets
Zelensky
• 262196 Tweets
Harry Potter
• 211815 Tweets
Lali
• 201017 Tweets
بيروت
• 163760 Tweets
الزمالك
• 120127 Tweets
Acapulco
• 95699 Tweets
#الضاحيه_الجنوبيه
• 79155 Tweets
I-40
• 73039 Tweets
マクゴナガル先生
• 54231 Tweets
حامد
• 35722 Tweets
Van Gogh
• 29508 Tweets
Willie
• 27821 Tweets
Asheville
• 26536 Tweets
FONDEN
• 25808 Tweets
#حسن_نصر_الشيطان
• 18311 Tweets
Dortmund
• 15527 Tweets
Barcola
• 15406 Tweets
#السوبر_الافريقي
• 13565 Tweets
Bane
• 12104 Tweets
Pinned Tweet
🚨 We discovered that some versions of WeChat were vulnerable to CVE-2023-3420 due to the outdated V8 engine in Xweb. We reported this to the vendor in April. WeChat users should update to the latest version to stay secure. More details in
#vulnerability
0
25
49
After 3 years at Google TAG, I'm delighted to announce an exciting new chapter in my career. I'm joining
@TalosSecurity
to conduct threat intelligence research and counter threat actors. Looking forward to collaborating with brilliant minds and growing in this new adventure.
18
7
220
Slides from my talk presented today at
@CONFidenceConf
- Into the Fog - The Return of ICEFOG APT. Feedbacks and questions are welcome!
5
54
138
It was such a honor to present at the first ever
@pivot_con
! Also proud of myself for doing the panel ❤️ I had an amazing time there, perfect location, high quality talks and "my people"!! shoutout to the organizer team!! Thank you for the incredible job!
#pivotcon24
🎙️
@ashl3y_shen
talks about her research on Chinese mercenary group
#PoisonCarp
#EvilEye
. There is everything from tracking malware, C2 infra to rabbit holes and analytical mysteries 🥰
#PIVOTcon24
#CTI
#ThreatIntel
0
7
24
6
15
140
I will present a talk about malwares, exploits and attack incidents from DPRK this week at HITB GSEC! Stay tuned!
7
50
132
The Chrome 0day (CVE-2022-2856) that me and
@0xbadcafe1
found ITW is patched in the latest release. Update your Chrome to make sure you are protected.
1
41
120
Just received some cool swags. I was struggling between hoodie and toilet paper 😅 Thanks
@GoogleVRP
#BugBounty
5
4
112
Cookie theft is still a common account hijacking technique adopted by criminal groups. Have been tracking & disrupting this group with multiple security teams since I joined Google. Happy to share our results and finding in this blog.
4
27
103
So excited for the talk Alice in Kernel Land: Lessons Learned From the eBPF Rabbit Hole from
@scannell_simon
@chompie1337
@thatjiaozi
#BHASIA
0
13
90
Its hard to find a talk that’s novel, technical and inspiring at the same time but
@orange_8361
can always accomplish that. Definitely one of the best talk I have ever attended.
@hexacon_fr
0
4
90
🚨 New blog! We just published research on an APT41 campaign targeting a Taiwanese government-affiliated research institute. Great team work with
@joeychennogg
@_vventura
!!
#Shadowpad
#CobaltStrike
#APT41
1
33
96
Another great plugin released by Flare team. Recovering Stackstrings Using Emulation with ironstrings.
1
11
43
Finally our search is out. Spear phishing campaign targets Ukraine government. We reveals information about the suspected actor behind RATVERMIN.
0
20
42
I’m honored to be recognized as one of the "32 Influential Malware Research Professionals" in the new ebook of . Thank you
@Peerlyst
,
@chihebchebbi201
and to everyone who have supported me!
1
6
38
It was great to see everyone at the CTF crash course of
@rhacklette41
last night! Hopefully everyone learned something useful about reverse engineering! Looking forward to see you again in our next one and solve some challenges together 😃!
0
4
38
0
1
33
Having HITCON FOMO. It’s my honour to join the review board this year and I was impressed by the quality of submissions! Enjoy the conference!
#HITCONCommunity2023
#HITCONCMT2023
#HITCON
0
5
31
Attended my first
@Blackhoodie_RE
workshop and had a wonderful Android reversing training from
@maddiestone
. Also gave a lightening talk about "From Threat Intelligence to Pokemon Master". Thank you for everyone who make this weekend awesome!
1
6
31
@craghuprasad
and I published 2 new blogs about the Sugargh0st campaigns. We are tracking the group as Sneakychef, and named the new RAT found in the campaign SpiceRAT. The group is targeting a wider scope of government entities in EMEA and Asia.
#sugargh0st
#sneakychef
A Chinese-speaking threat actor has already targeted more than a dozen government agencies across the globe. More on
#SneakyChef
here
11
16
46
2
7
31
This is what we do in TAG and I'm proud of it.
Our threat intel teams continue to look out for and disrupt disinfo campaigns, hacking, and financially motivated abuse, and are working with other companies and relevant government bodies to address these threats.
8
37
250
0
1
31
Happy to have a chance to join this conference and present my research about the ICEFOG apt :)
3
3
30
So happy to join the blackhoodie training and seeing everyone again! 🥳 Thanks
@pinkflawd
@SynapticRewrite
for giving the reverse engineering training!
@Blackhoodie_RE
@reconmtl
3
1
28
This talk is awesome!!!! My fav talk this yaer at BlackHat / Defcon.
2
6
25
I have the honor of giving away two passes to the
@BlackHatEvents
Black Hat Asia conference! Priority goes to students and anyone who needs support to attend. PM me if interested.
#BHASIA
1
10
28
So excited and honoured to have this chance to share my research at the very first
#PIVOTcon24
in May!! Thank you to all the crews for organising! Looking forward to seeing all the brilliant people and research!
📢 Yes. It’s here. Absolutely mind blowing. The highlights of the
#PIVOTcon24
#agenda
.
You have goosebumps all over your bodies? Drrrrrrrrumrrrrrrrroll.. 🥁🥁🥁 Go ahead and check them out! We still have some tickets😉
#ThreatIntel
#CTI
🧵1/15
1
27
57
0
0
25
Slides for our talk in
@codeblue_jp
Cyber Threat Landscape in Japan – Revealing Threat in the Shadow
0
4
25
Thanks for everyone’s attention! Our slides is released, feel free to contact if there are any questions!
2
13
22
Just got back from my trip to
#BHASIA
and a vacation in Sabah 🏝️☀️ Met so many old and new friends and the talks were amazing! Thanks for everyone who came to our session it was such a heartwarming gathering and I’ve learned from you too! See you all next year!
0
1
23
Not a new tool but I just recently spent some time to fix the code and get it run. A very nice plugin.
1
4
21
First time in BlathatIL and Isreal. Both are awesome! Great talks and great people!
#BlueHatIL
1
1
21
Can’t believe it’s been 20 years 😬 we are calling for papers for both HITCON CMT in August and the Enterprise in October this time. Looking forward to see all the brilliant submissions!
#HITCON
#HITCONCommunity2024
#HITCONCMT2024
HITCON Community 2024 - Call for Paper
Theme: 20 Years of HITCON: Mind Meld Hacker Spirit from Human to AI
HITCON is celebrating its 20th anniversary this year, marking the evolution from underground gatherings to a renowned hacker conference over the past two decades. The
0
12
26
0
2
20
Monnappa KA talking about Evasive Hollow Process Injection, surprise to see Taidoor in the slide!
#BHASIA
1
9
17
Our research is finally out! So excited! Check out the report and visit our booth at
#BHUSA
to learn more about APT41!
1
2
19
I will be joining and sharing my experience of founding a women security community at the Women in Security Meet Up in Black Hat Asia on March 29. Welcome everyone to join!
#BHASIA
0
3
17
New research from TAG. Thats why I ignored a lot of messages from strangers.
New blog post from TAG with details of a North Korean campaign targeting security researchers working on vulnerability research and development.
Stay safe out there everyone!
33
1K
2K
1
0
18
The mastermind of exploit hunting
@_clem1
is going to speak at
@hexacon_fr
🤩! so looking forward!!
#HEXACON2024
Why bother looking for vulnerabilities when you can just peer over the actor's shoulder beside you? 🤓
@_clem1
is infamously known for being able to track APT's exploit toolkits and we are extremely grateful to have him talk about it as our opening keynote!
#HEXACON2024
2
21
78
0
1
18
Sharing the slides
@ReinforceMagic
and I presented for the Threat Hunting and Campaign tracking 101 session during HITCON 2020 CTI Village Workshop. The talk was only 65 mins but we tried to cover some interesting cases and insights.
3
5
18
This is finally happening 🥳! So proud to be part of the Rhacklette! Looking forward to all the upcoming events!
WoSec ZH becomes Rhacklette! In March we have officially joined
@defconch
. We are a group of FINTA people in security with the goal to create a protected space for gender minorities in the security industry in Switzerland. We look forward to meeting you in upcoming events.
2
7
12
2
1
17
This year HITCON are going to publish HIT"COIN", a cryptocurrency that you could use on the booths and participating the event. You will be receiving a cold wallet badge to save your HITCOIN.
0
3
17
Black Hat Asia is around 10 days away! I have the honor of giving away two Live Event- Briefings Only or Virtual-Only- Briefings Only passes to the conference! Priority goes to students and anyone who needs support to attend. PM me if interested.
#BHASIA
@BlackHatEvents
0
10
17
Join me,
@cyberMeeks
,
@Marmusha
and
@pink_tangent
at the “Crush It In Cyber: The Debugging Odysseys of Women in CyberSecurity” today at 12:55 pm in Business hall theatre A! We are going to share our journeys and the challenges we faced!
#BHASIA24
@BlackHatEvents
0
2
16
Come join our CTF training program and grow together! We will make sure this is fun for everyone with different levels of CTF experience!
🚀 Join us in Zurich for an exciting CTF training program! Boost your cybersecurity skills, solve challenges, and dive into the world of cybersecurity. Open to FINTA individuals in Rhacklette, all skill levels welcome! Register now by writing at rhacklette
@defcon
-switzerland.org
1
11
14
1
1
16
My first time presenting at
#sectorca
Don’t know much people here but it was fun! Thanks for evryone who came to my talk today! :)
0
0
14
Congratulations
@_clem1
for winning the epic achievement at the
@PwnieAwards
! The best exploit hunter I’ve known.
0
1
14
I was the first women in my company, where I do malware analysis to identify the attackers and help to defend against them. 🇹🇼
#WITBragDay
0
2
14
Great find!! The target regions of both campaigns also have overlap (UZ, KZ). Definitely worth to research on more potential connections between xCaon and SpiceRAT.
#spicerat
#sneakychef
#xcaon
Following the excellent work from
@TalosSecurity
@ashl3y_shen
, we (
@threatinsight
@Myrtus0x0
@ozuriexv
) observed some similarities between
#SpiceRAT
and
#xCaon
, a backdoor found by
@_CPResearch_
linked to IndigoZebra active in the same regions as SneakyChef/UNK_SweetSpecter
2
17
63
1
2
14
Will be my first time speaking in Poland :)
#SPEAKER
ANNOUNCEMENT 📢
@ashley_shen_920
from
@FireEye
Specializes in threat hunting, malware analysis, reverse engineering, and targeted attacks research. Co-founded “HITCON GIRLS” – the first security community for women in Taiwan.
Full agenda here
0
0
3
0
0
12
Will be speaking about my ICEFOG research in RESET conference next week in London!
#RESET2019
0
2
13
Want to solve some smart contract challenges? Come to see us at
#HITB2019AMS
HITCON GIRLS will be holding a smart contract challenge at
#HITB2019AMS
. We will be in Hapox at beurs van berlage during May 9 and 10. Try to solve the challenge and win some coins with us!
0
7
14
0
7
11
Just finished my talk in
@CONFidenceConf
! Slide will release soon. Conference in the Polish aviation museum. Really cool!
0
2
13
The schedule for Black Hat Asia 2023 is now live! It's truly an honor to have served on the review board for 7 years now, and I'm blown away by the number of outstanding submissions we received this year! Check out the lineup of talks here:
#BHAsia
0
0
12
very detailed comparison between Bindiff and Diaphora! great work
@marcos_alvares
!
"Comparative analysis between Bindiff and Diaphora - Patched Smokeloader Study Case"
#smokeloader
#bindiff
#diaphora
1
4
16
0
1
12
Love this pic!
Next up is
@ashley_shen_920
discussing ICEFOG (first reported by
@kaspersky
) - is it a malware family? Is it a threat group? No public reporting since 2014 - what happened?
#FireEyeSummit
1
3
23
1
0
12
Read about SneakyChef espionage group targets government agencies with SugarGh0st and more infection techniques here
#sneakychef
#sugargh0st
0
2
11
Another amazing HITCON is happening this year! Looking forward to see all your outstanding submissions! Haven’t booked the flight but I will most likely be there! Feel free to reach out for a meetup 😊
#HITCON
#HITCONENT2023
【HITCON Enterprise 2023 Call For Paper】
🚀HITCON ENT 2023 theme: Automation Security Ascendancy: Systematic Evolution to Maturity.
Our CFP system is also available now.
🌐
#HITCON
#HITCONENT2023
0
2
1
0
0
11
ESTsecurity discovered a spear-phishing campaign leveraging mobile app to target Korea cryptocurrency exchange users.
#REAPER
#APT37
#Geumseong121
#RedEYE
#Group123
1
4
10
Thanks for referencing our SugarGh0st blog! The target is indeed very interesting. It is also interesting that they kept using the old domain for months after we published the blog and only have a new domain for the recent campaign.
Artificial intelligence research is of high value to adversaries.
@Proofpoint
recently identified a SugarGh0st RAT campaign targeting US-based organizations involved in AI efforts, including those in academia, private industry, and gov't service.
Brief: .
1
7
21
2
1
10
I enjoyed my time a lot at BlueHatIL so I’m really excited to join the CAB of BlueHat Shanghai. CFP is open until March 31. Dont miss your chance to speak at the very first BlueHat in Asia.
#BlueHat
The CFP for
#BlueHat
Shanghai is now open! See our blog for details about the event and some topic suggestions from our CAB.
@ashley_shen_920
@AsuNa_jp
@csima
@long123king
@HuihuiG
@epakskape
@MJ0011
@zer0mem
@vinnieliu
@yongchuank
@tinkerzf
@lovesuae
1
16
29
0
0
10
Dear Black Hat Asia CFP submitters, my tip for beating 50% competitors is: DONT BE LAZY.
2
1
10
Yesterday I finally got a chance to join
@wicca_NL
. The CTF was a lot of fun. Thanks for holding this event.
What an awesome hack the bank CTF evening organised by
@ingnl
!! 🎉🤗 So great to meet so many amazing women! Thank you all for making this possible and see you next time!! ❤️
#infosec
#womenintech
2
8
24
0
4
9
How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
@orange_8361
#TaiwanNo1
0
3
8
@pink_tangent
@shehackspurple
@Ch33r10
@DamskyIrena
@k3r3n3
@cbelle1234
@k8em0
@hasherezade
@Reutooo_
@chenxiwang
@Caiwrote
@hacks4pancakes
@shortxstack
@m49D4ch3lly
@find_evil
@evacide
@drjessicabarker
@jessfraz
@fl3uryz
@JaneFrankland
@TheSweetKat
@Fox0x01
@0x736A
@malwareunicorn
@ajohnsocyber
@pjarmstrongaz
@s1r3nn
@InfoSecSherpa
@B1N2H3X
@HeatherMahalik
@sibertor
@7ur7l3_61rl
@tootsierollpop8
@InfoSystir
@pvineetha
@binitamshah
@mzbat
@winter_heidi
@gadgetsquirrel
@kellymsheridan
@pamoshea
@NoushinShbb
@MlleLicious
@kylieengineer
@O3Awesomesauce
@kavyaracharla
@ItGresa
@limbagoa
Thank you! <3
0
0
9
To those in the Switzerland, join our community event in Zurich on June 15th to listen amazing lighting talks from Google Women in Engineering group! (English talks will be in the afternoon!)
1
6
9
@_vventura
and
@hunterbr72
did an amazing research on reversing NIM binary and developed FLIRT signature to make our life easier.
@reconmtl
0
2
8
Spoiler alert! We will have another CTF training with
@rhacklette41
this Sunday to solve some other reversing challenges on hack the box! This time we will be also doing medium level challenge with windows binary so have your VM ready!
🚀Join us and learn how to solve CTF challenges!
📚We will meet once a month and cover a variety of CTF topics, including but not limited to: Web security, RE, Binary exploitation, Forensics, Crypto.
Each session will include a mix of lecture, hands-on exercises, and discussion.
1
8
13
0
2
8
Excellent research!
@Saif_Sherei
@IanKronquist
@phillip_misner
@msftsecresponse
@SecurityBeard
@r00tbsd
@TalosSecurity
@vanhoefm
@patrickwardle
DPRK's eyes on mobile Spying on North Korean Defectors w/
@boinya
@binerdd
from
@McAfee
#OPCDE2018
2
10
12
0
1
7
Still love my design after 3 years :)
0
2
5
1
0
7
Looking forward to speak at Code Blue again!
An annual international cybersecurity conference
@codeblue_jp
is just around the corner! It’s held in Tokyo on October 29 and 30. The speakers include
@andrewfutter
@allanfriedman
@SungtingTsai
@ashley_shen_920
Hikohiro Y Lin.
0
2
4
0
1
7
We are going to have our first training event soon! So excited 🥳
Join us for our 2 trainings on Web App Pentest 101 on 6th and 10th July after work: How to do a Pentest and what are the challenges of a Security Consultant? Open to FINTA individuals. Register now by writing at rhacklette
@defcon
-switzerland.org
1
5
7
0
0
7
Excellent research from
@vladhiewsha
and
@benoitsevens
about the initial access broker with ties to Conti.
0
0
7
Thanks for the photo! Lol
In few minutes
@CONFidenceConf
starts here at Krakow (Poland) Ashley, from FireEye, is making a last minute checking at track 2.
#confidence
#conference
#cybersecurity
0
1
11
0
0
6
Thank you
@apnic
for the awesome article of HITCON GIRLS!
Hacker communities like Taiwan's HITCON GIRLS r encouraging women to get into
#CyberSecurity
#TWSeries
#womenintech
0
13
15
0
2
6
Good to see Chrome is implementing more mitigation to the cookie theft attack. Although malware will still be able to do process injection to bypass the mitigation but pushing this to a more detectable behaviour is also a progress!
#chrome
#cookietheft
With Chrome 127 on Windows, we're introducing enhanced encryption to protect sensitive data, starting with your cookies🍪! This helps protect your personal information and keeps your online accounts secure from hackers. Read more about this protection:
16
141
364
0
0
6
Thanks!
0
2
10
0
2
6
Lol
New Blog Post - How I forced a Chinese threat actor to help me with a campaign's attribution by adding it to a new "Taiwan" tab in my APT group mapping spreadsheet
37
203
698
1
1
6
It's always awkward to watch myself speaking.
VIDEO: Details of attacks targeting multiple banks, ATMs & Bitcoin services plus the malware, vulnerabilities discovered, and future mitigations presented at
#BHASIA
2018
0
24
48
1
1
6
Thanks Marcin :)
0
0
6
The research began with detecting abnormal PowerShell commands downloading additional scripts and Cobalt Strike. Interestingly, the threat actor used the “quser” command to avoid operating with other users simultaneously.
#APT41
#cobaltstrike
1
1
6
@MadelineS_M
@Grifter801
@thedarktangent
@pink_tangent
@pamoshea
@raistolo
@rachidharrando
@monnappa22
@AsuNa_jp
@darkfloyd1014
You need a new phone lol
0
0
5
Cool stuff, thanks
Interesting
#Mirage
/
#MirageFox
sample 🇨🇳:
af8aa745ba47a4a85f513979cc9e2196 . Signed using fake
@kaspersky
cert. Compiled 30 Nov 2015 13:07:28 UTC
Looks like an operator sets C2 at runtime
./sample.exe [C2 Server] [Port]
(cc:
@ashley_shen_920
)
2
22
51
0
0
5
In addition to Bitdefender’s Crash Handler being abused by Shadowpad, we found Microsoft Office IME binary was also exploited. For privilege escalation, the threat actor crafted a custom loader to inject CVE-2018-0824 code.
#exploit
#shadowpad
0
1
5
Really interesting research revealing the false flag campaign from
#YoroTrooper
!
Talos assesses with high confidence that the
#YoroTrooper
threat actor likely consists of individuals from Kazakhstan. But that hasn't stopped them from covering their tracks and disguising their origins. More on this threat actor in our latest blog
1
8
16
0
1
5
Awesome material for learning reverse engineering! I love all the GIF picture and the unicorn! :)
0
1
5