blackorbird
@blackorbird
Followers
29,877
Following
629
Media
1,013
Statuses
2,257
Peace and Love. Just Analysis/Hunter. #APT #threatIntelligence #Exploit #CTI Need Job
Joined February 2016
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Brazil
• 1115918 Tweets
Elon Musk
• 704860 Tweets
Alexandre de Moraes
• 466558 Tweets
Sterling
• 244010 Tweets
Bluesky
• 205644 Tweets
Adeus Twitter
• 158314 Tweets
Politico
• 154986 Tweets
Xandão
• 153409 Tweets
#مولد_ولي_العهد
• 135912 Tweets
#BUS1stFANCON_KnockKnockKnock
• 88887 Tweets
Tchau
• 84171 Tweets
Temple
• 59559 Tweets
Caitlin Clark
• 52020 Tweets
VPNs
• 50126 Tweets
#SmackDown
• 36513 Tweets
ブラジル
• 33982 Tweets
Angel Reese
• 28799 Tweets
Michigan State
• 23155 Tweets
Oklahoma
• 20616 Tweets
O Santos
• 19970 Tweets
野菜の日
• 16670 Tweets
#INZM_30Mviews
• 16569 Tweets
Andrade
• 13408 Tweets
Djokovic
• 12058 Tweets
Pinned Tweet
2024 Threat summary report Collection (updating).
1
4
21
THREAT HUNTING PLAYBOOK
LEARN HOW TO EMBRACE A PROACTIVE SECURITY POSTURE
18
337
1K
CVE-2021-1732 Exploit
Windows Win32k Elevation of Privilege Vulnerability
Poc & Exp report:
2
290
647
#Lazarus
exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools.CVE-2024-21338
Beyond BYOVD with an Admin-to-Kernel Zero-Day
7
178
491
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
172.233.228[.]93
11
165
459
Phishing emails making use of the "search-ms" URI protocol handler to download malicious payload.
ClickOnce APT Group also use these technology.
<script>
window.location.href = 'search-ms:query=Review&crumb=location: \\\\domain
@SSL
\
2
164
422
Microsoft Office Remote Code Execution Vulnerability(CVE-2021-27059)
Internet Explorer Remote Code Execution Vulnerability(CVE-2021-27085)
0day(exploit) in the Wild But no one talk about it😅
3
197
397
Lazarus Group Launches First Open Source Supply Chain Attacks Targeting Crypto Sector.
They would invite the target to collaborate on a GitHub repository, containing malicious npm package dependencies which would then be used to compromise the victim.
NPM
2
171
386
New elevation of privilege Linux vulnerability : Nimbuspwn
4
126
359
A way to execute commands remotely within VirusTotal platform and gain access to its various scans capabilities.
2
104
318
DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)
exploit
report
2
161
299
2
152
294
IE(CVE-2020-0674)and Firefox(CVE-2019-17026)
#0day
Attack
#Darkhotel
#APT
last.tax-lab./net
cnnmedia.servepics./com
1
132
289
GhostDNS Source Code Leaked
Free internet scanner: BRUT
Attacking routers,Phishing server and web pages
A lot of certificate.
2
110
276
North Korean hackers exploits WinRAR vulnerability (CVE-2023-38831) to attack the digital currency industry.
wallet_Screenshot_2023_09_06_Qbao_Network.zip
report:
2
90
265
#APT
The CIA Hacking Group (APT-C-39) Conducts Cyber-Espionage Operation on China's Critical Industries for 11 Years
report:
3
122
258
#GhostWriter
Used CVE-2023-38831 to construct malware.
WinRAR 0day CVE-2023-38831
If you are using WinRAR, please make sure to update it.
2
72
173
3
86
243
Internet Explorer 0-day exploited by North Korean actor APT37
CVE-2022-41128: Type confusion in Internet Explorer's JScript9 engine
Sample
2
115
236
#Lazarus
CVE-2023-26369 Exploit: Adobe Acrobat PDF Reader RCE when processing TTF fonts
ref:
4
101
231
ThreatPursuit: Windows Virtual Machine for Threat Intelligence Analysts
0
84
222
#bluekeep
#cve20190708
#exploit
RDP from patch to remote code execution.pdf
from tecent keenlab
UAF -> heap spray -> get EIP
4
97
211
Collection: 2022 Annual Cyber Threat Research Report (Updating)
11
80
207
APT Groups Map from Microsoft Digital Defense Report 2022.
2
76
204
2023 APT RESEARCH REPORT
A new APT Group also appeared in this report called APT-C-57
ref:
1
79
200
Unknown
#APT
group
#DeadlyKiss
An advanced, rare and extremely evasion-oriented malware, which implements effective stratified obfuscation techniques and adopts many solutions dedicated to operate “under the radar”.
aim to first picture,like US,RU
lnk:
2
111
201
#ThreatHunting
#trainlesson
Hunting for Persistence in Linux
1: Auditd, Sysmon, Osquery (and Webshells)
2: Account Creation and Manipulation
3: Systemd, Timers, and Cron
4: Initialization Scripts and Shell Configuration
5: Systemd Generators
1
57
191
#APT28
used "Microsoft Edge" as a bootloader, TOR and mockbin[.]org/website[.]hook services as a control center.
Any requests sent to mockbin[.]org/website[.]hook URL will be logged instantly for testing webhooks and HTTP requests.
1
84
190
Approximately 15,495 Mongodb database servers were deleted. The attackers backed up and attempted to extort BTC. They also claimed to report GDPR if the victims did not pay.
16
84
179
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
1
66
175
WinRAR 0day CVE-2023-38831
If you are using WinRAR, please make sure to update it.
2
72
173
Lazarus infect blockchain engineers with novel macOS malware.
1
68
168
Zero-Day Usage by Country
#APT
#cyberweapon
The picture also lacks South Korea, and some countries purchased through Cyber weapon supplier.
Bet, there are definitely more 0day exploit weapons in the *** than this number.
Image from
#fireeye
4
88
165
The Top 10 Most Prevalent MITRE ATT&CK
Techniques Used by Adversaries
3
70
164
#APT
#Darkhotel
#0day
#WizardOpium
Chrome RCE to windows Privilege Escalation
First
Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
Then
Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium(Windows 7)
1
101
159
11 Problems ChatGPT Can Solve For Reverse Engineers and Malware Analysts
0
54
152
APT33 send a command to the backdoor in real time using SignalR.
4
49
145
1
65
145
1.
#Lazarus
Operation "Dream Magic"
Lazarus's process of inserting malicious links into specific articles from media, companies
2.Analysis Report on Lazarus Threat Group’s Volgmer and Scout Malwares
0
54
145
#Turla
C2 server
Reverse SOCKS proxy connection to the C2 using the configuration: R:5000:socks
0
52
140
Somebody want to join an twitter group about threat intelligence ? i want to create one,if you want to join ,please Press like
4
3
138
2
63
133
APT29 used Zulip servers(toyy[.]zulipchat[.]com) to establish a C2 connection, and to blend with legitimate web traffic.
DLL Sideloading:
Msoev.exe + Mso.dll & AppVIsvSubsystems64.dll
2
52
132
About
#Lazarus
2023 AML Annual Report
"They often use European and Turkish identities for disguise."
0
53
135
#Predator
Files: How European spyware threatens civil society around the world
Social media platforms were used to publicly target. The cyber-surveillance weapon used for targeting was an invasive spyware tool called Predator, which was developed and sold by the Intellexa alliance.
pdf:
0
17
36
1
36
132
#Oceanlutos
Use Three 0day exploits and lots of Nday exploits to attack china.
#caja
#arm
#mips
#golang
Use github repo WMIHACKER.
C2 command.
More ⬇️…
1
64
132
Analysing a NSO iOS Spyware Sample(
#blastpass
)
CVE-2023-41064 + CVE-2023-41061 + WebP Vulnerability CVE-2023-4863
REF:
0
35
132
Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile
1.Cloudflare R2 hosting phishing pages
2.Using Cloudflare Turnstile for evasion
3.Using redirects and URL parameters for evasion
4.Using Fingerprint BotD for evasion
1
51
132
Predator spyware IOCs update more more
0
37
126
#Lazarus
Dream Job Campaign Update.
#SocialEngineering
1.Telegram Add
2.Linkedin & Phishing(Fake) Website Keep
3.C2 servers Victims Logs
report
PDF
2
43
128
What the hell?
#Wordpress
suspected of being
#exploited
on a large scale? There are more than 50,000 wordpress websites in the original file.
http[:]//formfactset.org:8082/static/backdoorGood.txt
9
66
122
VMware vCenter RCE CVE-2021-21972
Update!
analysis:
poc:
/ui/vropspluginui/rest/services/uploadova
2
54
123
Microsoft Exchange ProxyNotShell Remote Code Execution Exploit
0
77
123
#LAZARUS
GROUP CAMPAIGN TARGETING THE CRYPTOCURRENCY VERTICAL
Favourite word:Google & Drive
report:
2
66
126
New Chrome 0day
CVE-2023-4863
I saw the person who submitted the vulnerability and wondered if it was related to Pegasus.
2
50
115
APT Operation/Group Mid-2022 Summary Report
#Oceanlotus
use tinyPortMapper forward traffic to Cobaltstrike sever , and New mips-architecture malware named "Caja" discovered on controlled devices(IOT/Linux).
3
50
115
SandWorm group's latest Operation
Android malware + Tor + Mirai +dropbear = Anonymous attack exploit chain
0
46
111
From Zero to Sixty: The Story of North Korea's Rapid Ascent to Becoming a Global Cyber Superpower
(from CrowdStrike)
PPT:
1
50
115
PNG Steganography Hides Backdoor : Malware authors rely on LSB encoding to hide malicious payload in the PNG pixel data, more specifically in LSB of each color channel (Red, Green, Blue, and Alpha).
1
47
112
Lazarus
#APT
groups exploiting a remote code execution vulnerability in Chrome:CVE-2022-0609.
#DreamJob
#AppleJeus
Report:
Exploit:
1
54
111
APT Intelligence telegram group , welcome
6
22
105
Key Findings: On average, command and control servers had a lifespan (that is, the amount of time the server hosted the malicious infrastructure) of 54.8 days.
ref:
2
40
110
Disclosing the BLOODALCHEMY backdoor
BLOODALCHEMY is a new, actively developed, backdoor that leverages a benign binary as an injection vehicle, and is a part of the REF5961 intrusion set.
5
43
109
#APT
#DarkHotel
Operation
#Higaisa
Targets China and NorthKorean and use Holiday blessing bait.
New Report:
PDF:
related
0
64
108
When victim visited certain websites not using HTTPS, a device installed at the border of network automatically redirected to a malicious website to infect phone with Cytrox’s Predator spyware.
Great analysis, help to find unknown mobile phone spyware.
NEW IOS Exploit chain:
WebKit browser engine (CVE-2023-41993) and the Security framework (CVE-2023-41991)
+
APIs and support for kernel extensions and kernel-resident device drivers. CVE-2023-41992)
Ref:
0
10
20
2
32
107
Operation Triangulation: The last (hardware) mystery
The mystery and the CVE-2023-38606 vulnerability/Technical details
2
36
106
