taha
@lordx64
Followers
7,059
Following
4,758
Media
36
Statuses
544
I blog about exploits & malware here : maintainer of Threat Intel Bot GPT all opinions are my own
Joined July 2009
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Elon
• 931256 Tweets
#गल_काटे_सो_कुफर_कसाई
• 170666 Tweets
Michigan
• 161554 Tweets
#UFC307
• 127040 Tweets
Vandy
• 120254 Tweets
Watch Sant RampalJi YouTube
• 119253 Tweets
Tennessee
• 112383 Tweets
Dodgers
• 107418 Tweets
Vanderbilt
• 84022 Tweets
Dark MAGA
• 81758 Tweets
トッキュウジャー
• 80796 Tweets
#BUS_KnockKnockKnock_Korat
• 74482 Tweets
Nico
• 73472 Tweets
Pereira
• 71472 Tweets
Bama
• 71222 Tweets
Ohtani
• 70989 Tweets
ドジャース
• 66207 Tweets
プリキュア
• 49368 Tweets
Khalil
• 47556 Tweets
Arkansas
• 37667 Tweets
DONBELLE ASAP RESURGENCE
• 36863 Tweets
Aldo
• 33358 Tweets
ポストシーズン
• 30748 Tweets
Bautista
• 26629 Tweets
Save Sanatan Dharma
• 26347 Tweets
Pennington
• 22963 Tweets
Ifigenia Martínez
• 18954 Tweets
Machado
• 18888 Tweets
京都大賞典
• 17903 Tweets
Poatan
• 14451 Tweets
大谷さん
• 14355 Tweets
山本由伸
• 11684 Tweets
Last Seen Profiles
Pinned Tweet
North korean hackers have the best looking dev github profiles out there
93
487
8K
Crypto game Munchables on Blast hacked for $63M.
Allegedly root cause of the exploit was the project’s hiring of a North Korean developer by the Munchables team. Four different devs hired are likely all the same person! This incident highlights the urgent need for verified
10
23
205
Imagine you are the threat actor behind xz backdoor and you have to explain to your boss why did you spent 6+months building something this complex that a single dude, reversed, documented exploited repurposed honeypoted dockerized in 24hours. This is a W
2
26
178
The
#intelligence
community has been alerted this weekend about a recent data leak on GitHub involving a .cn contractor reputed to have cyber espionage capabilities. The full scope of this incident is still under investigation.
Typically, leaks like these are scrutinized for
2
40
172
why did we assign a CVE and a CVSS Score to a backdoor? plus a backdoor that didn't exploit any vulnerability/ but social engineering + supply chain attack on a CI/CD. can someone explain ? who made that first call? I've been asking here for days here, but seems no one knows.
16
14
131
Related to this hack:
Crypto game Munchables on Blast hacked for $63M.
Allegedly root cause of the exploit was the project’s hiring of a North Korean developer by the Munchables team. Four different devs hired are likely all the same person! This incident highlights the urgent need for verified
10
23
205
1
2
103
sharing exploits is caring
(Exploit for 6.4 - 6.5 kernels)
Write up is in Russian (who can do a EN write up?)
9
17
79
@vxunderground
@wdormann
Sorry to ask but what is the password for Stuxnet 2.0? I need access plz
0
0
17
I then pivoted to look for other interesting stuff, it seems we have also CDR data in there, and
#ThreatIntelBot
was able to identify that format for me and provide me with a preview of this data. I will blurr some of the details here, but you got the idea.
0
3
16
The MiTM issue involving Meta is not a recent occurrence from just last week. They did some wild things back in the days: "Facebook acquired Onavo in 2013 for a reported $200 million to use its VPN app to gather data about what people were doing on their phones."
1
4
16
@TrustWallet
hey
@TrustWallet
stick to the wallet business please, seriously though, who control your twitter account? please tell that person to just stop tweeting about this.
10
0
4
This is a cool writeup by kaspersky regarding the xz backdoor they covered a lot in this part 1, and part 2 is going to be released soon. I know when kaspersky look at something they always figure out a lot more. Excited to see what they come up with for this one.
0
0
12
@wdormann
I checked your link, so the majority seems to be actual vulnerabilities: configuration issues, weak cryptography, implementation mistakes etc, that if an attacker analyze the device and figure it out, could exploit these vulns and install a backdoor.
xz backdoor, is pretty much
3
0
11
This is it guys, ssh auth bypass confirmed from the xz backdoor.
auth bypass confirmed!
> INFO:paramiko.transport:Authentication (password) successful!
mm_keyallowed_backdoor cmd 1 allows to override the response for mm_answer_authpassword with a custom one. if you set it to { u32(9), u8(13), u32(1), u32(0) } you can login with any pass 🤓
14
149
1K
0
1
11
I think this summarize very well the dangers and the challenges of AI (applied to cybersecurity) for the next few years to come
1
0
9
if you see this post a dragon
4
0
10
@simplylurking2
the thing is there are 20 000 backdoored npm packages discovered in 2023, so I am not sure if this is a good practice to assign a CVE to every backdoor supply chain attack because there are just many.
4
0
10
Collecting funds to start a TMZ but for cyber.
Let's bring awareness to this space.
0
2
8
Remember & study this:
L1s are someone else network.
L2s are someone else computer.
L3s are someone else browser.
L4s are someone else wallet.
0
1
8
After sandworm, apt29, now we have Agrat Project embracing CVE-2023-38831 winrar exploit
0
1
8
attribution is cool when done right
Interesting note on the
#xz
backdoor:
If you plot Jai Tan's commit history over time, the cluster of offending commits occurs at an unusual time compared to rest of their activity.
If the dev was pwned, it could be a sign that the threat actor contributed in their own timezone
44
461
4K
1
0
7
Mindmap to bypass AV. Its hillarious source:
Also i feel that i want to spend sometime on this, while reading the bypass EDR book. Im not sure why i would do that, maybe to detect if any of these techniques are used in todays crypters.. im going pass that
0
1
7
As others pointed it out Amazon give us a free LLM. Is this part of the Bug bounty yet?
3
0
7
Can we have a sha-256 of a .o for once please? All these great reports lack the hash so its hard to know what binary people worked on already
0
0
5
🤖 Dropzone AI: Empowering Cyber Defenders with Gen AI
TLDR: 🔑 Dropzone AI leverages Gen AI to build autonomous security analysts that augment human SOC teams, reducing manual analysis by 90% and enabling them to focus on real threats.
Key Points:
💻
0
1
6
@juanandres_gs
Unicorn engine +ida , works very well, heres some code i wrote that you can adapt to pretty much emulate anything using ida pro on mac:
0
0
5
@sherrod_im
Ransomware distributed via Google/Bing search Ads, compromising enterprise networks. Although anticipated in 2020, the extent to which this has become a prevalent threat and a significant attack vector wasn't previously measurable.
1
0
5
Yes we need more stories on SS7
0
0
4
rumors circulating that there's an iOS vulnerability actively being exploited in the wild, but the source is
@TrustWallet
so I will be careful interpreting what they say without validation from
@Apple
security
1/2: ⚠️ Alert for iOS users: We have credible intel regarding a high-risk zero-day exploit targeting iMessage on the Dark Web.
This can infiltrate your iPhone without clicking any link. High-value targets are likely. Each use raises detection risk.
#CyberSecurity
673
3K
6K
1
0
4
@GelosSnake
Here
Twitter AI is amazing. It took our satirical post about 'Stuxnet 2.0' and some mention of 'templates' into a serious trending post about cyberwarfare.
31
129
1K
0
0
3
Official twitter handle:
PSA: The Leather Wallet app currently in the iOS store is FAKE 🚨
⚠️ Do not download it, and definitely do not input your seed phrase.
We promise we'll let you know once our mobile app is actually ready!
Leather should only be downloaded directly from .
22
68
134
0
2
3
Threat intel detected an iOS iMessage zero-day exploit for sale in the Dark Web. It is a zero click exploit to take over control of the phone via iMessages. Its asking price is $2M. This would make sense for very high value individual targets, as more the zero-day is used,
51
108
310
2
1
1
📽️ Title: The Turbulent Rise and Fall of AI Startups
TLDR: 🎢 The AI industry is facing a turbulent phase, with promising startups like Stability AI and Inflection AI struggling with financial issues, talent retention, and unsustainable business models.
0
0
3
Damn this is awesome. Thanks le Grugq.
The xz backdoor was the final part of a campaign that spanned two years of operations. These operations were predominantly HUMINT style agent operations. There was an approach that lasted months before the Jia Tan persona was well positioned to be given a trusted role.
41
1K
5K
0
0
3
1
0
3
@msuiche
@lordnarfz0g
@Gi7w0rm
@vxunderground
@UK_Daniel_Card
@esa
@CISAJen
Thank you for your leadership
@msuiche
1
0
3
@L_Lgde
I disagree with the Victimology part and the tooling part you mentioning, due to the Minimal overlap (see below), and you don't mention the group distinction observed in the tradecraft:
"While we have discovered some minimal overlaps with other Chinese groups such as Violet
1
0
2
So this is a fairly new cobalt strike campaign, with the watermark 1357776117:
Does anyone have anything on this? what we got is malware downloaded from Google Ads, which then dropped a cobalt strike beacon.
0
1
2
Previously I ran Cobalt strike Beacon on Linux using wine, and jumped out of the wine process. yesterday we ran macOS malware on Darling and it beacons back to the C2 server with ease. So now I'm wondering how hard is it to jump out of Darling process.
0
0
2
installing Darling on my daily box, it takes an eternity to compile. 30min in, and I am still at 17% of compilation.
Previously I ran Cobalt strike Beacon on Linux using wine, and jumped out of the wine process. yesterday we ran macOS malware on Darling and it beacons back to the C2 server with ease. So now I'm wondering how hard is it to jump out of Darling process.
0
0
2
1
0
2
@jfslowik
other shops: let's pick
@patrickwardle
research, write a blogpost about it, and not mention the source hoping no one will notice.🤡
0
0
2
2
0
1
good job
@richinseattle
If you use llamafile, llama.cpp, llama-cpp-python, Oobabooga, LMStudio or any other software that exposes llama.cpp grammar sampling, I found a few remotely exploitable bugs triggered through a single web request that got patched today. More to come from my work at
@Eclypsium
0
36
112
0
0
1
here's one:
Things going well over here. 'Sydney Sweeney Leak' Malware is All Over Twitter
2
12
51
0
0
1
@UK_Daniel_Card
We should impose costs on this fox for burning OSINT threat intel feeds. +$1 on his linkedin monthly membership
0
0
1
Hopefully these community powered investigations will help capture these scammers.
Community Alert: The group of scammers who stole 8 figs with Magnate, Kokomo, Lendora, Solfire, etc is back with a new project on Blast
@Leaperfinance
Last week they funded an address on Blast with ~$1M of laundered funds from the previous rugs and have begun adding liquidity
356
2K
6K
0
0
1
@HackingLZ
@simplylurking2
it's varying. some npm had 2 people using them. some have an easy 1K users. depends. but stil if you end up using these npm or their dependencies you get RCEd with a reverse shell.
0
0
1
