Silas Cutler // p1nk
@silascutler
Followers
12,919
Following
2,029
Media
2,280
Statuses
14,793
Hacker, sometimes researcher @Only_Scans , @mal_share Adjunct Senior Cyber Threat Researcher for @IST_org
w00w00
Joined June 2010
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
#ปิ่นภักดิ์EP1
• 1062357 Tweets
THE LOYAL PIN THAI GL NO1
• 998624 Tweets
Djokovic
• 455725 Tweets
Rotherham
• 178449 Tweets
ヒロアカ
• 140543 Tweets
Middlesbrough
• 99414 Tweets
Francisca Crovetto
• 73580 Tweets
Nole
• 64875 Tweets
堀越先生
• 50433 Tweets
Byron
• 45445 Tweets
フワちゃん
• 43667 Tweets
BEST WISHES FOR YIBO BIRTHDAY
• 40576 Tweets
Fabiola
• 40286 Tweets
L1485 FOR LIFE
• 35953 Tweets
Scottie
• 31956 Tweets
松山英樹
• 27959 Tweets
Onyeka
• 26695 Tweets
Thompson
• 22471 Tweets
Noah Lyles
• 21442 Tweets
松山選手
• 19370 Tweets
Omanyala
• 17705 Tweets
Federer
• 15833 Tweets
ジョコビッチ
• 14175 Tweets
Seville
• 13470 Tweets
最高の最終回
• 11082 Tweets
やす子さん
• 10753 Tweets
Feyenoord
• 10693 Tweets
Samsung Smart TVs use a wifi password of 1111122222 for their setup (SSID: Samsung TV [0-9]{4}). This is not changeable.
By default, external management notifications are set to off.
They told me this was not a security issue. Now it's public knowledge.
73
1K
5K
Found the strangest bag on a hike earlier today. Maybe somebody lost it?
128
289
4K
Not something you want to see on an ATM ( wonder how many cards have been lost at this point)
30
2K
2K
Getting a notification to install Flash player on a .gov site, while watching a hearing about cyber security just really hits me this morning
18
179
1K
9
261
714
If you're at a hospital that was hit today by this ransomware attack. My DMs are open and I'll be here all night if you require any assistance.
11
130
599
Without DEFCON or BlackHat this year, I'm nervous that I will not have enough shirts to sustain my wardrobe. Without cons ....where do people get shirts?
76
43
589
@mikko
Fun fact - Mars is also the only planet that we know of inhabited entirely by robots
6
53
503
Tell me more about this school project ... "this_is_for_a_school_project_no_needs_to_worry_mr_reverse_engineer.exe"
#ReverseEngineering
12
174
472
Welcome to Windows 11 - where Candy Crush is now part of you threat model.
I'm sorry to all the sys admins who now need to figure out the group policy settings to disable.
17
85
437
In a test run of the new
#Ukraine
Wiper, MBR corruption happened in under 15 seconds of execution.
4
127
330
6
154
418
In response to the
#3CXpocalypse
/
#3CX
, a group of us have put together a self-service site to look up if you were potentially impacted. If you're connecting from an IP address that was flagged, the header will turn red.
14
190
375
Useful reference point for anyone in threat intel.
2
77
296
I've been interested for years in how other researchers stay organized. This week, I am going to try and open-source all of my personal organization tools & processes.
12
22
239
I started a repository today for tools folks use when analyzing malicious (or not) Docker containers. If there are tools you use for this, please submit an issue or PR with things that should be included:
1
89
227
This is important for people in policy roles to see and understand on multiple angles. Safety / privacy statements need validation. Initially, the app associated did not indicate it collected, however, was collecting the equivalent of a car location tracking device
This invasive Bluetooth car battery monitor was found to be sending the following location data to 🇨🇳
- GPS
- Wifi devices
- Cell phone towers
The Apple and Google app stores said no personal data was collected.
A new update has emerged. Let's see what was changed 👇(1/n)
68
1K
4K
9
89
225
Fun things you see when exploring hexdumps of old programs (Minesweeper 5.1 from Windows XP)
#ReverseEngineering
4
111
211
Whoever hit me with a 26 Gbps DDoS today - you got my attention. DMs are open if you want to talk.
14
20
192
Absolutely amazing feature. I can't say this enough. Physical disconnect switch for wifi, by, camera, microphone
3/n
5
26
191
I have never felt like my career was less significant then watching a real estate agent on TV punch 1234 as the security system pin for a $6.25 million dollar house
8
20
192
Three days later, lets catch up together on the
#XZBackdoor
in
#XZUtils
.
Current understanding (2024-04-01) is the malicious code creates a backdoor for remote code execution.
1 / 5🧵
For those looking to get straight to RE:
8
67
187
Automating Malware Analysis Operations (MAOps)
1
52
180
Cobalt Strike Scanner that retrives detected Team Server beacons into a JSON object
1
56
175
The setup wifi network is used to configure the TV. Therefore, using this access, you can remotely control settings of the TV over HTTP requests on port 8080
2
10
167
WinDbg Basics for Malware Analysis
1
67
155
How to get banned from a country in one Tweet? Go -
6
22
152
Master of RATs - How to create your own Tracker
2
53
150
I you received a free smart watch, I'd love to do analysis on it. All shipping costs covered, just drop me a DM
Apparently, members of the US military are receiving unsolicited smart watches by mail and nobody seems to know why or what they actually do:
12
109
316
5
45
151
I am now the owner of a physical copy of WinRAR.
17
14
150
I'm evaluating the the open-source options for automatically generating
#Yara
rules. Besides the following, what I am I missing?
9
35
151
Log analysis via logs printed on a thermal printer. Your move ...
13
26
145
Announcing the Seventh Annual Flare-On Challenge
0
75
145
Come on
@CrowdStrike
. This isn't who you are. Reign the sales team in. This type of advertising is dangerous and makes our jobs harder and devalues what we do.
(cc:
@Adam_Cyber
,
@DAlperovitch
,
@George_Kurtz
)
This rocked into my team earlier.
@CrowdStrike
get a better script, you barrel of dicks. And James, why not question the methods being rained down on you to meet your numbers.
#FUD
21
38
555
5
17
138
If you've in security and never worked as a sysadmin, this is a really important thread about why it's not "just patch".
12
43
136
Wow - CobaltStrike Beacon implant with a c2 of votetexas[.]gov named Candidate-Resume-2019.doc
Hash:
d85e783b4594658c1df49b286dc504becfe0b23092b21e3ee08949674d01c447 (cc:
@VoteTexas
)
3
59
130
Cool feature of Tor Browser (
@torproject
) is the ability to see the circuit you're using and generate a new one.
5
37
115
2
11
78
2
28
125
I scanned the Internet last night and generated JARM fingerprints from hosts listening on port 443.
(cc:
@hdmoore
,
@hushedfeet
)
4
31
119
Released a blog today on
#Maui
ransomware. No ransom notes and not connected with any RaaS provider.
3
40
117
I scanned the Internet abain and JARM fingerprinted hosts listening on port 443.
#ThreatIntel
#AntiMalware
#InfoSec
#JARM
6
26
112
Yesterday, I saw someone I didn't know wearing one of the Five Eyes patches. Not at a security conference, just in the wild. I got 300 printed.
The joy this made me feel can only be amplified by the statistical probability of this occurring
To this person, thank you so much.
8
2
114
If you are part of a
#Ukrainian
organization that was hit by this wiper or have any information, my DMs are open, you can email me at silas
@malshare
.com and I'll provide any support i can. (cc :
@CyberpoliceUA
/
@Ukraine
)
9
28
110
Really excited to finally share that I've started at
@InsideStairwell
as their Resident Hacker / Principal Reverse Engineer.
We’re thrilled that three experienced leaders have joined us on our mission to help security teams outsmart any attacker. Welcome,
@shelsharma
, Siddhartha Sinha, and
@silascutler
!
1
1
8
13
7
113
Lets take it for a test drive
🧵
🔬 CISA Releases Malware Analysis System for Public Use
Malware Next-Gen:
@CISAgov
's threat hunting and internal malware analysis system
→ Submit malware samples & suspicious artifacts for automated analysis
→ Uses both static & dynamic analysis
2
45
133
5
6
112
CobaltStrikeScan - Scan files or process memory for Cobalt Strike beacons and parse their configuration.
1
44
106
Tell me in the actor's .bash_history where they messed up
27
9
100
I don't know who needs to hear this but "CobaltStrike" is not attribution. Saying "...servers were targeted by CobaltStrike" is not correct - the servers were infected with CobaltStrike by someone.
CobaltStrike also should not be the end of analysis.
#Watermarks4Life
6
8
106
One of my favorite services is . It's a must have for folks tracking ransomware.
2
18
107
Shamoon is not a variant of Stuxnet. As someone who has spent hours reverse engineering both - I can say this with high confidence.
4
11
102
The only practical reason I miss MD5 is because typing a SHA256 from an image is brutal
7
7
99
To this day, I still think we are only seeing <1% of all intrusions.
9
13
96
More details coming out on
#WhisperGate
/
#BleedingBear
/ the destructive
#Ukraine
attack
- more details about the initial attack
- identified links to a prior ransomware named
#WhiteBlackCrypt
2
36
94
I'm working on putting together a list of hacks of security companies and targeting of individual researchers. What incidents come to mind?
28
18
97
I'm seeing more security folks thinking a malware sample is theirs or only they are capable of tracking an actor (while never sharing findings). If you hoard it to stroke your ego, you're helping the malware operators.
7
13
99
Today was my last day at
@InsideStairwell
. It's been incredible working with
@MikeWiacek
,
@performify
,
@threathog
,
@saintX
& the rest of the team.
13
1
98
Would folks be interested in another round of these patches?
20
6
90
Turns out Android has a Morse Code keyboard option.
5
21
90
In total, there are 60 sessions on this CobaltStrike server from 11 unique IP addresses. "linlu", I don't think it's appropriate to download people's WeChat data.
Hopefully that's not "linlu''s email in the bash_history...💀
#opsec
C2: HTTPS @ 43[.]139[.]116[.]197:443
C2 Server: service-dxka5ebo-1306407718[.]gz[.]apigw[.]tencentcs[.]com,/api/x
Host Header: service-dxka5ebo-1306407718[.]gz[.]apigw[.]tencentcs[.]com
(Short)
#C2
#cobaltstrike
1
0
3
3
20
89
You want malicious python packages? This is how you get malicious python packages.
4
22
87
This was an interesting case. Newer ransomware group, just getting their own Ransomware-as-a-Service off the ground. Hopefully this puts it back on the ground.
5
38
88
If you receive a phish or a malware artifact (especially if you think it's targeted) you need help with - my DMs are always open.
One of the greatest compliments you can give me is asking for my help.
1
17
86
Now that samples have been released, the next phase of the
#WhisperGate
I suspect many will be focused on identifying code overlaps as we start to see (what is likely) an attempt to blur attribution.
There are already some things coming into view:
1
13
86
Once your business reaches a certain size, cyber security needs to be it's own cost center. It can't just be under IT
4
15
85
Not sure what the best way to sell them is. I'm thinking either Shopify or eBay.
12
6
82
Intercept input/output (stdin/stdout/stderr) for any process, even where said output is sent to /dev/null or elsewhere.
3
21
84
Interesting Thread on a massive dump from a Chinese 🇨🇳 Ministry of Public Security (MPS) private industry contractor called iSoon (aka Anxun)
Leak contains:
- Spyware
- Espionage Ops
- “Twitter Monitoring Platform”
- And a lot more 🔥
This is a crazy NTC Vulkan-level leak ⚠️
5
645
3K
2
11
78
TIL VT now has attributing of IOCs to Threat Actors and not just through the comments
4
9
78
It's sad to see how
@KeybaseIO
has gone completely off the rails. Github project is filled with crypto scams and users pushing fixes, but nobody's at the wheel.
4
17
77