I am looking for a job. It's becoming a little urgent, so if anyone has any leads whatsoever, please send them my way.
I'm a malware guy: reversing, detection, Intel, anything really related to defending and proactive research. I can also do system administration duties when it comes to Linux. I am able to quickly pick up anything I don't already know.
I've cracked billions of #passwords from tens of thousands of #data#breaches in the past 12+ years, and because of this, I likely know at least one #password for 90% of people on the Internet. And I'm not alone! While I primarily crack breached passwords for research purposes and the thrill of the sport, others are selling your breached passwords to criminals who leverage them in #AccountTakeover and #CredentialStuffing attacks.
Use a #Diceware style #passphrase - four or more words selected at random - for passwords you have to commit to memory, like your master password!
Enable MFA for important online accounts, including cloud-based password managers!
Harden your master password by tweaking your password manager's KDF settings! For #Bitwarden, use Argon2id with 64MB memory, 3 iterations, 4 parallelism. For #1Password and other PBKDF2 based password managers, set the iteration count to at least 600,000.
Use unique, randomly generated passwords for all your accounts! Use your password manager to generate random 14-16 character passwords for everything. Modern password cracking is heavily optimized for human-generated passwords, because humans are highly predictable. Randomness defeats this and forces attackers to resort to incremental brute force! There's no trick you can do to make a secure, uncrackable password on your own - your meat glob will only betray you.
Use an ad blocker like #uBlock Origin to keep you safe from password-stealing #malware and other browser based threats!
Don't fall for #phishing attacks and other social engineering attacks! Browser-based password managers help defend against phishing attacks because they'll never autofill your passwords on fake login pages. Think before you click, and never give your passwords to anyone, not even if they offer you chocolate or weed.
#Enterprises: require ad blockers, invest in an enterprise password management solution, audit password manager logs to ensure employes aren't sharing passwords outside the org, implement a Fine Grained Password Policy that requires a minimum of 20 characters to encourage the use of long passphrases, implement a password filter to block commonly used password patterns and compromised passwords, disable #NTLM authentication and disable RC4 for #Kerberos, disable legacy broadcast protocols like LLMNR and NBT-NS, require mandatory #SMB signing, use Group Managed Service Accounts instead of shared passwords, monitor public data breaches for employee credentials, and crack your own passwords to audit the effectiveness of your password policy and user training!
Nach meiner Einschätzung sind nicht nur große Teile der Microsoft-O365-Service kompromittiert, sondern auch alle Windows-Rechner, die damit verbunden waren. Ein Super-Gau epischen Ausmaßes - scheint vielen aktuell nicht klar zu sein. 🤷♂️ 👇
We saw #malware uploads to Codeberg increase in the past weeks. Although our users are likely not the target audience of these files, we still want to remind you:
Watch out and stay secured. Do not run files from untrusted authors.
On Codeberg, double-check the project's legitimacy (e.g. user age, stars / issues / activity) or the source code itself.
Visit the project's homepage and use official download sources.
Never let emails panic you, consider if it's part of a #phishing campaign.
As a general PSA, this is the very thing I fight against every single working day of my life. An acquaintance of mine is an older lady, this popped up on her screen. She sent me this snapshot in a panic. For her, considering everything, I told her to simply turn off the machine without shutdown. Wait ten seconds and turn it back on. She’s all set, but these scams are getting disturbingly high quality. #hack#scam#malware#Windows#today
Nice, someone registered 'ngithub [dot] com` and in some cases redirecting users to scam / malware sites. So, if you click on a stack trace message that included a new line..
somethingngithub.comYourAccountYourRepblah
.. and Slack or something else converted that to a link you're likely to end up there.
Hi. This is Renée, the head of Infoblox Threat Intel (@knitcode). Myself and a few of my researchers are sharing this Mastodon account. Our plan is to toot about suspicious and malicious activity in DNS. Our team tends to write very in-depth papers and want to use Mastodon to complement that with nuggets we've seen, updates on the DNS threat actors or TTPs we are seeing, and articles we are reading. Here goes! #dns#threatintel#malware#phishing#cybersecurity#infosec#infoblox#introduction
Oh, great. Computer security researchers have developed a proof-of-concept for a type of ransomware that would act when you try to upload a file. It would be able to encrypt any files in the folder you uploaded from, and any subfolders of it.
This is a proof-of-concept; the researchers have not seen any such attacks in the wild. But stay careful out there, okay?
Affects Chrome and Edge, but not Firefox or Safari!
🦀 Have you been noticing that over the past two years, there seems to be more and more malware written in Rust? Have you ever wished there was one page that collected all these malware families and samples in one place, so that you could practice your Rust reverse engineering?
I have collected information about every Rust malware family that I could find, and scoured public malware repositories to find at least one public sample that is available for each family. Download links are provided for each sample to MalShare or Malware Bazaar, neither of which require an account for you to download the samples.
I hope that this can help reversers get a better understanding of Rust binaries, and improve the state of the art in Rust malware reversing. We have a long way to go 😅
Please send a pull request if you notice something is incorrect or missing! Happy reversing!
As many have already heard last week, Dragos had to let go about 50 people. Tuesday last week was my last day on the job, and as of today I am slowly beginning my search for a new role while allowing myself plenty of time to unwind between roles (for a change).
My role at Dragos was to reverse engineer ransomware and I would love to continue reverse engineering malware (not just ransomware) in the future. I've worked in a few different threat intelligence roles over the last several as well.
I'm located on the US East coast and am currently looking to stay remote as relocation and travel are not an option for my family.
Any leads are appreciated! My LinkedIn profile can be found at the top of my profile as well.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #45/2023 is out! It includes the following and much more:
➝ 🔓 ✈️ #Boeing breach: LockBit leaks 50 GB of data
➝ 🇨🇳 World’s largest commercial bank #ICBC confirms #ransomware attack
➝ 🔓 ☁️ Sumo Logic alerts customers about #securityincident; advises rotate Sumo Logic API access keys
➝ 🔓 🇮🇪 Electric Ireland admits data breach that could see customer financial data compromised
➝ 🔓 🇨🇦 #TransForm says ransomware data breach affects 267,000 patients
➝ 🔓 🇸🇬 #Singapore Marina Bay Sands reward members data breached, over 650k people exposed
➝ 🇮🇱 🇵🇸 🇮🇷 Cyber ops linked to #Israel-#Hamas conflict largely improvised, researchers say
➝ 🧨 🤖 #OpenAI confirms #DDoS attacks behind ongoing #ChatGPT outages
➝ 🛍️ 💸 Fake Ledger Live app in #Microsoft Store steals $768,000 in #crypto
➝ 🔓 🐰 ‘Looney Tunables’ #Glibc Vulnerability Exploited in #Cloud Attacks
➝ 🇺🇸 🇷🇺 US Sanctions Russian National for Helping Ransomware Groups Launder Money
➝ 🇮🇷 🇮🇱 Iranian Hackers Launch Destructive Cyber Attacks on Israeli #Tech and #Education Sectors
➝ 🇫🇷 🇬🇧 #France, #UK Seek Greater Regulation of Commercial #Spyware
➝ 🇪🇺 🤐 #Europe is trading security for digital #sovereignty
➝ 🇷🇺 🇺🇦 Russian Hackers Used #OT Attack to Disrupt Power in #Ukraine Amid Mass Missile Strikes
➝ 🦠 🚪 Highly invasive #backdoor snuck into #opensource packages targets developers
➝ 🦠 🇰🇵 N. Korea's #BlueNoroff Blamed for Hacking #macOS Machines with ObjCShellz #Malware
➝ 🫣 #Signal tests usernames that keep your phone number private
➝ 🔐 Microsoft Authenticator now blocks suspicious #MFA alerts by default
➝ ☁️ 💰 Researchers Uncover Undetectable #CryptoMining Technique on #Azure Automation
➝ 👥 💰 Data Brokers Expose Sensitive US Military Member Info to Foreign Threat Actors: Study
➝ 🩹 Microsoft Says Exchange ‘Zero Days’ Disclosed by #ZDI Already Patched or Not Urgent
➝ 🐛 Veeam warns of critical bugs in #Veeam ONE monitoring platform
📚 This week's recommended reading is: "How the F*ck Did This Happen?: A guide for executives who need to understand Cyber Security in plain, actionable language" by Dr Darryl Carlton
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Last year I was invited to present a talk at a conference called #MicrosoftDCC and spoke about a particularly vicious #botnet#malware called #qakbot.
My colleague Steeve and I had cracked the methodology for decoding their command-and-control functionality. We published our work in a blog post and presented it at #VirusBulletin, #RMISC, and #DCC.
Today, the #FBI announced that in an international operation with France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom they have shut down the botnet.