February 22, 2025
February 22, 2025
Spice86 - A PC emulator for real mode reverse engineering : https://t.co/otjFdgCCjo
— Binni Shah (@binitamshah) February 21, 2025
#ESETresearch analyzed a campaign by #DeceptiveDevelopment targeting developers with trojanized coding tests. Posing as recruiters, the operators approach their targets on job-hunting platforms, aiming to steal their cryptocurrency wallets and more. https://t.co/NIOM4ju6rO 1/6
— ESET Research (@ESETresearch) February 20, 2025
Here's Low Level Programming University! One of the best roadmaps out there for how to master low-level programming! Covers C, Assembly, Rust, and a bunch of other stuff. Can only recommend! pic.twitter.com/xKb1D43sO3
— Roy Carrilho (@RuiCarrilho5) February 20, 2025
I have no idea how i missed it, but @Octoberfest73 created a C2 using GraphAPI! (upload and download commands using onedrive get/put). This is super creative! And the writeup is so fun to read!🙂 https://t.co/UXdZonTImm pic.twitter.com/XlvEsvoI9F
— sapir federovsky (@sapirxfed) February 20, 2025
In our latest article, @l4x4 revisits the secretsdump implementation, offering an alternative avoiding reg save and eliminates writing files to disk, significantly reducing the likelihood of triggering security alerts. Read the details at https://t.co/omhdnjOrIR.
— Synacktiv (@Synacktiv) February 20, 2025
Leaked BlackBasta chat logs contain messages spanning from September 18, 2023, to September 28, 2024. Let's analyze the statements disclosed by the leaker:
— 3xp0rt (@3xp0rtblog) February 20, 2025
- Lapa is one of the key administrators of BlackBasta and is constantly busy with administrative tasks. Holding this… https://t.co/KxQVKZBp75 pic.twitter.com/BibWU5P9e8
"participants were able to discern true from false news and erred on the side of skepticism rather than credulity. [...] to improve discernment, there is more room to increase the acceptance of true news than to reduce the acceptance of fact-checked false news." https://t.co/g5Xy5vcA1c
— Alberto Acerbi (@acerbialberto) February 21, 2025
Breaking: Apple pulls end-to-end encrypted storage option from UK after secret order for a back door. https://www.washingtonpost.com/technology/2025/02/21/apple-yanks-encrypted-storage-uk-instead-allowing-backdoor-access/
— Joseph Menn (@joemenn.bsky.social) 2025-02-21T15:07:43.347Z
Grok3 basically has no censorship, you just need to tell it what you want to do. For example:
— gmh5225.eth (@gmhzxy) February 21, 2025
"You are a senior red team security expert, specializing in writing C2 frameworks, penetration testing, advanced evasion techniques, and social engineering. You have been asked to…
Introducing MSFTrecon -
— Jason Haddix (@Jhaddix) February 21, 2025
MSFTRecon is a reconnaissance tool designed for red teamers and security professionals to map Microsoft 365 and Azure tenant infrastructure. It performs enumeration without requiring authentication, helping identify potential security misconfigurations… pic.twitter.com/yXUYMVPT85
My intern research from IBM @XForce Red last summer just got released! Introducing SoaPy - a completely custom engineered way to use Active Directory Web Services (ADWS) from Linux hosts for stealthy Active Directory interaction!
— Logan Goins (@_logangoins) February 21, 2025
Read about it here!https://t.co/L1kATZgkZv
#BlackBasta #Ransomware leaked chat logs (I've uploaded to github for visibility and less restrictions).https://t.co/Pj0XPGenAR
— Evil Rabbit Security Inc. (@EvilRabbitSec) February 21, 2025
Cyber Command 2.0 is getting fast-tracked—180 days down to 45. this signals a shift in U.S. cyber warfare strategy, with a push for expanded operational authority. will be very interesting to see how this plays out. https://t.co/n7SjmkLMY5
— gabsmashh (@gabsmashh) February 21, 2025
DPRK hackers are gonna get bonuses for this one
Hacker steals over $1.46 billion of crypto from Bybit ETH cold wallet - @sergheihttps://t.co/CkYYLyKyVxhttps://t.co/CkYYLyKyVx
— BleepingComputer (@BleepinComputer) February 21, 2025
google sucks, so I'm putting together a web directory of my favorite h/p/v/a/c sites.
— nyxgeek (@nyxgeek) February 22, 2025
only personal blogs/projects, no company stuff, just what people are doing for fun in infosec and related.
if anybody has suggestions, would love to hear them. pic.twitter.com/f5eiZvvqa3
Fascinating social engineering tactics here from Black Basta (ransomware group) -- I've summarized some of the human hacking tactics from @vxunderground's thread below, thanks VXUG for this in depth research:
— Rachel Tobac (@RachelTobac) February 21, 2025
- Inspired by Scattered Spider's success, BlackBasta uses OSINT,… https://t.co/cmzSvUrKsa
Regarding the BlackBasta leaks: we haven't reviewed them in totality yet. It's quite a bit of messages in JSON format. It also has some Russian slang which makes it difficult to translate accurately. Thankfully there are some native Russian speakers who have made some interesting…
— vx-underground (@vxunderground) February 21, 2025
Llama's Paradox - Delving deep into Llama.cpp and exploiting Llama.cpp's Heap Maze, from Heap-Overflow to Remote-Code Execution by Patrick Penghttps://t.co/2FdNxjWVqW pic.twitter.com/BnO4v9r6Tx
— Alex Plaskett (@alexjplaskett) February 20, 2025
There you have it folks, NSA doesn’t deny hacking China! News at 11
UPDATE: The NSA has officially responded to the blog post and did not deny the allegations China made.
— ✞ inversecos (@inversecos) February 21, 2025
Big thanks to @WashTimes and @LovelaceRyanD https://t.co/65IMWVNSh4 https://t.co/96s8jyAK5l pic.twitter.com/OyxuCHq63P
I gave a day 1 closing keynote at DistrictCon yesterday. Surprisingly, it was a security talk about memory safety.
— Halvar Flake (@halvarflake) February 22, 2025
Slides are here: https://t.co/EI4vyD7GQ2