CEO at
@securityjoes
| Malware Eater & Incident Agnostic | ex-Ploit Writer | CVE-2017-147** CVSS v3 9.8 | Book Writer | Black Belt | Father | Here to play
(1) Open a new directory
(2) Type โcmdโ in URI
(3) Execute the following command in the opened command-line window:
$> netsh wlan export profile folder=. key=clear
Checkout how many clear-text Wi-Fi passwords are stored on your machine.
10x
@B_H101
@miakhalifa
What about this?
Is this resistance?
Woman being kidnapped along with her two baby boys (small baby bleeding from his head). They will sleep in Gaza today. Next to your loved freedom fighters who killed 200 of ours in 1 day. Most are civilians - elderly, children, parents. In
Hi
#infosec
,
I noticed a group of my followers support HAMAS and their acts, commenting with smiles and laughter about babies being murdered in-front of their mothers. (Please bare with me)
Started blocking them, but how many are there in our global community?
IโM CALLING ๐
WhatsApp message: โIdo we have a ransomware incident! How soon can you come?!โ
Me: <swiping up the message to ignore notification> โSmile everybody! ๐โ
Life is short. Donโt let work set the pace.
Imagine you were born in 1900.
When you're 14, World War I begins and ends when you're 18 with 22 million dead.
Soon after a global pandemic, the Spanish Flu, appears, killing 50 million people. And you're alive and 20 years old.
*Malware Analysis question*
You bumped into this code:
xor ecx, ecx
mov edx, 0xabcdefff
add edx, 0x12345678
mov eax, [edx]
add eax, ecx
In the context of malware, what are you suspecting that itโs responsible for?
Talking to SysAdmin during IR:
Me: Found patient zero
Him: Huh cool, which one was it?
Me: <username>
Him: There, I deleted everything related to that user.
Noooโฆ๐คฆ๐ปโโ๏ธ๐คฆ๐ปโโ๏ธ๐คฆ๐ปโโ๏ธ๐คฆ๐ปโโ๏ธ
One of my CEO friends was asking me a serious question:
โShould I hire
#infosec
experts based on the amount of Tw followers they have?โ
I honestly donโt have an answer.
Do you?
Yesterday, 10AM, first step into the mettress. 45min endurance, 10hrs of techniques in Karate, Krav Maga, Judo, JiuJitsu, BJJ and more and more. An endless day!!
Then, at 9:30PM, grand finale - 25 straight full-contact fights.
Achievement Unlocked.
#BlackBelt
1 in a million ๐ฏ
#Mimikatz
command detected based on strings in CMD, but this is actually a legitimate MS
#Defender
Base64 payload.
For some *COOL* reason the Base64 actually reads โsekurlsaโ ๐คฉ
Fun {Incident Response} with
@dark0pcodes
You like the first one, so hereโs another *malware analysis RE question*
Youโve stumbled on this code snippet:
mov ecx, 0x12345678
mov edx, 0x87654321
mov eax, [edi]
add eax, ecx
rol eax, 0x7
xor eax, edx
push eax
call some_function
Can you identify the hidden pattern?
Behind every Tw profile is a person. Having 100K followers or only 20, it doesnโt change the fact that weโre alone at the end of the day. Be nice, be responsive, loosen up a little. Military distance wonโt make you more attractive. The security industry is small. Stay human.
If you ainโt using AI, youโre missing out.
Lots of your workโs heavy lifting can be done faster when using AI, almost regardless of what your occupation is.
Use it!
Origin: Linkedin
Meet Eliana Bergman, a top-notch pentest we with over 6y experience & military background.
But Eliana is not only herself. Sheโs also a German model named Zoe.
Anybody said HAMAS? I couldnโt hear well. What?
Thatโs insane.
Posting about a CTO of global startup who was MURDERED by
#HAMAS_is_ISIS
.
Look at the reaction of Fares Walid to another personโs death,
#infosec
.
โI am sure heโs going to hell as you [emojis]โ.
There are many like him.
@Hacker0x01
stays silent.
@k8em0
Good night Israel ๐ฎ๐ฑ
Our children will sleep on the floor in safe rooms today. Weโll calm them down as they try to comprehend what is happening.
Lock your doors. Trust no one.
A woman contacted me today after her son was a victim to sexstortion. I was (surprisingly) able to take down the user & block dozens of videos he/they uploaded to XVideos.
FYI - The attacker actually contacted the victim over WhatsApp and recorded audio threat!
TV recorded it๐๐ผ
@hacker_
Not trying to be offensive, but are you trying to pitch IDOR to non-technical people?
Anyone can hack, Yeah, maybe. Not from your 3 tweets about it, IMHO. It requires skills and understanding, technical experience and nights of hard work.
Give those who do it some credit.
A child born in 1985 thinks his grandparents have no idea how difficult life is, but they have survived several wars and catastrophes.
Today we have all the comforts in a new world, amid a new pandemic. But we complain because we need to wear masks.
We complain because we must stay confined to our homes where we have food, electricity, running water, wifi, even Netflix! None of that existed back in the day. But humanity survived those circumstances and never lost their joy of living.
I RATHER SPEAK UP,
I wonโt take part in
#infosec
events where HAMAS supporters attend, take part, speak, teach, own, sponsor or get paid for.
You should do the same!
If by mistake I will, Iโd confront any HAMAS supporter during those events. Thatโs a promise.
๐ SHARE THE TRUTH ๐ Suhaib Abu Amr, a 22-year-old Palestinian from East Jerusalem who worked as a bus driver at a party in Ra'im - was brutally executed by
#Hamas_is_ISIS
terrorists, even though they understood beyond any doubt that he was a Palestinian ๐ต๐ธโ๏ธ
Due to the
After 6 months of preparations and 4 fights, I won. As a referee and as a fighter, I enjoyed every second of the Israel Survival
#Jiujitsu
state championship. 1st place, TV interview and lots of honor. ๐๐ผ๐ฅ
When you're 39, World War II begins and ends when you're 45 years old with a 60 million dead. In the Holocaust, 6 million Jews die.
When you're 52, the Korean War begins.
When you're 64, the Vietnam War begins and ends when you're 75.
I see a thread coming...
So this is hilarious. I already have the Israeli CERT on
@virusbay_io
and I just got an email from the Iranian CERT, asking to join. Grab your popcorn people, I just sent them an invite.
Really excited to announce that
@0verfl0w_
is our No.12 ninja!
He will be joining
@SecurityJoes
to fight side by side against nation-sponsored beasts & other creations lurking the wires.
You havenโt got a response from
@virusbay_io
about an invite code?
No, youโre not rejected, not pretty enough, not part of the wrong race/culture/origin or all the rest of your guesses) itโs just my wife is abroad on vacation and Iโm responsible for 3 little monsters. ๐๐๐
Hereโs a hack for you:
WhatsApp does not allow DELETE FOR EVERYONE whenever you want. Once time passes - doomed. Right? Wrong.
Rewind your phoneโs time and try again. WhatsApp calc it based on your mobileโs clock โฐ ๐
Try it. I heard it works. ๐
I have to be honest. Promoting my own company is so much better. Started fresh and the excitement is off the roof.
New title: Making Things Tick at
@SecurityJoes
. ๐ป
#DFIR
#ThreatIntel
& other recepies
When you're 29, you survive the global economic crisis that started with the collapse of the New York Stock Exchange, causing inflation, unemployment, and famine.
When you're 33 years old, the nazis come to power.
1/5 Been writing a book for the past 3 months. After 140p I have to say itโs almost done. The book is based on a life of a simple person (yours truly) and his journey to investigating prolific malware groups in an ever growing war of attacker vs. defenders.
Meet Youssef.
Youssef is a CTO of respected company in Egypt.
Youssef is a good person.
Youssef doesnโt know the difference between HAMAS & Palestine.
Youssef is angry because he doesnโt know how to read English.
Youssef doesnโt like Israel.
Help Youssef understand that
In the upcoming days, right before
@virusbay_io
โs new version (Yes, API!) these {not so} little tubes will travel to 18 countries -> 29 destinations.
#Kickstarter
supporters ๐ค๐ฝ๐ Thank you!
1/2 My daughter's kindergarten is using an app to track kids activity, upload pics and contact the teacher. All in all, its really nice. But I was still curious so I streamed the app traffic via
@Burp_Suite
and after 5 minutes I could enter any kindergarten
An Israeli website nagish[.]co[.]il was compromised and one of its subdomains (embedded in dozens of websites (including gov and media) became temporary water holes for Israeli residents. We are still investigating, but its important to share the sample and protect your users.
A new
#Facebook
#Messenger
malware is running around. Victims are getting messages coming from their friends as "video_xxxxx.bz" where 'x's are \d
Sample available on
@virusbay_io
:
Also added screenshot from our
@kaspersky
ThreatIntelPortal.
Last year, an unknown actor distributed phishing via
@wallamail
, that infected Israeli victims with a crafted
@ScreenConnect
implant. Same actor now returns to a 2nd round via Fb:
An APK wrapped with
#RevCode
WebMonitor (recently covered by
@briankrebs
-)
Simple question:
If you were holding the rifle, would you be able to shoot?
Face to face. No combat, no intelligence, not from an airplane or tank. Not from distance or from a car drive by and shooting at a mob running for their lives.
In a room. Silently. Hearing nothing but
Reading through
@virusbay_io
emails is such a breeze. Iโm looking at this incoming one:
โHi VirusBay,
Iโm โโ-, a malware & exploit researcher from XXXXX asking for an invite code.
Regards,
โโ- โโ
Sales Engineer at XXXXX
๐คท๐ปโโ๏ธ
Have you ever seen full contact
#kyokushin
fight between a man and his daughter before?
Here you go. My baby. 1hr techniques & endurance test and 5 straight fights.
After, coach asked if she wants to do another one... with dad.
Underneath a face full of tears we heard:โYesโ.
Iโm donโt always read through our Qx reports on
@Securelist
, but when I do, I mark
#Pirrit
and tell
@0xAmit
to expose some more about these bastards.
A date was set for my Black Belt test. No, itโs not in Yara or reversing - the actual martial arts black belt. After 10 years of long dedication, I was finally chosen by my Master (Dan 9, Red belt) to go through the horror of a 10 hours test.
What does it includes?
Me thinking: โNow that I no longer with Kaspersky I lost my VT unlimited... How the hell can I get fresh samples...?โ
My inner me: โOh yeah... Now I remember... I created a social network for malware analysis. Phew...โ
Go
@virusbay_io
๐ค๐ป
Yes,
@virusbay_io
requires you to tell me who you are. All three letter agencies, state-sponsored APT actors and newbies with fake emails, you too. Are we done now?
I donโt usually go into illustrating APT actors, but when I do itโs probably bcz I really want to listen to my
@kaspersky
colleagues and my ADHD tries to win me over.