Profile avatar
diogowski.bsky.social
🇵🇹 🇨🇭 #DFIR, #malware, #detectionengineering and #python! + 🚵🏼🤿🏂 https://github.com/diogo-fernan
33 posts 135 followers 419 following
Prolific Poster
Conversation Starter
Posts 34 Comments 15

No more platform-hopping! 🕵️‍♂️ Hunt across all abuse.ch platforms with just 1️⃣ simple query. 🔎 Search for any IPv4, domain, URL, or file hash, and instantly see if it’s been identified on any abuse.ch platform! Start your hunt now 👉 hunting.abuse.ch

submitted 2 days ago • 0 comments

Comparing Decai decompilation using @anthropic.com 's Claude 3.5 vs 3.7 with a simple strcoll wrapper function #r2ai #radare2

submitted 3 days ago • 0 comments

You receive a laptop (powered off) in a high-stakes case. You are told the owner is extremely technical but given no useful technical details. The laptop is modern, with chassis intrusion features, and you must assume Secure Boot & BitLocker are in use. How do you proceed? #DFIR

submitted 10 days ago • 1 comment

If you live in the West, it's not often you read about CIA/NSA cyber operations against China. But here's one: "How the NSA Allegedly Hacked China’s Northwestern Polytechnical," a leading Chinese university specializing in aerospace & defence. www.inversecos.com/2025/02/an-i...

submitted 9 days ago • 2 comments

In this blog post, I explain how I was able to create a PowerShell console in C/C++, and disable all its security features (AMSI, logging, transcription, execution policy, CLM) in doing so. 💪 👉 blog.scrt.ch/2025/02/18/r...

submitted 9 days ago • 2 comments

@volexity.com recently identified multiple Russian threat actors targeting users via #socialengineering + #spearphishing campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: www.volexity.com/blog/2025/02... #dfir #threatintel #m365security

submitted 15 days ago • 2 comments

YARA-X 0.13.0 is out: github.com/VirusTotal/y... As always, Victor and the contributors are cranking out quality improvements! In particular, check out the docs on how to use the formatter and linter and open issues (or tell me somehow) if you hit bugs or have things you want to see.

submitted 25 days ago • 1 comment

The threat landscape in H2 2024 was quite tumultuous when it comes to some of the most prominent infostealer threats. One of them, the notorious #RedLine Stealer, finally met its demise after being taken down by law enforcement in #OperationMagnus. #ESETresearch 🧵 1/5

submitted 28 days ago • 1 comment

A "code family" is a basic concept in @vertexproject.bsky.social's approach to tool analysis. Check out the next installment in Mary Beth Lee's malware manifesto as she defines "code family", how it differs from "malware family", and how this aids your #CTI analysis! vertex.link/blogs/catego...

submitted 32 days ago • 0 comments

#100daysofyara todays rule is detecting patched clr.dll in memory AmsiScanBuffer bypass. My @velocidex Windows.System.VAD artifact can be used to target clr.dll mapped sections for an easy detection. Rule: github.com/mgreen27/100... VQL: github.com/mgreen27/100...

submitted 38 days ago • 0 comments

Here's a video overview of Venture, the cross-platform Windows Event Viewer. Version 0.2.0 now has the ability to join multiple .evtx files into a single view! www.youtube.com/watc... Grab Venture here: github.com/mttaggart...

submitted 37 days ago • 1 comment

Check out this new blog post from @andyrobbins.bsky.social discussing the fundamental components & mechanics that enable the emergence of critical Attack Paths in Microsoft's increasingly popular Intune product. ghst.ly/3Cd5cwH

submitted 44 days ago • 0 comments

live #dprk fake interview site up and running if you're looking to experiment ... digitptalent[.]com ... both windows and mac malware

submitted 46 days ago • 0 comments

Just put out this research on MiTM PaaS kits labeled Rockstar and Flowerstorm over the past few months. While my name is on this I partnered with two researchers, Josh Rawles and Jordon Olness who did a bulk of the work alongside @thepacketrat.net, and Colin Cowie who are all individually brilliant!

submitted 71 days ago • 1 comment

Did you know that you can conduct an easy local dictionary attack on Linux without lockout times? Wrote a small tool for that, feel free to check it out: github.com/yo-yo-yo-jbo...

submitted 72 days ago • 0 comments

Dropping some new research on TA397/Bitter 🚨 Hidden in Plain Sight | TA397’s New Attack Chain Delivers Espionage RATs Report: www.proofpoint.com/us/blog/thre...

submitted 73 days ago • 2 comments

🐧 It’s finally here! 🔍 The Linux EDR Telemetry Project results are live! After months of testing and collaboration, we’re excited to share how well EDR solutions handle Linux visibility. Read the full blog here: 📝👇 kostas-ts.medium.com... 1/2

submitted 73 days ago • 1 comment

This was a phenomenal breakdown of some novel Linux malware techniques. www.elastic.co/secur...

submitted 74 days ago • 3 comments

@decoder-it.bsky.social and i noticed that it's no more possible to call NtLoadDriver pointing to an unprivileged regkey such as \REGISTRY\USER Even if you have the SeLoadPrivilege you would still require the Admin group to write the required regkey. Some more technical details below 👇

submitted 77 days ago • 1 comment

I wrote a fun, little blog post. Remote pre-auth file deletion in SolarWinds ARM allowed to achieve LPE on AD machines 🙃

submitted 78 days ago • 1 comment

Had some fun with Alden, @laughingmantis.bsky.social, and Tanner digging into the Java implant that was being deployed by the Cleo 0-day. Our analysis is now live! www.huntress.com/blog/cleo-so... TL;DR: Custom malware specifically targeting Cleo software we called Malichus. Enjoy!

submitted 79 days ago • 0 comments

@msftresearch.bsky.social here is "OWASP Top 10 for Large Language Model Applications". owasp.org/www-project-... I want to help you as you have a faulty #AI that is blocking @owasp.org owasp.org/blog/2024/10... I have to post it in social media since you are not receiving our emails any longer.

submitted 79 days ago • 0 comments

🔥 NEW: Operation Digital Eye 👁️ | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels #apt #china #cyber s1.ai/d-eye

submitted 80 days ago • 0 comments

We’ve identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, commonly used to manage file transfers. #dfir #vulnerability www.huntress.com/blog/threat-...

submitted 81 days ago • 0 comments

I am building out this pack featuring individuals and companies that more often than not post technical content on #dfir, #reverseengineering, #malware, #pentesting, #exploitation and #appsec. Reach out if you are not in there yet! 👇🏼👇🏼👇🏼 go.bsky.app/P9JUTfw

submitted 82 days ago • 0 comments

ExecCmd64 lolbin www.hexacorn.com/blog/2024/12... #lolbin

submitted 84 days ago • 1 comment

Releasing a new #DFIR tool today! Swap Recon performs brute-force decompression of Windows 10 & 11 swap. Swap Recon was built when we couldn't find existing tools or techniques to decompress modern Windows swap properly in one of our highest-stakes cases. arsenalrecon.com

submitted 84 days ago • 1 comment

Pretty nifty tool! insiderthreatmatrix.org

submitted 84 days ago • 0 comments

Another great find by @citizenlab.ca 🙌🏻

submitted 85 days ago • 0 comments

www.microsoft.com/en-us/securi... Based on both Microsoft Threat Intel findings and governments and other sec vendors, we assess that the Russian nation-state actor tracked as Secret Blizzard has used the tools and infrastructure of at least six other threat actors during the past seven years.

submitted 86 days ago • 0 comments

Neat 👌🏼

submitted 86 days ago • 1 comment

WHOA: #Poland just arrested ex spy chief & dragged him before parliament to testify about #Pegasus mercenary spyware abuses. He'd ignored 3 summonses. 1/ Story: www.ft.com/content/8852...

submitted 88 days ago • 8 comments

‘The formalisation of the field and peer review is important in cementing digital forensics as a scientific discipline, but if it does not reach the practitioner community, then it risks falling into one of the less desirable definitions of academic: “strictly theoretical or formal… irrelevant”.’ ☠️

submitted 87 days ago • 1 comment

ow to vote for 2FA on bsky. Login, using your github account, then give the last post here github.com/bluesky-soci... a 👍 #cybersec #2fa #bsky #appsec #infosec

submitted 89 days ago • 4 comments