Profile avatar
ftrsec.bsky.social
┌──(ftrsec㉿kali)-[/opt/bluesky] └─# cat bsky_desc.txt #Cybersecurity Sr. analyst & builder #Redteam lecturer at university #Splunk expert I love pandas
54 posts 71 followers 32 following
Prolific Poster
Posts 45 Comments 3

www.reversinglabs.com/blog/rl-iden...

submitted 20 days ago • 0 comments

techcommunity.microsoft.com/blog/microso...

submitted 23 days ago • 0 comments

isc.sans.edu/diary/From+P...

submitted 30 days ago • 0 comments

www.akamai.com/blog/securit...

submitted 30 days ago • 0 comments

Investigation on Xbash malware www.trustwave.com/en-us/resour...

submitted 44 days ago • 0 comments

Webshell through IIS www.trendmicro.com/en_us/resear...

submitted 44 days ago • 0 comments

www.trendmicro.com/en_hk/resear...

submitted 49 days ago • 0 comments

Happy new year ! Wish you all the best for the 2025 year ! I'm back to activity after a quick break, starting by sharing an interesting article about EAGERBEE backdoor. securelist.com/eagerbee-bac... #Cybersecurity #IoC #malware #infosec

submitted 52 days ago • 0 comments

#pwsh tip of the day! $PSBoundParameters doesn't account for params whom have a default value. Thankfully, you can still get this information! Enter $PSCmdlet! You can pull the bound parameters off of the Invocation Property of that object. I put together a quick example at: Happy Scripting!

submitted 53 days ago • 1 comment

apkleaks: Scanning APK file for URIs, endpoints & secrets meterpreter.org/apkleaks-sca...

submitted 52 days ago • 0 comments

Adding to my ETW research toolkit, a tiny program to consume information from a provider with as little overhead as possible. PockETWatcher, a tool to get the essential information from a ETW provider to the CLI or a JSON file github.com/olafhartong/...

submitted 55 days ago • 1 comment

submitted 55 days ago • 0 comments

www.secureblink.com/cyber-securi...

submitted 62 days ago • 0 comments

www.securitynewspaper.com/2024/12/26/t...

submitted 64 days ago • 0 comments

medium.com/@henrique4wi...

submitted 64 days ago • 0 comments

Merry Christmas to everyone! 🥳 Big respect to those in cyber holding the fort today ! Thank you !

submitted 65 days ago • 0 comments

Skuld Malware Using Weaponized Windows Utilities Packages To Deliver Malware gbhackers.com/skuld-malwar... #Infosec #Security #Cybersecurity #CeptBiro #Skuld #Malware #WindowsUtilitiesPackages #Malware

submitted 67 days ago • 0 comments

🎁 GenAI x Sec Advent #21 What happens when attackers compromise your GenAI system? Let's talk about LLM Hijacking 👇 🧐 LLM Hijacking is an attack where a threat actor gains unauthorized access to your LLM cloud resources and exploits them for their own […] [Original post on infosec.exchange]

submitted 69 days ago • 0 comments

And yet another supply chain attack socket.dev/blog/rspack-... #cybersecurity #infosec #malware

submitted 70 days ago • 0 comments

submitted 71 days ago • 0 comments

TrendMicro analysis on python-based nodestealer. I remind you that using the Startup folder to establish persistence is a common method used by attackers. www.trendmicro.com/en_us/resear... #infosec #cybersecurity #malware

submitted 71 days ago • 0 comments

For all the wazuh lovers, a small article to make detection on deerstealer with sysmon wazuh.com/blog/detecti...

submitted 71 days ago • 0 comments

Nmap command's 🔍

submitted 73 days ago • 1 comment

cyberpress.org/new-malware-...

submitted 73 days ago • 0 comments

Cable: .NET post-exploitation toolkit for Active Directory reconnaissance and exploitation meterpreter.org/cable-net-po...

submitted 74 days ago • 0 comments

Logpoint's report examines StrelaStealer, an infostealer targeting email client credentials. www.logpoint.com/en/blog/stre... #cybersecurity #infosec #DFIR #malware #blueteam

submitted 74 days ago • 0 comments

A detailed article about DCOM lateral movement. www.deepinstinct.com/blog/forget-... #cybersecurity #infosec #ethicalhacking

submitted 79 days ago • 0 comments

This leak is a bit old (2021) but helps you to understand the TTP used and some commands example used by Conti. You can try to replay this on a test environement and try to check your detection on these MITRE ATT&CK Tactic ID. github.com/DISREL/Conti... #cybersecurity #detection #hacking #infosec

submitted 79 days ago • 0 comments

SPA is for Single-Page Abuse! - Using Single-Page Application Tokens to Enumerate Azure posts.specterops.io/spa-is-for-s...

submitted 80 days ago • 0 comments

A classical example of supply chain attacks. Nowadays, attackers more and more focus on 3rd party like github repository packages, be careful. Here is an interesting article by wiz about the ultralytics infection : www.wiz.io/blog/ultraly... #cybersecurity #infosec #github #malware #hacking #AI

submitted 80 days ago • 0 comments

In Sept 2024, Palo Alto Networks' Unit 42 detailed Splinter, a Rust-based post-exploitation tool misused by threat actors for persistence, credential theft, and data exfiltration. 🔗 unit42.paloaltonetworks.com/analysis-pen... #CyberSecurity #RedTeam #MalwareAnalysis #ThreatIntel #InfoSec

submitted 81 days ago • 0 comments

Report from Recorded Future highlighting BlueAlpha’s tactics: Spearphishing with HTML smuggling to drop VBScript-based malware and Cloudflare Tunnels to hide infrastructure. go.recordedfuture.com/hubfs/report... #CyberSecurity #ThreatIntel #Malware #InfoSec #APT #IoC #Detection

submitted 82 days ago • 0 comments

If you performed assessment on #windows you might be familiar with AMSI, aiming to enhance protection against miuses of #powershell. Here is an article about how AMSI integrates with MS Defender. learn.microsoft.com/en-us/defend... #cybersecurity #infosec #redteam #microsoft #antivirus #edr

submitted 82 days ago • 0 comments

Today in "no one reads the license agreement" - "The second stage is stored in a data file called license located in the assets directory of the unpacked apk file" https://citizenlab.ca/2024/12/device-confiscated-by-russian-authorities-returned-with-monokle-type-spyware-installed/

submitted 84 days ago • 1 comment

#DNS security

submitted 82 days ago • 0 comments

Definitely an interesting project to follow for fast DFIR on an environment without SIEM github.com/Yamato-Secur... #cybersecurity #infosec #blueteam #dfir

submitted 83 days ago • 0 comments

ExecCmd64 lolbin www.hexacorn.com/blog/2024/12...

submitted 83 days ago • 0 comments

Interesting analysis of Braodo stealer by #Splunk team www.splunk.com/en_us/blog/s... #cybersecurity #infosec #malware #dfir #blueteam #IoC

submitted 83 days ago • 0 comments

🎁 GenAI x Sec Advent #6 🍯 In security, a honeypot is a decoy machine designed to attract attackers, to trap them or to study their behavior. This year at Defcon, my friend @0x4d31 introduced a clever idea on this concept. He combined a webserver […] [Original post on infosec.exchange]

submitted 84 days ago • 0 comments

The Symantec Threat Hunting Team analysis about chinese APT attacks www.security.com/threat-intel... #cybersecurity #detection #infosec #malware #blueteam #dfir #IoC #hacking

submitted 84 days ago • 0 comments

Analysis from Cyble about Lumma Stealer and Amadey cyble.com/blog/threat-... #cybersecurity #detection #dfir #blueteam #malware #IoC

submitted 85 days ago • 0 comments

New analysis of Xworm malware by researchers at Quick Heal Security Labs reveals new infection tactics. Read the full report here: www.seqrite.com/blog/xworm-m... #CyberSecurity #Malware #Detection #DFIR #IoC #InfoSec #blueteam

submitted 85 days ago • 0 comments

Looking for open-source red teaming tools? This GitHub repo offers a ton of resources, regularly updated, and covering everything from defense evasion to persistence: 🔗 github.com/infosecn1nja... #CyberSecurity #RedTeam #ThreatHunting #InfoSec #EthicalHacking #PenTest

submitted 85 days ago • 0 comments

Interesting Celestial Stealer Analysis by Trellix. www.trellix.com/blogs/resear... #Cybersecurity #IoC #malware #DFIR #Detection #Blueteam

submitted 86 days ago • 0 comments

Great article from Zscaler ThreatLabz about RevC2 and Venom Loader If you don't know about ThreatLabz, check their website and github with interesting ressources: github.com/ThreatLabz/ www.zscaler.com/blogs/securi... #Malware #IoC #Blueteam #Detection #CyberSecurity #Infosec #Zscaler #hacking

submitted 86 days ago • 0 comments