CyberRaiju's Avatar

CyberRaiju

@jaiminton.com

An Aussie who does cyber things | Sr. Manager @Huntress.com | Former Principal @CrowdStrike.com and HuntressLabs | https://jaiminton.com | https://www.youtube.com/@cyberraiju/featured

287
Followers 380
Following 38
Posts 08.12.2024
Joined
Posts Following

Latest posts by CyberRaiju @jaiminton.com

Preview
Ep3: Care to Exchange 0-days?

Episode 3 of Breach Log is now available! Whether you're heading into the weekend or beginning your Friday, I hope you can carve out a mere 20 minutes to enjoy another story from the vault of detecting and responding to hacks around the world.

open.spotify.com/episode/7MY3...

06.03.2026 09:38 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Breach Log - Behind every hack is a story to tell β€’ A podcast on Spotify for Creators Breaches happen every single day, and behind every breach is a story. These are the stories from those involved. It's the stories of those who found, or responded to a breach, or even those who were i...

If you've worked in Detection Engineering, Threat Hunting, Incident Response, or an adjacent field, or have been impacted by a breach and have a story to tell, get in contact I'd love to hear it and have you on the podcast.

Details on the about page.
creators.spotify.com/pod/profile/...

18.02.2026 08:25 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Spotify – Web Player

Episode 2 of Breach Log is now available! Special thanks to Max Margolis for joining me and telling his story.
If you have a story you'd like to share, get in contact and we can have some fun! breachlogpodcast [@] gmail[.]com
open.spotify.com/episode/4SDz...

08.02.2026 08:29 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

Please let me know your thoughts and feelings, and if you have a story to tell get in contact and we'll have a chat to get your story told with a format that has more back and forth 😁 πŸ™

12.01.2026 02:05 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
1: The Vampire RAT | Podcast Episode on RSS.com It's all fun and games until a researcher identifies a backdoor with ransomware capability, global victims, and hacked systems all around the world. Now if only someone would listen.This story comes f...

The first episode of a new podcast 'Breach Log' is now available.
If you like defensive cyber security stories being told then this may appeal to you. It's available on all good providers, but the RSS and Spotify link are below

RSS: rss.com/podcasts/bre...
Spotify: open.spotify.com/episode/4WVi...

12.01.2026 02:05 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 1

Our new research is now live, and it's full of juicy insights. From a log poisoning vulnerability, to an RMM you've likely never heard of, and a list of victim locations that span the globe! πŸ‘€ πŸ‘‡

10.10.2025 02:31 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Sign Up | LinkedIn 500 million+ members | Manage your professional identity. Build and engage with your professional network. Access knowledge, insights and opportunities.

As of Thurs Aug 14th we're seeing clear indications that a threat actor has now weaponised and is exploiting vulnerabilities in Axis camera software (CVE-2025-30023/4/5/6) which was presented at DEFCON.

Indicators on Xitter/LinkedIn

www.linkedin.com/posts/activi...

x.com/CyberRaiju/s...

16.08.2025 06:45 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Create tbb.yml by JPMinty Β· Pull Request #128 Β· wietze/HijackLibs New Octowave variant using this to deliver ACR/Amatera Stealer

Masquerading as `IO Broker Installer` on disk from the compiled MSI that seems to have artifacts from a SyslogCenter executable previously used by Octowave Loader that was still left in the MSI.

PR made to #hijacklibs github.com/wietze/Hijac...

24.06.2025 03:11 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
VirusTotal VirusTotal

TBB: www.virustotal.com/gui/file/f5c...

APP-2.3: www.virustotal.com/gui/file/b50...

ZXING:
www.virustotal.com/gui/file/f4c...

XCEED:
www.virustotal.com/gui/file/118...

BLOOD:
www.virustotal.com/gui/file/d96...

24.06.2025 03:11 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

Adobe printer driver sideloads tbb.dll, tbb.dll loads app-2.3.dll which gets stego from blood.wav, uses zxing.presentation.dll and Xceed.Wpf.AvalonDock.Themes.Aero.dll

MSI:
www.virustotal.com/gui/file/f5c...

Components all with 0 VT detections. DLLs are legitimate ones that were modified.

24.06.2025 03:11 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

New Octowave Loader sample is leading to Amatera Stealer deployment over the past week.

0 VT detections on any component of the malware loader.
Proofpoint rules detect the outbound C2 traffic.
My Yara rule detects the installer.

24.06.2025 03:11 πŸ‘ 6 πŸ” 4 πŸ’¬ 2 πŸ“Œ 0
Preview
Job Security in Cyber Security is Changing At what point is your β€œsecure” job at risk?

I've been thinking a lot about recent layoffs, AI advancements, and what it means for this industry as a whole. Hopefully at least some of this resonates with others and hits the mark.

www.jaiminton.com/internal-blo...

16.05.2025 08:10 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 1
Post image

Their latest version 52 fixes the issue, but you need to have 50 installed to install 52, this is not a standalone installer, just an update, and the old versions are still the default download on their website.

eu.community.samsung.com/t5/samsung-s...

10.05.2025 03:05 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

Now in open Beta, simply upload an executable and the DLL it insecurely loads, fill in some extra fields and generate a rule

With a code editor and validation, this should make submitting to the project much easier!

Link: www.jaiminton.com/tools/hijack...
Direct: hijacklibs-assistant.streamlit.app

09.05.2025 08:18 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image Post image

HijackLibs.net details hundreds of publicly disclosed DLL Hijacking opportunities. With over 700 stars on GitHub and a growing list, @wietzebeukema.nl does an amazing job maintaining it.

Despite this contributing can be time consuming. That's why I've created HijackLibs Helper!πŸ‘‡

09.05.2025 08:18 πŸ‘ 3 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

We have reached out to Samsung. There is active exploitation in the wild.

Be sure to look for new files created in the server directory of your MagicInfo install, and child processes spawning from the Apache Tomcat process.

07.05.2025 07:08 πŸ‘ 0 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
Post image

The version offered on their website via the download button is currently not even the latest, so even if it was patched (it isn't, the vulnerable class has not changed at all) anyone downloading the software is getting an outdated version! No updates here:

security.samsungtv.com/securityUpda...

07.05.2025 07:08 πŸ‘ 0 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
Video thumbnail

I've confirmed Samsung's MagicINFO 21.1050 is VULNERABLE to the publicly reported POC in the blog below.

ssd-disclosure.com/ssd-advisory...

The media is reporting this as CVE-2024-7399, but if it is then the patch is incomplete. There is currently NO PATCH AVAILABLE!

07.05.2025 07:08 πŸ‘ 3 πŸ” 2 πŸ’¬ 1 πŸ“Œ 1
Post image

The DLLs and everything, currently undetected once again:
DLL1: www.virustotal.com/gui/file/888...
DLL2: www.virustotal.com/gui/file/ea3...
DLL3: www.virustotal.com/gui/file/0c6...
Malicious WAV Stego: www.virustotal.com/gui/file/93c...

22.04.2025 22:56 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image Post image

It keeps going, new sample: www.virustotal.com/gui/file/d70...
At the time of scanning 1 vendor detected it, still only 3 at the moment. Deploying LummaC2 unsurprisingly.
This time a binary signed by 'ONE UP LTD' from the Nuclear Coffee VideoGet application used to load into memory.πŸ‘‡

22.04.2025 22:56 πŸ‘ 1 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
Post image

MSI: www.virustotal.com/gui/file/625...

DLL1: www.virustotal.com/gui/file/dd9...

DLL2: www.virustotal.com/gui/file/ccf...

DLL3: www.virustotal.com/gui/file/3d7...

DLL4: www.virustotal.com/gui/file/d0f...

22.04.2025 21:21 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image Post image Post image

Likely from a fake Cloudflare challenge. Has 4 malicious DLLs, a Progress.pak supporting file, and shellcode inside of Presentations\Application.wav

Deploys LummaC2 into memory which is now using both Telegram channel and Steam Community names for C2 fallback.

πŸ‘‡

22.04.2025 21:21 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

Another notable Octowave Loader sample with installer MSI showing low VT hits, and malicious DLL's being completely undetected. Sideloads into the legitimate Audacity.

Installs itself as 'Directory Converter' in the user LocalAppData 'Programs' directory.

πŸ‘‡

22.04.2025 21:21 πŸ‘ 2 πŸ” 1 πŸ’¬ 2 πŸ“Œ 0
DISCORD "try my game" MALWARE | Reverse Engineering Leet Stealer, Electron Malware Used By HACKERS
DISCORD "try my game" MALWARE | Reverse Engineering Leet Stealer, Electron Malware Used By HACKERS YouTube video by Jai Minton - CyberRaiju

New video released πŸŽ‰: Once again looking at malware sent over Discord, but this time we can analyse it statically after performing AES decryption. You may also see reference in the video to some stealers which have since shutdown or rebranded 😎 Enjoy!
www.youtube.com/watch?v=knu0...

03.04.2025 11:34 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Hacking Gandalf AI (LLM) to reveal SECRETS | Basic PROMPT INJECTION techniques
Hacking Gandalf AI (LLM) to reveal SECRETS | Basic PROMPT INJECTION techniques YouTube video by Jai Minton - CyberRaiju

Are you interested in Generative AI and πŸ’‰ Prompt Injection techniques? I've just released a short video exploring the Main Gandalf challenge by Lakera AI and how you can convince πŸ§™β€β™‚οΈ to give you his secrets through specifically crafted prompts.

Enjoy!

www.youtube.com/watch?v=pQ5K...

23.03.2025 01:39 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Forget FAKE CAPTCHAs, I got MALWARE via a REAL CAPTCHA! | I2Parcae Malware Analysis
Forget FAKE CAPTCHAs, I got MALWARE via a REAL CAPTCHA! | I2Parcae Malware Analysis YouTube video by Jai Minton - CyberRaiju

Just released πŸŽ‰ In classic copycat form, now we have real CAPTCHAs protecting fake installers that use the ClickFix 'WIN + R technique'πŸ€¦β€β™‚οΈ. New video released where I fail a legitimate CAPTCHA multiple times while searching for malware πŸ˜‚

youtu.be/LrOJBiWOHbE

15.03.2025 21:16 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 1
I found MALWARE inside of MUSIC! (Octowave Steganography Malware Analysis)
I found MALWARE inside of MUSIC! (Octowave Steganography Malware Analysis) YouTube video by Jai Minton - CyberRaiju

I took a look at a new malware loader which uses steganography within WAV 🌊 files to deliver its payload on an endpoint. Enjoy!

www.youtube.com/watch?v=NiNI...

04.03.2025 10:26 πŸ‘ 5 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Post image

Termite had access to Genea for 2 weeks through their Citrix environment before exfiltrating 900gb+ of patient records to Digital Ocean.

This is an org that helps couples have a family.

🀬😑

www.genea.com.au/pages/import...

www.genea.com.au/sfsites/c/cm...

27.02.2025 04:08 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
HISAC - High Impact Security Analysis and Communication How to be a well rounded SOC/MDR/Cyber/Information Security Analyst.

I frequently get asked is "what skills do I need need to excel as an analyst", so I figure this is a good opportunity to shed some light on what analysis is, and why certifications alone won't make you a good analyst.

www.jaiminton.com/high-impact-...

02.02.2025 09:28 πŸ‘ 8 πŸ” 4 πŸ’¬ 0 πŸ“Œ 1
Preview
fasthttp Used in New Bruteforce Campaign SpearTip Security Operations Center, together with the SaaS Alerts team, identified an emerging threat involving the fastHTTP library

This is really big at the moment and you should absolutely be looking at your M365 logs to identify this activity.

www.speartip.com/fasthttp-use...

We're observing a large number of IPs involved after successful authentication, but a common IP is 113.23.43[.]76

21.01.2025 04:19 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0