Ronnie Salomonsen (@r0ns3n.dk)

Windows Remote Desktop Protocol: Remote to Rogue | Google Cloud Blog A novel phishing campaign by Russia-nexus espionage actors targeting European government and military organizations.

Excellent breakdown of the “Rogue RDP” TTP we’ve seen susp Russian APT UNC5837 using in their campaigns written by my colleague Rohit (@IzySec over on X)

07.04.2025 15:06 👍 16 🔁 8 💬 0 📌 0

Windows Remote Desktop Protocol: Remote to Rogue | Google Cloud Blog A novel phishing campaign by Russia-nexus espionage actors targeting European government and military organizations.

Windows Remote Desktop Protocol: Remote to Rogue
cloud.google.com/blog/topics/...

07.04.2025 15:18 👍 3 🔁 1 💬 0 📌 0

Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud Blog We discovered China-nexus threat actors deployed custom backdoors on Juniper Networks’ Junos OS routers.

Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers @googlecloud cloud.google.com/blog/topics/...

13.03.2025 16:14 👍 1 🔁 0 💬 0 📌 0

CVE-2023-6080: A Case Study on Third-Party Installer Abuse | Google Cloud Blog Mandiant exploited flaws in the Microsoft Software Installer repair action of Lakeside Software's SysTrack installer to obtain arbitrary code execution.

CVE-2023-6080: A Case Study on Third-Party Installer Abuse @googlecloud cloud.google.com/blog/topics/...

03.02.2025 20:29 👍 0 🔁 0 💬 0 📌 0

ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator | Google Cloud Blog We been tracking multiple espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW malware.

ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator @googlecloud cloud.google.com/blog/topics/...

29.01.2025 05:43 👍 0 🔁 0 💬 0 📌 0

The latest Volatility 3 is now available at https://github.com/volatilityfoundation/volatility3/releases

@volatilityfoundation.org New Release: #volatility3 v2.11.0 - visit github.com/volatilityfo... for details and downloads.

#memoryforensics #dfir

17.01.2025 17:50 👍 4 🔁 5 💬 0 📌 0

New to Google Secops: Top Ten YARA-L Rules Troubleshooting Tips I’ve been asked a few times in the past month for tips that I use to troubleshoot YARA-L rules. As I thought about it, I realized this covers a lot of ground because when building detection logic, we ...

New to Google Secops: Top Ten YARA-L Rules Troubleshooting Tips www.googlecloudcommunity.com/gc/Community...

19.12.2024 06:54 👍 2 🔁 0 💬 0 📌 0

XRefer: The Gemini-Assisted Binary Navigator | Google Cloud Blog A Gemini-powered tool to reduce response and triage time when faced with increasingly large and complex malware.

XRefer: The Gemini-Assisted Binary Navigator @googlecloud cloud.google.com/blog/topics/...

14.12.2024 21:15 👍 2 🔁 1 💬 0 📌 1

cloud.google.com/blog/topics/...

05.12.2024 15:54 👍 0 🔁 0 💬 0 📌 0

cloud.google.com/blog/topics/...

04.12.2024 18:25 👍 1 🔁 0 💬 0 📌 0

virustotal.github.io/yara-x/blog/...

04.12.2024 14:40 👍 0 🔁 0 💬 0 📌 0

yay this feature is built into bluesky yay

02.12.2024 06:41 👍 58 🔁 7 💬 3 📌 0

AI Enhancing Your Adversarial Emulation | Google Cloud Blog Learn how Mandiant Red Team is using Gemini and LLMs for adversarial emulation and defense.

Nice write up from Mandiant on some practical use cases for leveraging AI to help red team operations. What are some other use cases ya’ll are thinking of? cloud.google.com/blog/topics/...

17.11.2024 01:16 👍 2 🔁 1 💬 1 📌 0

How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends | Google Cloud Blog Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild.

The bad guys are moving faster.

Mandiant analyzed 138 vulnerabilities. 97 of them were exploited before patches were available.

#cyber

cloud.google.com/blog/topics/...

19.11.2024 14:30 👍 0 🔁 1 💬 0 📌 0

Looking for more people to follow on BlueSky? Find the @curatedintel.bsky.social folks here: go.bsky.app/Kfp62Uh

18.11.2024 16:11 👍 28 🔁 17 💬 3 📌 1

I made a Detection Engineering starter pack, will be adding more as more folks jump over to bluesky! go.bsky.app/HenXJUR

18.11.2024 15:37 👍 124 🔁 54 💬 7 📌 3

two men are standing next to each other with the words " we open it up " on the screen ALT: two men are standing next to each other with the words " we open it up " on the screen

#PIVOTcon25 registration is now OPEN 🤟📥📥📥
pivotcon.org
#CTI #ThreatResearch #ThreatIntel
Please read carefully the whole 🧵 for the rules about invite -> registration (1/5)

19.11.2024 14:00 👍 42 🔁 22 💬 2 📌 11

Empowering Gemini for Malware Analysis with Code Interpreter and Google Threat Intelligence | Google Cloud Blog When used for malware analysis, Gemini now has capabilities to address obfuscation, and obtain insights on IOCs.

cloud.google.com/blog/topics/...

19.11.2024 16:09 👍 1 🔁 0 💬 0 📌 0

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion | Google Cloud Blog A campaign targeting Snowflake customer database instances with the intent of data theft and extortion.

#UNC5537 proved to be one of the most consequential threat actors of 2024 when they launched a campaign in April 2024 that systematically compromised misconfigured SaaS instances across over a hundred organizations.

cloud.google.com/blog/topics/...

18.11.2024 17:10 👍 2 🔁 1 💬 1 📌 0

Hello World

18.11.2024 06:57 👍 3 🔁 0 💬 1 📌 0

Ronnie Salomonsen

Latest posts by Ronnie Salomonsen @r0ns3n.dk