y0sh1mitsu

🔥 We're hiring Senior and Lead Offensive Security Engineers at Humana's Cyber Threat Simulation Program! | Robert Pimentel 🔥 We're hiring Senior and Lead Offensive Security Engineers at Humana's Cyber Threat Simulation Program! 🔥 You'll be: 💥 Running high-fidelity threat simulations 💥 Working side-by-side with our Red Team on covert campaigns 💥 Partnering on Purple Team ops to emulate real threat actors 💥 Targeting and testing specific countermeasure stacks You'll have full access to HTB Pro Labs, role-based certification paths, conference and training budgets, and Fridays set aside for R&D (LLMs, malware development, AI, and more). 👊 What we're looking for: - Python-fluent operators who can turn threat intel into test cases. - Folks who don't just ask "can we test this?" - You already did. - People who thrive in remote, high-autonomy roles. - Engineers and leaders who want to influence detection and defense at scale 🔗 Links: 👉 Senior Offensive Security Engineer: https://lnkd.in/d7SH9BFC 👉 Lead Offensive Security Engineer: https://lnkd.in/d_dtjGmr Feel free to message me if you have any questions, and repost for others who might be interested! #RedTeam #OffensiveSecurity #BugBounty #PenetrationTesting #AdversarySimulation

The job posts here are a good example of how companies are starting to recognize the value of students learning from OST2 and seek self-starter employees who are using our classes to skill up! www.linkedin.com/posts/piment...

Week 25 – 2025 Use the discount code thisweekin4n6 for 15% off any class at Cyber5w.Use the code PM15 or click this link for 15% your next Hexordia classTakes a class with me! Akash PatelDigging into Google Analy…

Week 25 - 2025 #DFIR
thisweekin4n6.com/2025/06/22/w...

Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428) Keeping your ears to the ground and eyes wide open for the latest vulnerability news at watchTowr is a given. Despite rummaging through enterprise code looking for 0days on a daily basis, our interest...

When the vulnerability in third-party code isn't in the third-party code:

labs.watchtowr.com/expression-p...

Congratulations to all of the Volatility contributors - this was no small feat! We are proud to be a sustaining sponsor of this important open-source project that remains the world’s most widely used memory forensics platform. #dfir

#ESETresearch, in collaboration with #Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, has helped disrupt #LummaStealer – a notorious malware-as-a-service infostealer. @jakubtomanek.bsky.social www.welivesecurity.com/en/eset-rese... 1/5

Dropping new research - this time on recent #XDSpy operations. Out of hundreds of LNK files leveraging ZDI-CAN-25373, we isolated a tiny cluster using an additional LNK parsing trick, leading us to uncover a multi-stage infection chain actively targeting government entities

How you qualify an incident determines how well you’ll contain it.

I broke down my real-world process for getting accurate, useful answers fast, even when the info is chaotic or wrong.

If you’re in DFIR, this one’s for you !

y0sh1mitsu.github.io/posts/qualif...

Check out our new report on a TA4557 intrusion.

Make sure your team that handles resumes recognises these fake lures!

Investments in EU cybersecurity startups is lagging way behind both the US and Israel... by a lot-lot!

PDF: www.tikehaucapital.com/~/media/File...

Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers | TechCrunch The Taiwanese hardware maker says it has no plans patch the flaws impacting legacy router models

Zyxel has no plans to release patches for two zero-days under attack and is advising customers to replace vulnerable routers. The company says these devices have been “EOL for years” - but the devices are not on Zyxel’s EOL page, and some are still available to buy techcrunch.com/2025/02/05/r...

The best way to start with malware reverse engineering is to start reverse engineering malware.

There’s a ton of free samples everywhere (shout out to @vxundergroundre.bsky.social).

If you want to start with Android take a look at the link below

maldroid.github.io/android-malw...

🚀 New OpenRelik release

Role-based access control, folder sharing, database improvements, optimisations for file listings, chunked file uploads, bug fixes and refactoring efforts to improve stability.

📝 https://openrelik.org/changelog/
🔗 https://discord.gg/hg652gktwX

#DFIR

Bootkitty: Analyzing the first UEFI bootkit for Linux ESET's discovery of the first UEFI bootkit designed for Linux sendss an important message: UEFI bootkits are no longer confined to Windows systems alone.

#ESETresearch reveals the first Linux UEFI bootkit, Bootkitty. It disables kernel signature verification and preloads two ELFs unknown during our analysis. Also discovered, a possibly related unsigned LKM – both were uploaded to VT early this month. www.welivesecurity.com/en/eset-rese... 🧵

Vx Underground The largest collection of malware source code, samples, and papers on the internet.

Good morning, or evening.

After a months, we're finally releasing the Dispossessor ransomware leaks. They're now available to download.

Please exercise extreme caution. This archive contains ransomware payloads.

vx-underground.org/Archive/Disp...

The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...

Excited that we @volexity.com are able to share a writeup of one of our most interesting incidents! This case involves:

* A 0-day exploit
* Physical trips to the customer site to determine root cause
* Compromise via Wi-Fi.

www.volexity.com/blog/2024/11...

#nearestneighbor #threatintel

DPRK IT Workers | A Network of Active Front Companies and Their Links to China SentinelLabs has identified multiple deceptive websites linked to businesses in China fronting for North Korea's fake IT workers scheme.

🚨 New Research Drop:

🇰🇵 DPRK IT Workers | A Network of Active Front Companies and Their Links to China

Summary:
⚪ Newly Disrupted Front Companies by USG
⚪ Impersonating US based software and tech orgs
⚪ Links to still-active front orgs, CN association

Report:
www.sentinelone.com/labs/dprk-it...

Cyberattackers may have compromised lots of organizations by exploiting two zero-day vulnerabilities found in widely used Palo Alto Networks systems. unit42.paloaltonetworks.com/cve-2024-001...

Podcast: risky.biz/RBNEWS364/
Newsletter: news.risky.biz/risky-biz-ne...

-US charges five Scattered Spider members
-Apple fixes macOS zero-days
-T-Mobile finally stops a breach
-US takes down PopeyeTools carding portal
-Thailand throws out NSO lawsuit
-Microsoft develops something dumb, part 9,136

Uncover one of Volexity's toughest cases!

Join Steven Adair at #CYBERWARCON as he details how his team traced a major incident to a Russian APT, tackling zero-day exploits and stealthy tactics.

Don’t miss it—grab your ticket! 🎟️
www.cyberwarcon.com/registration

📑 Detection Lists 📑

github.com/mthcht/awesome…

#ThreatHunting #DFIR #SOC

BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s ...

@volexity.bsky.social has published a blog post detailing variants of LIGHTSPY & DEEPDATA malware discovered in the summer of 2024, including exploitation of a vulnerability in FortiClient to extract credentials from memory. Read more here: www.volexity.com/blog/2024/11...

Hello! 👋 Joining all the cool kids over here. Follow @13Cubed.bsky.social for 13Cubed content.

#Linux lacks a resource like the Windows Master File Table ($MFT). I've developed this #Velociraptor artifact to collect metadata from files and folders recursively in selected paths to create a bodyfile. This may bring an MFT-like feel to filesystem analysis. #dfir

github.com/chrisdfir/Ve...

Supply chain malware from an infected game mod 🤯😱 Long-form reverse engineering and a WILD ride: Binary Ninja, x64dbg, 010 Editor, PEB walking, reworking API function hashing in Python, DLL search-order hijacking, hooked functions & more. MASSIVE video: jh.live/bvyklJ5Wie0

Improving Private Signal Calls: Call Links & More If you love group calls on Signal, but don’t want to create a group chat for every combination of your friends or colleagues, you’re in luck. Today we’re launching call links: Share a link with anyone on Signal and in just a tap or click they can join the call. No group chat required.

Signal just released a ton of new call features that would be perfect for organizing, hint hint.

signal.org/blog/call...