pip0
@pipzero.bsky.social
Information security practitioner.
All things cti collection.
All things cti collection.
Reposted by pip0
Members of Gen Digital Threat Labs uncover two new DPRK toolsets - Kimsuky’s HttpTroy backdoor and Lazarus’s upgraded BLINDINGCAN remote access tool - and explain how these tools work. www.gendigital.com/blog/insight...
November 3, 2025 at 12:11 PM
Members of Gen Digital Threat Labs uncover two new DPRK toolsets - Kimsuky’s HttpTroy backdoor and Lazarus’s upgraded BLINDINGCAN remote access tool - and explain how these tools work. www.gendigital.com/blog/insight...
Reposted by pip0
🚨 The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions!
Deep dive analysis in this obfuscated campaign including (PowerShell & VBS scripts, PE malware, Malicious browser extensions even stegomalware)
Enjoy reading securitylabs.datadoghq.com/articles/mut...
Deep dive analysis in this obfuscated campaign including (PowerShell & VBS scripts, PE malware, Malicious browser extensions even stegomalware)
Enjoy reading securitylabs.datadoghq.com/articles/mut...
The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions | Datadog Security Labs
Analysis of a threat actor campaign targeting Solidity developers via three malicious VS Code extensions
securitylabs.datadoghq.com
May 21, 2025 at 12:10 PM
🚨 The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions!
Deep dive analysis in this obfuscated campaign including (PowerShell & VBS scripts, PE malware, Malicious browser extensions even stegomalware)
Enjoy reading securitylabs.datadoghq.com/articles/mut...
Deep dive analysis in this obfuscated campaign including (PowerShell & VBS scripts, PE malware, Malicious browser extensions even stegomalware)
Enjoy reading securitylabs.datadoghq.com/articles/mut...
Leaving SF right in time before all the AI diarrhea. Thank you Hack The Bay and Pacific Hackers for having me, I’ll be back next year.
April 29, 2025 at 3:19 AM
Leaving SF right in time before all the AI diarrhea. Thank you Hack The Bay and Pacific Hackers for having me, I’ll be back next year.
Reposted by pip0
Elastic Security Labs researchers report on Outlaw, a persistent yet unsophisticated auto-propagating Linux coinminer. Despite lacking stealth and advanced evasion techniques, it remains active and effective by leveraging simple but impactful tactics. www.elastic.co/security-lab...
April 2, 2025 at 12:19 PM
Elastic Security Labs researchers report on Outlaw, a persistent yet unsophisticated auto-propagating Linux coinminer. Despite lacking stealth and advanced evasion techniques, it remains active and effective by leveraging simple but impactful tactics. www.elastic.co/security-lab...
Reposted by pip0
Green card holders detained. A French researcher denied entry for anti-Trump messages. A new travel ban on 40+ countries coming.
Given all these encroachments on travelers' civil liberties, we've updated our guide to digital privacy while crossing US borders. www.wired.com/2017/02/guid...
Given all these encroachments on travelers' civil liberties, we've updated our guide to digital privacy while crossing US borders. www.wired.com/2017/02/guid...
How to Enter the US With Your Digital Privacy Intact
Crossing into the United States has become increasingly dangerous for digital privacy. Here are a few steps you can take to minimize the risk of Customs and Border Patrol accessing your data.
www.wired.com
March 24, 2025 at 6:29 PM
Green card holders detained. A French researcher denied entry for anti-Trump messages. A new travel ban on 40+ countries coming.
Given all these encroachments on travelers' civil liberties, we've updated our guide to digital privacy while crossing US borders. www.wired.com/2017/02/guid...
Given all these encroachments on travelers' civil liberties, we've updated our guide to digital privacy while crossing US borders. www.wired.com/2017/02/guid...
Reposted by pip0
JPCERT/CC's 佐々木 勇人 (Hayato Sasaki) looks into the practical challenges of attribution in the case of Lazarus’s subgroup. blogs.jpcert.or.jp/en/2025/03/c...
March 25, 2025 at 1:58 PM
JPCERT/CC's 佐々木 勇人 (Hayato Sasaki) looks into the practical challenges of attribution in the case of Lazarus’s subgroup. blogs.jpcert.or.jp/en/2025/03/c...
Reposted by pip0
Both Wiz and Palo Alto Networks have found evidence that the compromise of the Changed-Files GitHub Action might have been a complex multi-tier supply chain attack targeting tools used by Coinbase developers
www.wiz.io/blog/new-git...
unit42.paloaltonetworks.com/github-actio...
www.wiz.io/blog/new-git...
unit42.paloaltonetworks.com/github-actio...
March 23, 2025 at 12:27 PM
Both Wiz and Palo Alto Networks have found evidence that the compromise of the Changed-Files GitHub Action might have been a complex multi-tier supply chain attack targeting tools used by Coinbase developers
www.wiz.io/blog/new-git...
unit42.paloaltonetworks.com/github-actio...
www.wiz.io/blog/new-git...
unit42.paloaltonetworks.com/github-actio...
Reposted by pip0
AI and blockchain software expert Armin Ranjbar released Landrun, a lightweight, secure sandbox for running Linux processes
github.com/Zouuup/landrun
github.com/Zouuup/landrun
GitHub - Zouuup/landrun: Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked into the kernel.
Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked into the kernel. - Zouuup/landrun
github.com
March 23, 2025 at 2:00 PM
AI and blockchain software expert Armin Ranjbar released Landrun, a lightweight, secure sandbox for running Linux processes
github.com/Zouuup/landrun
github.com/Zouuup/landrun
Reposted by pip0
Someone has done an excellent job collecting RATs and documenting them by version. They also included images.
A+ work. This is amazing (we're going to ingest this eventually)
github.com/Cryakl/Ultim...
A+ work. This is amazing (we're going to ingest this eventually)
github.com/Cryakl/Ultim...
GitHub - Cryakl/Ultimate-RAT-Collection: For educational purposes only, exhaustive samples of 450+ classic/modern trojan builders including screenshots.
For educational purposes only, exhaustive samples of 450+ classic/modern trojan builders including screenshots. - Cryakl/Ultimate-RAT-Collection
github.com
March 22, 2025 at 5:25 PM
Someone has done an excellent job collecting RATs and documenting them by version. They also included images.
A+ work. This is amazing (we're going to ingest this eventually)
github.com/Cryakl/Ultim...
A+ work. This is amazing (we're going to ingest this eventually)
github.com/Cryakl/Ultim...
Reposted by pip0
⚠️🧵 RL researchers have found 2 malicious #VSCode extensions, "ahban.shiba" & "ahban.cychelloworld," that deliver #ransomware in development to it's users. #Dev #SoftwareSupplyChainSecurity
March 19, 2025 at 1:46 PM
⚠️🧵 RL researchers have found 2 malicious #VSCode extensions, "ahban.shiba" & "ahban.cychelloworld," that deliver #ransomware in development to it's users. #Dev #SoftwareSupplyChainSecurity
Reposted by pip0
Just over 600 GitHub repos were impacted by Changed-Files supply chain attack
www.endorlabs.com/learn/blast-...
www.endorlabs.com/learn/blast-...
March 20, 2025 at 12:04 AM
Just over 600 GitHub repos were impacted by Changed-Files supply chain attack
www.endorlabs.com/learn/blast-...
www.endorlabs.com/learn/blast-...
Reposted by pip0
Podcast: risky.biz/RBNEWS400/ (400, woohoo! 🎉)
Newsletter: risky.biz/risky-bullet...
-China says Taiwan's military is behind PoisonIvy APT
-Google buys Wiz for $32 billion
-11 APTs abuse a Windows zero-day
-Judge tells CISA to reinstate fired workers
-Supply-chain attack hits car dealership sites
Newsletter: risky.biz/risky-bullet...
-China says Taiwan's military is behind PoisonIvy APT
-Google buys Wiz for $32 billion
-11 APTs abuse a Windows zero-day
-Judge tells CISA to reinstate fired workers
-Supply-chain attack hits car dealership sites
March 19, 2025 at 9:23 AM
Podcast: risky.biz/RBNEWS400/ (400, woohoo! 🎉)
Newsletter: risky.biz/risky-bullet...
-China says Taiwan's military is behind PoisonIvy APT
-Google buys Wiz for $32 billion
-11 APTs abuse a Windows zero-day
-Judge tells CISA to reinstate fired workers
-Supply-chain attack hits car dealership sites
Newsletter: risky.biz/risky-bullet...
-China says Taiwan's military is behind PoisonIvy APT
-Google buys Wiz for $32 billion
-11 APTs abuse a Windows zero-day
-Judge tells CISA to reinstate fired workers
-Supply-chain attack hits car dealership sites
Reposted by pip0
If you're critical of the US government and you are planning to cross the US border any time soon, today is a good day to review EFF's border search pocket guide: www.eff.org/document/eff...
EFF Border Search Pocket Guide
border-pocket-guide-2.pdf
www.eff.org
March 19, 2025 at 7:46 PM
If you're critical of the US government and you are planning to cross the US border any time soon, today is a good day to review EFF's border search pocket guide: www.eff.org/document/eff...
Reposted by pip0
-43% of WP vulns last year didn't require authentication to exploit
-96% of WP vulns impacted plugins
-22 new WP vulns published daily
-over 500k WP websites hacked last year
patchstack.com/whitepaper/s...
-96% of WP vulns impacted plugins
-22 new WP vulns published daily
-over 500k WP websites hacked last year
patchstack.com/whitepaper/s...
March 17, 2025 at 11:43 PM
-43% of WP vulns last year didn't require authentication to exploit
-96% of WP vulns impacted plugins
-22 new WP vulns published daily
-over 500k WP websites hacked last year
patchstack.com/whitepaper/s...
-96% of WP vulns impacted plugins
-22 new WP vulns published daily
-over 500k WP websites hacked last year
patchstack.com/whitepaper/s...
Reposted by pip0
Introducing MalChela. A YARA and Malware Analysis utility written in Rust. #DFIR #MalwareAnalysis #YARA #Hashing
MalChela – A YARA and Malware Analysis Toolkit written in Rust
Saturday was for Python. Sunday was for Rust. After my success with the Python + YARA + Hashing, I decided to take things to the next level. Over the past few years I've created a number of Python and PowerShell scripts related to YARA and Malware Analysis. What if I combined them into a single utility? While we're at it, let's rewrite them all from scratch in Rust.
bakerstreetforensics.com
March 3, 2025 at 8:10 PM
Introducing MalChela. A YARA and Malware Analysis utility written in Rust. #DFIR #MalwareAnalysis #YARA #Hashing
Reposted by pip0
Xintra founder Lina Lau has published a report that untangles and puts more clarity on how Chinese authorities claim the Equation Group (US NSA) hacked the Xi'an Northwestern Polytechnical University
www.inversecos.com/2025/02/an-i...
www.inversecos.com/2025/02/an-i...
An inside look at NSA (Equation Group) TTPs from China’s lense
www.inversecos.com
February 19, 2025 at 9:25 PM
Xintra founder Lina Lau has published a report that untangles and puts more clarity on how Chinese authorities claim the Equation Group (US NSA) hacked the Xi'an Northwestern Polytechnical University
www.inversecos.com/2025/02/an-i...
www.inversecos.com/2025/02/an-i...
Agenda for SunSecCon is up www.sunseccon.org
Sun Security Con
SunSecCon
www.sunseccon.org
February 5, 2025 at 10:39 PM
Agenda for SunSecCon is up www.sunseccon.org
Reposted by pip0
Reposted by pip0
Elastic Security Labs' Remco Sprooten & Ruben Groenewoud analyse PUMAKIT, a loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers. www.elastic.co/security-lab...
January 20, 2025 at 10:31 AM
Elastic Security Labs' Remco Sprooten & Ruben Groenewoud analyse PUMAKIT, a loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers. www.elastic.co/security-lab...
Reposted by pip0
New research: We've been monitoring a threat actor publishing dozens of trojanized GitHub repositories targeting threat actors, leaking hundreds of thousands of credentials along the way
securitylabs.datadoghq.com/articles/mut...
securitylabs.datadoghq.com/articles/mut...
December 16, 2024 at 1:09 PM
New research: We've been monitoring a threat actor publishing dozens of trojanized GitHub repositories targeting threat actors, leaking hundreds of thousands of credentials along the way
securitylabs.datadoghq.com/articles/mut...
securitylabs.datadoghq.com/articles/mut...
Reposted by pip0
We are happy to introduce our latest tool "Supply Chain Firewall" 🎉 by @ikretz.bsky.social
The tool detects & prevents installation of malicious packages in local development environment.
Read more
securitylabs.datadoghq.com/articles/int...
And give it a try github.com/DataDog/supp...
The tool detects & prevents installation of malicious packages in local development environment.
Read more
securitylabs.datadoghq.com/articles/int...
And give it a try github.com/DataDog/supp...
Introducing Supply-Chain Firewall: Protecting Developers from Malicious Open Source Packages | Datadog Security Labs
Release of Supply-Chain Firewall, an open source tool for preventing the installation of malicious PyPI and npm packages
securitylabs.datadoghq.com
December 6, 2024 at 12:19 PM
We are happy to introduce our latest tool "Supply Chain Firewall" 🎉 by @ikretz.bsky.social
The tool detects & prevents installation of malicious packages in local development environment.
Read more
securitylabs.datadoghq.com/articles/int...
And give it a try github.com/DataDog/supp...
The tool detects & prevents installation of malicious packages in local development environment.
Read more
securitylabs.datadoghq.com/articles/int...
And give it a try github.com/DataDog/supp...
December 6, 2024 at 3:57 AM
Reposted by pip0
Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Calls to this function are then inserted in various places that (legitimately) access the private key.
December 3, 2024 at 11:47 PM
Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Calls to this function are then inserted in various places that (legitimately) access the private key.
Reposted by pip0
🚨 A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular #Solana web3.js library. The injected code captures private keys and transmits them to a hardcoded address. This is a developing story. socket.dev/blog/supply-... #crypto #cybersecurity
Supply Chain Attack Detected in @solana/web3.js Library - So...
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
socket.dev
December 3, 2024 at 10:10 PM
🚨 A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular #Solana web3.js library. The injected code captures private keys and transmits them to a hardcoded address. This is a developing story. socket.dev/blog/supply-... #crypto #cybersecurity