Un rappel utile.

SwiftOnSecurity Did you know you just dropped a 0day on twitter? 😂

🎁 #Concours 🎁 A peine annoncée, déjà à gagner ! 😱🔥 Gagne la toute nouvelle Nvidia GeForce #RTX3090 ! 🔥🔥 Pour participer ✅ Follow ✅ #RT ce Tweet 🗓 TAS le 15/09

Opened a fun bug (or is it backdoor?) in a "hidden" COM server which adds a certain Mr DeYoung as an Administrator to your computer with no password. bugs.chromium.org/p/project-zero….

Once again DNS is doomed.

Verifying myself: I am waldh4ri on Keybase.io. pBPsQMOnAIVj6h0w5pZvFx3qdyWqPWZwOSzI / keybase.io/waldh4ri/sigs/…

The Windows EoP 0-day pack used by PuzzleMaker relies a very rare "PreviousMode" technique that we have seen before with the CHAINSHOT framework. Deep root cause analysis and IOCs: securelist.com/puzzlemaker-ch…

BlackMatter ransomware group has announced they're shutting down operations following pressure from local authorities - they state key members are no longer 'available'. Image 1. BlackMatter RaaS announcement of operations shutting down Image 2. Russian translated to English

On va pas se mentir, à lire les réponses ca fait peur de voir à qui on accorde du crédit pour parler de sécurité.

Mais pourquoi doit-on perdre un temps précieux avec ça une fois de plus : bien sûr que oui, l’humain est allé sur la lune pendant les missions Apollo. Et on va y retourner.

The last part of A New Attack Surface on MS Exchange - #ProxyRelay is out! Have also left some final thoughts on the Closing part. Hope you all enjoy this journey :D blog.orange.tw/2022/10/proxyr…

An unknown 🐼APT discovered by ExaTrack🔥Our team identified an implant and a rootkit targeting Linux systems 🔎We traced the infrastructure used by the attackers and analyzed their backdoors to share a blog post and 70 indicators (including 3 Yara rules)! blog.exatrack.com/melofee/

Mandiant IR has discovered new insights into UNC3886 intrusions including a new VMware zero day vulnerability (CVE-2023-20867), leveraging VMCI sockets, and additional tampering on systems which generally do not support EDR. Check out the new blog here: mandiant.com/resources/blog…

After nearly 10 years of existence, years of use in production on 10k+ computers. The new PythonForWindows release is 1.0.0 \o/ This release adds three important things: official python 3 support, full Unicode support for py2/py3 & CI testing on GitHub ! github.com/hakril/PythonF…

Kdrill, an open source tool to check if your kernel is rootkited🔥 A python tool to analyze memory dumps AND live kernel. No dep, py2/3, no symbols 💪 It rebuild on the fly kernel structs and check suspicious modifications (and if patchguard is running 👀) github.com/ExaTrack/Kdrill

New ExaTrack blogpost - STUBborn: Activate and call DCOM objects without proxy blog.exatrack.com/STUBborn/

In our search for new forensic artifacts at ExaTrack, we sometimes deep dive into Windows Internals. This one is about COM and interacting with remote objects using a custom python LRPC Client. STUBborn: Activate and call DCOM objects without proxy: blog.exatrack.com/STUBborn/

I just reached 600 stars on PythonForWindows ! \o/ github.com/hakril/PythonF…