Discover and read the best of Twitter Threads about #threatintelligence

Most recents (10)

10 ways to use awk for hackers! πŸš€ πŸ§΅πŸ‘‡ Image
1️⃣ Extracting Specific Columns from a CSV File

Quickly extract email addresses and phone numbers from a huge contact list.

#DataExtraction #EthicalHacking Image
2️⃣ Filtering Lines Based on a Pattern

Filter out sensitive information like passwords from log files.

#LogAnalysis #Security Image
Read 11 tweets
πŸ“’I recently investigated a campaign targeting the cryptocurrency industry. I wrote a detailed report that includes TTP, IOC and more. Here is a thread about this attack! πŸ§΅πŸ‘‡

@MsftSecIntel @MicrosoftAU #infosec #cryptocurrency #threatintelligence #apt

microsoft.com/en-us/security…
The attack started on Telegram to identify the targets, then they deployed a weaponized Excel document which finally delivered the final backdoor through multiple mechanisms. ☠☠️ #infosec #malware #backdoor
🧐To identify the targets, the threat actor sought out members of cryptocurrency investment groups on Telegram.

πŸ‘€They created fake profiles using details from employees of the company OKX. #infosec #Cryptocurency
Read 14 tweets
Hey there, today we have something special for you.

Here's a list of SPY/INTELLIGENCE agencies across the world. πŸ•΅οΈβ€β™€οΈπŸ•΅πŸŒπŸ”Ž

#ThreatHunting #threatintelligence #ThreatIntel #military #OSINT

1. RAW (Research & Analysis Wing), India
Formed: 21 September 1968
2. CIA (Central Intelligence Agency), USA
Formed: September 18, 1947
#ThreatHunting #threatintelligence #ThreatIntel #military #OSINT
3. Mossad, Israel
Formed: 13 December 1949 (as the Central Institute for Coordination)
#ThreatHunting #threatintelligence #ThreatIntel #military #OSINT
Read 12 tweets
Hey #OSINT, you might have heard about @spiderfoot, let's try to learn what it does the best. #ThreatHunting #threatintelligence #recon #infosec

A threadπŸ‘‡
SpiderFoot is a reconnaissance tool that automatically queries over 100 public data sources (OSINT) to gather intelligence on IP addresses, domain names, e-mail addresses, names and more.
#ThreatHunting #threatintelligence #recon #infosec #OSINT
You simply specify the target you want to investigate, pick which modules to enable and then SpiderFoot will collect data to build up an understanding of all the entities and how they relate to each other.
#ThreatHunting #threatintelligence #recon #infosec #OSINT
Read 6 tweets
A list of top 10 popular malware reports that every Malware Analyst should check out

Take a look at these excellent Malware analysis reports

#malware #ThreatHunting #threatintelligence #fireye #virus #Talos @TalosSecurity #linux #hacking #networks #rootkits

πŸ‘‡πŸ‘‡
1⃣ CheckPoint - SpeakUp: A New Undetected Backdoor Linux Trojan

πŸ”—
research.checkpoint.com/2019/speakup-a…
2⃣ First Sednit UEFI Rootkit unveiled

πŸ”—
mirror.netcologne.de/CCC/congress/2…
Read 11 tweets
Save this list of resources for your future #OSINT Investigations!

intelx.io: Search engine for data breaches
netlas.io: Search & monitor devices connected to the internet
urlscan.io: Scan a website incoming and outgoing links and assets
prowl.lupovis.io: Free IP search & identifications of IoC and IoA
fullhunt.io: Identify an attack surface
zoomeye.org: Cyberspace search engine, users can search for network devices
leakix.net: Identify public data leaks
greynoise.io: Search for devices connected to the internet
search.censys.io: Get information about devices connected to the internet
hunter.io: Search for email addresses
Read 6 tweets
Facebook’s @ngleicher was right about linking #APT32 to CyberOne and here is why:
As per Group-IB #ThreatIntelligence & #Attribution the domain cbo[.]group had an IP 45[.]61[.]136[.]214 in the A-record. On this IP address, we detected a unique SSH 4b390f0b7125c0d01fe938eb57d24051 Image
According to Group-IB Graph Network Analysis, this fingerprint was also seen on 30 other hosts including on 45[.]61[.]136[.]166 and 45[.]61[.]136[.]65. Both were used to deploy a uniquely configured #CobaltStrike framework, used exclusively by #APT32 aka #OceanLotus Image
All the listed IPs belong to the autonomous network - AS53667 within the range of 45.61[.]128[.]0 to 45[.]61[.]191[.]255. We've also seen #APT32 hosting #CobaltStrike on the 45[.]61[.]139[.]211, which was indicated in the A-record of feeder[.]blogdns[.]com
Read 3 tweets
Looking for the ultimate list of #CyberSecurity books you should read in 2021?!

Hold on a secon, cause here we go!
Please fav your top entries and comment your own picks bellow. And please please retweet to make this list a huge one. #InfoSec
Social Engineering: The Science of Human Hacking, 2nd Edition by the @humanhacker Christopher Hadnagy #socialengineering

amazon.com/-/dp/111943338…
Threat Modeling: Designing for Security (Englisch) Taschenbuch by
@adamshostack
#cybersecurity #threatmodelling #stride

amazon.com/-/dp/111880999…
Read 11 tweets
A thread on bad analysis. When #ThreatIntel analysts want to show off their Foreign Policy and Economist subscription status after reading the Russian foreign policy Wikipedia page /n #threatintelligence #cybersecurity #infosec Image
Most analysts who are "doing attribution" aren't doing good cyber threat intelligence, they're doing poor foreign policy analysis
They neither have neither the data nor the expertise to make even a moderately confident statement on attribution
Read 12 tweets
Threat Hunting In #CyberSecurity : Waiting for an alert can be too dangerous.
Threat hunting means to proactively search for malware or attackers that are hiding in your network β€” and may have been there for some time.
Most time, the goals of these malware or attackers can be to quietly siphoning off data, patiently listening in for confidential information, or working their way through the network looking for credentials powerful enough to steal key information.
Read 19 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!