NexusFuzzy 💩
@NexusFuzzy
Infostealer hunter by night, threat actors’ headache 24/7. I track C2s, ruin botnets, and make cybercriminals rethink their life choices
You might like
If you do not want your commands to show up in history on Linux, just prepend them with a space character. Probably worth checking echo $HISTCONTROL on (compromised) servers indicating that history might not be trusted #DFIR #IncidentResponse
Quck analysis of new #ToolShell payload observed by @leak_ix: Paylaod is a .dll executed in memory. Sha-256: 3461da3a2ddcced4a00f87dcd7650af48f97998a3ac9ca649d7ef3b7332bd997 It collects System Info and the sensitive machine key. Sends back in response. Single Request takeover.
⚠️ New payload in the relation to #ToolShell . Attackers now don't need the static file anymore, leaking keys from memory without leaving the file. This means the existence of a file is not a reliable IoC anymore.
Those funky looking IP addresses already give it away that it‘s AI generated garbage
„Silent“… That shit lights up every alert dashboard like it‘s a christmas tree
🚨 1 COMMAND TO OWN AN ENTIRE NETWORK 🧠 Advanced Nmap Recon + Grep Filtering + Banner Fingerprinting nmap -n -Pn -sS -sV -p80 --open --script=banner -T5 192.168.1.0/24 -oG - | grep 'open' | grep -v 'tcpwrapped' ✅ Fast ✅ Silent ✅ Filters noise ✅ IDs Apache, IIS, embedded…
#Archetyp market has been taken down by law enforcement during #OperationDeepSentinel operation-deepsentinel.com
At this point, ransomware gangs really need to implement proper role-based access control - can’t have every low-level script kiddie leaking victim data like it’s happy hour at the breach buffet. Maybe start with a Data Leak Prevention Officer?
This week, the FBI disrupted LummaC2, a popular infostealer service, which conducted millions of attacks against victims. With help from partners like Microsoft, the FBI is fulfilling its mission to disrupt key services in the cybercriminal ecosystem: justice.gov/opa/pr/justice…
It‘s DNS I bet
Spain just suffered a full-scale telecom blackout. These are definitely cyber attacks!
We're proud to announce our support for @CapeSandbox , a fully open-source malware sandbox developed and maintained by a dedicated group of volunteers. After almost a year of downtime, we are extremely happy that we were able to help CAPE get back online again! 🥳 👉…
Coming soon, featuring your favorite security researchers like @Gi7w0rm and @g0njxa #RansomwareTycoon Wanting to get featured? Let me know :)
Man, that gives me milw0rm vibes. Also, if you remember milw0rm, please don't forget to book your annual colonoscopy!
Spain just suffered a full-scale telecom blackout. These are definitely cyber attacks!
![NexusFuzzy's tweet image. #Vidar #Infostealer vidars[.]su otx.alienvault.com/indicator/doma…](https://pbs.twimg.com/media/GlW2nGxXUAAZJ0o.png)
Cryptocurrency exchange Bybit (@Bybit_Official ) has suffered a security breach. Threat actors exploited a 'masked' transaction to siphon over $1.4 billion in Ethereum (ETH) and staked Ethereum (stETH) from one of the exchanges cold wallets.
United States Trends
- 1. Branch 35.5K posts
- 2. Chiefs 110K posts
- 3. Red Cross 46.7K posts
- 4. Mahomes 34.2K posts
- 5. Exceeded 5,873 posts
- 6. #LaGranjaVIP 79.4K posts
- 7. Binance DEX 5,092 posts
- 8. Rod Wave 1,526 posts
- 9. #TNABoundForGlory 58.1K posts
- 10. #LoveCabin 1,297 posts
- 11. Air Force One 51.6K posts
- 12. Bryce Miller 4,561 posts
- 13. Eitan Mor 13K posts
- 14. Tel Aviv 54.7K posts
- 15. Alon Ohel 12.8K posts
- 16. #OnePride 6,451 posts
- 17. LaPorta 11.5K posts
- 18. Dan Campbell 4,016 posts
- 19. Kelce 16.8K posts
- 20. Goff 13.8K posts
You might like
-
Steve YARA Synapse Miller
@stvemillertime -
Michael Koczwara
@MichalKoczwara -
Matthew
@embee_research -
Thomas Roccia 🤘
@fr0gger_ -
3xp0rt
@3xp0rtblog -
Myrtus
@Myrtus0x0 -
Intel 471
@Intel471Inc -
Dee
@ViriBack -
Van
@Wanna_VanTa -
Jiří Vinopal
@vinopaljiri -
reecDeep
@reecdeep -
Kyle Cucci
@d4rksystem -
Josh Stroschein | The Cyber Yeti
@jstrosch -
Paul Melson
@pmelson -
Wietze
@Wietze
Something went wrong.
Something went wrong.