cR0w

@[email protected]
778 Followers
381 Following
1.6K Posts
Analyst
Location:cascadia:
PronounsHe / Him
cR0w7h ago
Still7h ago

Clocking in to report on the ALVR supply chain situation to double check with others' thoughts on the matter.

Rust stealer + eBPF rootkit
atomic-lockfile-1.4.2.tgz
d237b35613b16941fac8e8fde14dfd96e32a0c954d6334238f6d1f58e915b330

deps
6144d433f8a0316869877b5f834c801251bbb936e5f1577c5680878c7443c98b

---

This I think everyone knows about already, but it looks like there are also a handful of Windows-specific similar stealer uploaded only few days ago.

5d65dafa6be7477628aed171201043686506d968c21446d294c4e75f66851bf1
efb40ad5b52aba23eff4968db5c8bc79c2831fbf91715b9a90d8771c4c9e7759
f6eed94087a01f87ddffd0ea0919fbd1dd38a7a0bbb5e78b9c1065a7c07b30bf
d63558da0dfcfb111ccc41df9bb94545495568f3a431703204e87228fccc0126

Anyone got any findings ties yet?

cR0w8h ago
Show threadcorq8h ago

@cR0w @theorangetheme @crowbriarhexe

Merchandising opp:

"Getting smashed at the Crow Bar..." TShirts 

cR0w8h ago
Show threadAdam Shostack  8h ago
@cR0w Maybe nist could write a standard for that!? Seems easy.
cR0w8h ago
Show threadNullstring 🏴‍☠️9h ago
@cR0w new cwe just dropped babe wake up
cR0w8h ago
Show thread:: Asta ::10h ago
@cR0w NIST Standard Reference Meme 87: "If I was software, I would simply not be vulnerable."
cR0w8h ago
Show threadcorq10h ago
@cR0w like, ALL OF THEM?
cR0w8h ago
jonathankoren™10h ago

RE: https://infosec.exchange/@cR0w/116732880369032945

Prompt engineering is just pleading.

cR0w8h ago
Ashe Dryden 🙆🏼‍♀️🐈🐈‍⬛12h ago

RE: https://infosec.exchange/@cR0w/116732880369032945

Have you considered just not writing software lol

cR0w8h ago
Show threadDrikanis12h ago
@cR0w perfect! we'll just copy it into our respective AGENTS.md files and solve all security problems forever! /s
cR0w8h ago
Show threadDave Wilburn 12h ago

@jsmall @cR0w

Out of all the sensors I've deployed and used, encouraging users to forward dodgy emails to a simple "suspicious" mailbox monitored by the SOC was by far the best. Pair that up with internal marketing of its existence, simple "thank you" notes for good submissions, and even the occasional modest reward, and you've got a powerful weapon on your hands. And while I'm generally negative towards phishing exercises, reframing them with positive rewards make them much more tolerable and useful.

The security teams that view their users as liabilities rather than strengths lack empathy and imagination. And the users that understand their security teams to be adversaries through bitter experience rather than allies are poorly served.