Funes

@funes@infosec.exchange
152 Followers
289 Following
599 Posts

Some sort of threat researcher or something. Malware. Detection/Hunting. PNW.

"My memory, sir, is like a garbage heap."

Show threadFunes5h ago
@W6KME @disco3000 I would guess that it's hard to even find a solid POS solution that doesn't require Internet connection these days. Yeah, partly because many are now cloud-based solutions, but also just for payment processing because people rarely pay with cash. Though many modern POS services have a cellular failover specifically because of the reliance on connectivity.
Show threadFunes23h ago
@mcc what is Servo? I tried searching for it, but only got results for servo motors.
Show threadFunes1d ago
@goldstein dude has enough self interest to know that when you target leaders then leaders become targets.
Show threadFunes1d ago
@0x00string
Show threadFunes1d ago
@globalmuseum seems like they did more to drive home the thought behind the piece than it sitting in a museum could lol
Show threadFunes3d ago

They did use it in another upload, I just hadn't looked at it yet: hxxps://pikacortex[.]com/notepad.zip

Led to #xworm reaching out to newi[.]onthewifi.com (ddns service), currently resolving to 103.167.84[.]131 (AS63737)

#malware #threatintel

Funes3d ago

Been watching this TAs GitHub repo and yesterday they uploaded the unobfuscated source of a C++ shell code injector, then deleted it this morning. Haven't seen them use it yet, they usually use a Python-based injector. Quick searches haven't turned up any results for matches. It's not using any new or revelatory techniques, but sharing here in case it's the kind of thing you're into: https://github.com/mewmewb/tro/commit/6aa9e2417fa87e30f93d2e663d06c10932deefc9

#malware #threatintel

Create cp.cpp · mewmewb/tro@6aa9e24

Contribute to mewmewb/tro development by creating an account on GitHub.

GitHub
Show threadFunes5d ago
@tedder sure, always down for more meshes.
Funes6d ago
Has #directorytraversalmemes gotten a look at CVE-2025-47176 yet? https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-47176
Show threadFunes6d ago
@TXRattler are you talking about something like the NCL where they have an individual competition? Because you should absolutely be looking things up and collaborating in CTFs. Are you playing alone?
×
Funes6d ago
Has #directorytraversalmemes gotten a look at CVE-2025-47176 yet? https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-47176
Show threadcR0w 6d ago
@funes No memes yet but it's been noted: https://infosec.exchange/@cR0w/114660404770607176
cR0w :cascadia: (@cR0w@infosec.exchange)

@reverseics I've seen one in AIX, one in NetWeaver, two from Schneider, and on in Outlook today. And those are just the ones I've seen and read the description of.

Infosec Exchange