John Fitzpatrick

@[email protected]
207 Followers
192 Following
204 Posts
Work and hobbies are #cybersecurity. I specialise in #HPC / #supercomputer security. I run HPCsec and am busy bringing TCDO to the world through Lab538. I spend a lot of free time scouring the internet for things of interest, building interesting datasets and track quite a lot of #ransomware and e-crime groups. Formerly JUMPSEC and MWR/MWRLabs.
Twitterhttps://twitter.com/j0hn__f
HPC Researchhttps://www.hpcsec.com/blog/
Best hacker moviehttps://www.imdb.com/title/tt0086567/
John FitzpatrickMay 17, 2024
Electromagnetic FieldMay 17, 2024
The EMF Arcade calls for aid! Do you know someone with a laser cutter (that can do 6mm plywood) who might want to help build an amazing arcade for indie and small game devs? We urgently need help getting our arcade cabinets cut, more details at https://blog.emfcamp.org/2024/05/17/help-the-EMF-arcade/
Help the EMF Arcade: call for laser cutters!

Help the EMF Arcade

Electromagnetic Field Blog
John FitzpatrickMay 5, 2024
Electromagnetic FieldMay 5, 2024
There are still tickets available in this sale! If you know someone who wants an EMF ticket:

https://www.emfcamp.org/tickets
Buy Tickets

Electromagnetic Field
John FitzpatrickMar 20, 2024
Electromagnetic FieldMar 20, 2024
If you're planning on travelling to EMF by train, beware that the line to Ledbury station is closed on the Sunday (June 2nd) until 16:00. There are only a few trains after that and none run direct to London.

There are rail replacement buses, but we are planning on re-routing our shuttle buses to Worcestershire Parkway station instead. We recommend you leave on Monday if possible.

Our travel page will be kept up to date with the latest travel info:
https://www.emfcamp.org/about/travel
Travelling to Electromagnetic Field

Electromagnetic Field
John FitzpatrickNov 20, 2023
Looks like the British Library ransomware incident was Rhysida #ransomware
John FitzpatrickNov 13, 2023
Have we heard any more on the 0day Lockbit claimed to have used on Boeing? #ransomware #lockbit
John FitzpatrickOct 12, 2023
Show threadKevin BeaumontOct 12, 2023

Almost 70% of Citrix Netscalers have webshell backdoors installed now, even after patching.

Pretty major backdoor due to Netscaler = internet facing by design, allows remote access, has AD credentials by design. https://blog.fox-it.com/2023/08/15/approximately-2000-citrix-netscalers-backdoored-in-mass-exploitation-campaign/

Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign

Fox-IT (part of NCC Group) has uncovered a large-scale exploitation campaign of Citrix NetScalers in a joint effort with the Dutch Institute of Vulnerability Disclosure (DIVD). An adversary appears…

Fox-IT International blog
John FitzpatrickOct 11, 2023

I'm still chasing some info on Ryhsida Linux/ESXi ransomware locker.

They're definitely encrypting ESXi environments, but I have not found a single sample in the wild. Does anyone have any insight or a sample they can share?

#Ryhsida #Ransomware #ESXi #Linux

John FitzpatrickOct 3, 2023
Lighting the Exfiltration Infrastructure of a LockBit Affiliate (and more) #ransomware https://medium.com/@lcam/lighting-the-exfiltration-infrastructure-of-a-lockbit-affiliate-and-more-f57fbb7a4e79
John FitzpatrickSep 29, 2023

I'd been wanting to do this for a while, cudos to unit42 for doing so, a great writeup. Tracking Cl0p's torrents and seeders:
https://unit42.paloaltonetworks.com/cl0p-group-distributes-ransomware-data-with-torrents/

#cl0p #ransomware

CL0P Seeds ^_- Gotta Catch Em All!

CL0P is distributing ransomware data via torrents. We investigate this new method, including seeds we’ve tracked — disguising victims with Pokemon. Catch them all!

Unit 42
John FitzpatrickSep 13, 2023

Does anyone have a Rhysida Linux/ESXi sample they can share?

#Ransomware #Rhysida