Pedro

@pedro@infosec.exchange
10 Followers
103 Following
257 Posts
Pedro19h ago
Kevin Beaumont20h ago

Emerging situation to be aware of - some of the #CitrixBleed2 session hijacking victims are also victims of webshell implants via a different vuln, CVE-2025-6543.

Script to check for Netscaler implants: https://github.com/NCSC-NL/citrix-2025/blob/main/TLPCLEAR_check_script_cve-2025-6543-v1.6.sh

citrix-2025/TLPCLEAR_check_script_cve-2025-6543-v1.6.sh at main · NCSC-NL/citrix-2025

Contribute to NCSC-NL/citrix-2025 development by creating an account on GitHub.

GitHub
Pedro1d ago
cR0w 1d ago

New ASN to block. But again, the firewall vendors don't give a fuck about your feature requests so you'll have to block the networks instead.

Silent Push reports that there has been a migration from the OFAC sanctioned Aeza Group's AS210644 to AS211522 which is listed as operated by Hypercore, Ltd.

https://www.silentpush.com/news/iofa-detects-aeza-group-infrastructure/

Here are the networks in AS211522 that you may want to block:

83.147.216.0/24
91.186.216.0/22
91.186.212.0/23
83.147.222.0/24
83.147.192.0/24
83.147.254.0/24
83.147.252.0/23
150.241.64.0/19
178.253.55.0/24

#threatIntel

Silent Push IOFA™ Feed Detects Aeza Group Infrastructure Shift Following OFAC Sanctions

On July 1, 2025, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated Aeza Group, two affiliated companies, and four individuals for providing bulletproof hosting services that enabled global cybercriminal activity — including ransomware operations, data theft, and darknet drug trafficking. Bulletproof hosting (BPH) refers to resilient server infrastructure used by […]

Silent Push
Pedro2d ago
Show threadAI6YR Ben2d ago
LOL include rm -rf * in all your bash scripts you check into github
Pedro2d ago
leakix2d ago

As promised, our #SharePoint adventure with CVE-2025-53770 and CVE-2025-53771, including payloads and vulnerability checker!

https://blog.leakix.net/2025/07/using-their-own-weapons-for-defense-a-sharepoint-story/

Using their own weapons for defense - A SharePoint story

Exploring our adventure while building detection for SharePoint exploitation and vulnerability.

Pedro2d ago
cR0w 2d ago
Another one of those days.
Pedro2d ago
Marcus Hutchins 2d ago
This is what it's like publishing research in 2025. I write an extremely popular blog post on EDR bypasses and Google just comes along and steals my search traffic in the most brazen way possible.
Pedro2d ago
Information Is Beautiful2d ago
It's all <insert complex language> to me (regional variations)
https://www.instagram.com/languages.eu
Pedro4d ago
Show thread⠠⠵ avuko4d ago

@curiousrobot haha! I’ve got that covered too!

I’m just going to log in to my Fortiweb admin interface to make sure we’ve configured it to also protect the Netscaler! I’m no fool! Ha!

PedroJul 19
VissJul 19
PedroJul 18
LukasJul 18

Mildly cursed factoid about UNC paths:

- UNC Paths can contain IP addresses such as \\192.168.1.1\share
- IPv6 addresses are supported as well
- IPv6 addresses contain colons
- can't have colons in Windows paths since colons are reserved for drive letters

So Microsoft came up with the the ipv6-literal.net domain that's special-cased by Windows so you can to write IPv6 addresses in UNC paths as 2a0e-3c0--21.ipv6-literal.net without it hitting any resolvers.

×
Show threadGirl on the NetDec 29, 2024
Here is a bit more detail. Note that the Liz Line (aka Crossrail) is in sparkly purple because it's my favourite line.
Show threadBoxOfRainDec 29, 2024
@girlonthenet
It is just amazing
Show threadDrArtAnalyticsDec 29, 2024
@girlonthenet
That's awesome.
Show threadEllaneDec 29, 2024
@girlonthenet Amazing! This looks like something @mappery would like.
Show threadMaps in the WildJan 1
@ellane @girlonthenet thanks
Show threadfarrerDec 29, 2024
@girlonthenet mine too! you'd love my new socks:
Show threadGirl on the NetDec 29, 2024
@farrer amazing
Show threadR.C.Dec 29, 2024
@girlonthenet This is beautiful!
Show threadSylvhemDec 29, 2024
@girlonthenet This is such an amazing gift!
Show threadScalaraDec 29, 2024
@girlonthenet Cool. I can imagine the time to build the blanket and the tunnels themselves.
Show threadarch-packetmancerDec 29, 2024
@girlonthenet That is a work of heart. Amazing.
Show threadTarah Wheeler 🖖♦️Dec 29, 2024
@girlonthenet that is love.
Show threadCantabridgedDec 30, 2024
@girlonthenet wow. Just wow. That's absolutely stunning!
Show threadJulia RezDec 30, 2024

@girlonthenet

OMFG that is such an amazing and beautiful thing.

Show threadOliver ClozoffJan 1
@girlonthenet I'm late to the party after being offline for xmas, but that is spectacular. And has anybody already made the ‘Liz Line (aka Crosstitchrail)' pun yet?
Show threadGirl on the NetJan 1
@OliverClozoff amazing! I think you’re the first 😂
Show threadWurzelmannJul 8
@girlonthenet this is breathtakingly awesome, wow! 😍