BenI don't mean to brag but I already did this
Researchers teach brain cells to play 'Doom'
| https://twitter.com/nunohaien | |
| GitHub | https://github.com/tillmannw |
Tillmann Werner
- 114 Followers
- 102 Following
- 69 Posts
Malware Reverse Engineer. Honeypot Pioneer. Liberator of Botnets. Aibohphobia. Pineapple-on-Pizza Allergy.
larsbornAnd here for some good news in the current software supply chain craziness: https://www.crowdstrike.com/en-us/blog/inside-crowdstrike-takedown-of-a-developer-targeting-botnet/ #glassworm
watch out for traffic to 164.92.88[.]210. If you see it you might have an infected host on your network (even though nothing bad will happen anymore, that host is a sinkhole).
VNC ResolverIP/Port: 38.242.144.150:5900
Hostname: vmi2388625.contaboserver.net
Client Name: vmi2388625:1
Location: Düsseldorf, North Rhine-Westphalia, DE 🇩🇪
ASN: AS51167 Contabo GmbH
VNC Password: N/A
ID: 78279040
Added to DB: 05/08/2025, 12:39:43 AM (UTC)
Last seen: 05/07/2025, 08:39:20 PM (UTC)
https://computernewb.com/vncresolver/browse#id/78279040
Hostname: vmi2388625.contaboserver.net
Client Name: vmi2388625:1
Location: Düsseldorf, North Rhine-Westphalia, DE 🇩🇪
ASN: AS51167 Contabo GmbH
VNC Password: N/A
ID: 78279040
Added to DB: 05/08/2025, 12:39:43 AM (UTC)
Last seen: 05/07/2025, 08:39:20 PM (UTC)
https://computernewb.com/vncresolver/browse#id/78279040
must... find... 0day with AI... then publish vuln on linkedin... with a logo and name
Sebastian WallaDear Network,
I'm hiring a Cloud Security Researcher that wants to work at the forefront of investigating new cloud intrusions. You will bring a solid understanding of IAM. Using this knowledge you will dig through cloud activity logs (AWS CloudTrail, Azure Activity Logs) to find interesting new cloud TTPs, collaborate to discover new adversaries, and share your findings in finished intelligence reports with our customers.
You'll regularly write and extend Python scripts to support your analysis and automate away the boring parts. Hence, knowing Python is also required. If you can also reverse engineer that is wonderful.
We are a remote team with colleagues in US and EU timezones.
At the moment this role is open to candidates from the EU but if you are a strong candidate in US/CA I still encourage you to apply
At the moment we are not working with external recruiters so please apply directly to the role:
Sr. Security Researcher, TAC Cloud (Remote)
As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you. About the Role: CrowdStrike Intelligence is seeking a motivated cloud security specialist with excellent technical skills to research the activities of cloud-conscious adversaries. Our Technical Analysis Cell (TAC) is at the forefront of CrowdStrike’s mission against cloud-conscious threat actors. We often are the first to catch adversaries leverage never-before observed techniques in the cloud. We combine intelligence analysis with deep-dive cloud service provider log analysis (AWS CloudTrail, Azure Activity Logs), and reverse engineering of malicious code, in addition to building and using automation systems to deliver actionable indicators and operational insights. CrowdStrike is uniquely positioned to leverage data from a multitude of sources, including incident response, managed threat hunting, proprietary telemetry, our large internal malware corpus, and our custom-built analysis pipeline. We foster a diverse environment of respectful, passionate camaraderie and collaboration between researchers who enjoy the fast-paced nature of our work.This highly technical position serves an important role in conducting research, increasing our coverage of the global cloud threat landscape, contributing to the continuous tracking of cloud adversaries, and ultimately developing finished intelligence products that provide a decision advantage to customers. These skills will be used to successfully carry out the following duties: What You'll Do: Technical Analysis: Reconstruct, investigate, and track cloud intrusions leveraging cloud service provider activity logs (AWS CloudTrail, Azure Activity Logs) and document findings. Enhance understanding of observed cloud activity by reproducing the activity in a test cloud environment. Create tools to automate analysis tasks and tracking of threat actors. Write cloud-activity-based (KQL, Amazon Athena), host-based (Yara) and network-based (Snort/Suricata) signatures suited for large-scale hunting, detection, and tracking of threats. Perform a technical analysis and reverse engineering of tools related to threat activity within the cloud environment or as part of cloud-conscious intrusions Intelligence Reporting: Produce high-quality, actionable intelligence reporting. Collaborate with our interdisciplinary team to coordinate adversary and campaign tracking, and to provide support to teams developing mitigation strategies and responding to incidents. What You'll Need: Required: Understanding of cloud security concepts in particular identity and access management (IAM). Ability to reconstruct incidents based on cloud activity logs from at least one major cloud service provider (AWS, Azure, or GCP) Ability to express complex technical and non-technical concepts in written, verbal and graphical products for all levels of readership, including actionable mitigation and detection guidance. Knowledge of programming and scripting languages, in particular Python. Knowledge of reverse engineering tools (disassemblers, decompilers, debuggers) and processes (unpacking malware, reconstructing code logic, etc). Ability to identify and classify malicious tooling through development of signatures that can be used for tracking and hunting purposes. Ability to interpret raw network data and to develop network signatures, as well as custom protocol decoders and decryption tools. Be a team player Bonus Points: Experience developing detections with KQL and Amazon Athena Proven track record of relevant experience in the cloud security field A background in intelligence is a plus. Relevant cloud certifications are a plus. #LI-EV1 #LI-Remote Benefits of Working at CrowdStrike: Market leader in compensation and equity awards Comprehensive physical and mental wellness programs Competitive vacation and holidays for recharge Paid parental and adoption leaves Professional development opportunities for all employees regardless of level or role Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections Vibrant office culture with world class amenities Great Place to Work Certified™ across the globe CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program. CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements. If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at [email protected] for further assistance. CrowdStrike was founded in 2011 to fix a fundamental problem: The sophisticated attacks that were forcing the world’s leading businesses into the headlines could not be solved with existing malware-based defenses. Founder George Kurtz realized that a brand new approach was needed — one that combines the most advanced endpoint protection with expert intelligence to pinpoint the adversaries perpetrating the attacks, not just the malware. There’s much more to the story of how Falcon has redefined endpoint protection but there’s only one thing to remember about CrowdStrike: We stop breaches.
DB 🌱💦Vultures eat anthrax, botulism, rabies, & cholera for breakfast.
Their stomach acid is among the most corrosive in the animal kingdom, with a pH around 1, low enough to dissolve the bones, hide, & pathogens of dead animals that would kill almost anything else.
A vulture eating a diseased carcass isn't a vector for disease, it's the end of the line. The disease chain ends in the vulture's gut, & that's pretty hardcore.
When vulture populations crashed in India in the 1990s, rotting livestock carcasses sat where vultures used to clean them.
Feral dogs and rats took over the cleanup, both of which actually do spread rabies. Researchers later linked the vulture collapse to roughly 500,000 deaths in India over the following decade.
The same collapse is now underway in sub-Saharan Africa. 6 of 11 African vulture species are threatened with extinction, primarily from poisoned poaching baits.
The animals nobody finds cute are doing more public health work than most of the species we actively protect.
#Birds
IP/Port: 84.147.43.179:5900
Hostname: p54932bb3.dip0.t-ipconnect.de
Client Name: antratec-kasse ( 192.168.2.101 ) - service mode
Location: Bonn, North Rhine-Westphalia, DE 🇩🇪
ASN: AS3320 Deutsche Telekom AG
VNC Password: 1234
ID: 23578416
Added to DB: 05/07/2025, 07:06:52 PM (UTC)
Last seen: 05/07/2025, 03:00:00 PM (UTC)
https://computernewb.com/vncresolver/browse#id/23578416
Hostname: p54932bb3.dip0.t-ipconnect.de
Client Name: antratec-kasse ( 192.168.2.101 ) - service mode
Location: Bonn, North Rhine-Westphalia, DE 🇩🇪
ASN: AS3320 Deutsche Telekom AG
VNC Password: 1234
ID: 23578416
Added to DB: 05/07/2025, 07:06:52 PM (UTC)
Last seen: 05/07/2025, 03:00:00 PM (UTC)
https://computernewb.com/vncresolver/browse#id/23578416
I think this wasn't mentioned on the Fediverse yet, so here we go: https://malshare.com is back up! If you've never heard of it: It's an openly developed and cost-free malware repository. As a resarcher, you can register an account and upload and download malware samples to share with other researchers. You only need an email address (feel free to use a throw-away). This sadly became necesarry btw to avoid abuse.
Anyway, we've been hard at work to discuss scope (and reduce it), did some spring cleaning, and automate as much as possible.
A couple of changes:
* CI/CD via github actions
* got rid of YARA scanning
* allowed URL submissions
* got the daily digest working again
Esp. not scanning with YARA anymore was a hard decision. Because without that, it's really just SHA256s. But it's surprisingly hard to run YARA at scale. And in the end, we figured: before there's no MalShare, let's have one without YARA.
We also centralized all issue tracking on https://github.com/Malshare/MalShare/issues. There were issues over 4 years old. We've addressed a couple and the plan is to not let it come to this in the future. Speaking of: please reach out if you want to get involved, we are not that many people and can use any help. There's also donation options to cover hosting cost (we have a lot of malware...).
Mykright now the astronauts are calling houston because the computer on the spaceship is running two instances of microsoft outlook and they can't figure out why. nasa is about to remote into the computer
#nasa #artemis #outlook #microsoft #microslop
#nasa #artemis #outlook #microsoft #microslop
Two scenarios possibly resulting from today's Claude Code source code leak¹:
1. Attackers study the built-in permission system to figure out how to bypass it. Claude Code is the target here. It is strange that the software requesting permission is the same that enforces security boundaries, anyway.
2. Attackers distribute custom builds that
do nasty stuff like stealing API keys, running commands, backdooring code. Here, a specially crafted Claude Code is the attack vector.
