home.social

#processinjection — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #processinjection, aggregated by home.social.

  1. TechNadu @[email protected] ·

    Observed campaign summary:

    Initial Access:
    • Phishing emails with Excel (.XLAM) attachments
    Execution:
    • CVE-2018-0802 (EQNEDT32.EXE)
    • HTA → mshta.exe
    • PowerShell in-memory decoding
    Deployment:
    • Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
    • Process hollowing into Msbuild.exe
    • AES-encrypted C2 packets
    • delimited command protocol
    • Plugin-based architecture (50+ modules)

    Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.

    This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.

    Blue teamers - which telemetry source provides the strongest signal here?

    Source: fortinet.com/blog/threat-resea

    Follow @technadu for ongoing malware analysis and threat intelligence coverage.

    #Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu

    #infosec #malwareresearch #threatintel #xworm #rat #processinjection
  2. TechNadu @[email protected] ·

    Observed campaign summary:

    Initial Access:
    • Phishing emails with Excel (.XLAM) attachments
    Execution:
    • CVE-2018-0802 (EQNEDT32.EXE)
    • HTA → mshta.exe
    • PowerShell in-memory decoding
    Deployment:
    • Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
    • Process hollowing into Msbuild.exe
    • AES-encrypted C2 packets
    • delimited command protocol
    • Plugin-based architecture (50+ modules)

    Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.

    This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.

    Blue teamers - which telemetry source provides the strongest signal here?

    Source: fortinet.com/blog/threat-resea

    Follow @technadu for ongoing malware analysis and threat intelligence coverage.

    #Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu

    #infosec #malwareresearch #threatintel #xworm #rat #processinjection
  3. TechNadu @[email protected] ·

    Observed campaign summary:

    Initial Access:
    • Phishing emails with Excel (.XLAM) attachments
    Execution:
    • CVE-2018-0802 (EQNEDT32.EXE)
    • HTA → mshta.exe
    • PowerShell in-memory decoding
    Deployment:
    • Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
    • Process hollowing into Msbuild.exe
    • AES-encrypted C2 packets
    • delimited command protocol
    • Plugin-based architecture (50+ modules)

    Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.

    This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.

    Blue teamers - which telemetry source provides the strongest signal here?

    Source: fortinet.com/blog/threat-resea

    Follow @technadu for ongoing malware analysis and threat intelligence coverage.

    #Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu

    #technadu #blueteam #cyberdefense #dfir #edr #processinjection
  4. TechNadu @[email protected] ·

    Observed campaign summary:

    Initial Access:
    • Phishing emails with Excel (.XLAM) attachments
    Execution:
    • CVE-2018-0802 (EQNEDT32.EXE)
    • HTA → mshta.exe
    • PowerShell in-memory decoding
    Deployment:
    • Fileless .NET loader disguised as Microsoft.Win32.TaskScheduler
    • Process hollowing into Msbuild.exe
    • AES-encrypted C2 packets
    • delimited command protocol
    • Plugin-based architecture (50+ modules)

    Capabilities include credential theft, ransomware, DDoS, system control, registry persistence, and remote command execution.

    This campaign demonstrates mature modular RAT engineering combined with social engineering entry points.

    Blue teamers - which telemetry source provides the strongest signal here?

    Source: fortinet.com/blog/threat-resea

    Follow @technadu for ongoing malware analysis and threat intelligence coverage.

    #Infosec #MalwareResearch #ThreatIntel #XWorm #RAT #ProcessInjection #EDR #DFIR #CyberDefense #BlueTeam #TechNadu

    #infosec #malwareresearch #threatintel #xworm #rat #processinjection
  5. acrypthash👨🏻‍💻 @[email protected] ·

    It's been quite a bit since I have been on here. A small update:
    - I have a security analyst working with me, the help has been great!
    - I going back to Penn State for the third time to do a security talk about process injection!
    - I am prepping our annual penetration tests against our web app!

    I continue to grow and learn more about my field in Security and am so grateful for the fun I get to have!
    #security #updates #gratitude #processinjection #pennstate

    #security #updates #gratitude #processinjection #pennstate
  6. Geekmaster 👽:system76: @[email protected] ·

    Well, isn't this just "punch you in the gut while I rip your teeth out" peachy. Never thought a #PoolParty would be such a downer #Hacking #ProcessInjection

    securityaffairs.com/155464/hac

    #poolparty #hacking #processinjection
  7. 0xor0ne @[email protected] ·

    A couple of blog posts for learning about Linux process injection (specifically sshd injection for credential harvesting)

    blog.xpnsec.com/linux-process-

    jm33.me/sshd-injection-and-pas

    #processinjection #redteam #cybersecurity

    #processinjection #redteam #cybersecurity
  8. Pyrzout :vm: @[email protected] ·

    Memory scanning leaves attackers nowhere to hide – Source: news.sophos.com ciso2ciso.com/memory-scanning- #rssfeedpostgeneratorecho #CyberSecurityNews #processinjection #filelessmalware #memoryscanning #ThreatResearch #nakedsecurity #nakedsecurity #SophosXOps #FEATURED #featured

    #rssfeedpostgeneratorecho #cybersecuritynews #processinjection #filelessmalware #memoryscanning #threatresearch
  9. Pyrzout :vm: @[email protected] ·

    Memory scanning leaves attackers nowhere to hide – Source: news.sophos.com ciso2ciso.com/memory-scanning- #rssfeedpostgeneratorecho #CyberSecurityNews #processinjection #filelessmalware #memoryscanning #ThreatResearch #nakedsecurity #nakedsecurity #SophosXOps #FEATURED #featured

    #featured #sophosxops #nakedsecurity #threatresearch #memoryscanning #filelessmalware
  10. 0xor0ne @[email protected] ·

    A couple of quick blog posts for learning about Linux process injection
    (specifically sshd injection for credential harvesting)

    blog.xpnsec.com/linux-process-

    jm33.me/sshd-injection-and-pas

    #processinjection #redteam #cybersecurity

    #processinjection #redteam #cybersecurity
  11. Tedi Heriyanto @[email protected] ·

    Introduction to Process Hollowing, including how to detect it: trustedsec.com/blog/the-nightm

    #redteam #blueteam #processinjection

    #redteam #blueteam #processinjection
  12. 0xor0ne @[email protected] ·

    A couple of nice blog posts for learning about Linux process injection
    (specifically sshd injection for credential harvesting)

    blog.xpnsec.com/linux-process-

    jm33.me/sshd-injection-and-pas

    #sshd #processinjection #redteam #infosec #cybersecurity #Linux

    #sshd #processinjection #redteam #infosec #cybersecurity #linux
  13. 0xor0ne @[email protected] ·

    A couple of nice blog posts for learning about Linux process injection
    (specifically sshd injection for credential harvesting)

    blog.xpnsec.com/linux-process-
    jm33.me/sshd-injection-and-pas

    #sshd #processinjection #redteam #infosec #cybersecurity #Linux

    #sshd #processinjection #redteam #infosec #cybersecurity #linux