home.social

#thrunting — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #thrunting, aggregated by home.social.

  1. Oh, and for those that didn't know, the good side lost the battle against the unironic use of the term #thrunting . It appears it's here to stay.

  2. Check out! New sharing community for Threat Hunters, from some amazing people I greatly respect @letswastetime and @Jotunvillur

    HEARTH (Hunting Exchange And Research Threat Hub)!

    Hey thrunters! A new open-source home to:
    - Share hunt ideas
    - Learn from others
    - Level up together

    Built by hunters, for hunters 🎯
    threathuntingcommunity.com

    #threathunting #thrunting #infosec #HEARTH

  3. A co-worker of mine the other day referred to Threat Hunting as Thrunting, and now I want to make Thrunting an actual cyber security term so very badly.

    #cyber #cybersecurity #threathunting #thrunting

  4. IntelOwl an Open Source Intelligence, or OSINT solution to get threat intelligence data about a specific file, an IP or a domain from a single API. It integrates a number of analyzers available online and a lot of cutting-edge malware analysis tools.

    github.com/intelowlproject/Int

    #threathunting #threatintel #thrunting #opensourceTI

  5. Kudos to virustotal for the cheatsheet they dropped today (blog.virustotal.com/2022/12/vt). They already had their various search modifiers documented, but this gives a dense set of concrete examples of how they can be used in realistic threat hunting queries. #CTI #VTI #virustotal #thrunting

  6. Kudos to virustotal for the cheatsheet they dropped today (blog.virustotal.com/2022/12/vt). They already had their various search modifiers documented, but this gives a dense set of concrete examples of how they can be used in realistic threat hunting queries. #CTI #VTI #virustotal #thrunting

  7. Kudos to virustotal for the cheatsheet they dropped today (blog.virustotal.com/2022/12/vt). They already had their various search modifiers documented, but this gives a dense set of concrete examples of how they can be used in realistic threat hunting queries. #CTI #VTI #virustotal #thrunting

  8. Kudos to virustotal for the cheatsheet they dropped today (blog.virustotal.com/2022/12/vt). They already had their various search modifiers documented, but this gives a dense set of concrete examples of how they can be used in realistic threat hunting queries. #CTI #VTI #virustotal #thrunting

  9. Kudos to virustotal for the cheatsheet they dropped today (blog.virustotal.com/2022/12/vt). They already had their various search modifiers documented, but this gives a dense set of concrete examples of how they can be used in realistic threat hunting queries. #CTI #VTI #virustotal #thrunting

  10. Data from recent #batloader campaigns leveraging digitally signed #malware impersonating popular software:

    🧲​ Lure sites:
    anyofferdesk[.]com
    offerdistancezoom[.]com
    offerslack[.]com
    teamofferview[.]com
    luminar4[.]com
    winrarlabs[.]com
    getsnotes[.]com

    🖊️​ Digital Certificates:
    "Digital Designs FL LLC"
    "Glacier Digital Ads Inc"
    "Danjo Digital LLC"

    🌐 ​C2s:
    24xpixeladvertising[.]com
    t1pixel[.]com
    photo-editor-mark[.]com

    ❓​ What's next?
    Batloader is malware-as-a-service that's been observed delivering InfoStealers or in some cases dual-use agents (atera, zoom) along with #cobaltstrike for #ransomware purposes

    🔗​ VT query for files signed by these certificates: virustotal.com/gui/search/sign

    #ThreatIntel #ThreatIntelligence #Thrunting

  11. I wrote a little script to parse and extend the Sigma rules from hijacklibs dll side loading archive.

    Feel free to modify this to include your PySigma tail content so it can work in your SIEM

    github.com/joshnck/Sigma_Rules

    #sigma #dllhijacking #blueteam #threathunting #thrunting