Shadow Chaser Group(@ShadowChasing1) 's Twitter Profileg
Shadow Chaser Group

@ShadowChasing1

Shadow Chaser Group is a sub-group of the GcowSec team which consists of college students who love it.Shadow Chaser Group focused on APT hunt and analysis

ID:1248410640634359808

linkhttps://github.com/Gcow-Sec calendar_today10-04-2020 00:41:39

2,1K Tweets

9,1K Followers

512 Following

ESET Research(@ESETresearch) 's Twitter Profile Photo

warns about malicious Python packages in the official @PyPI repository that target Windows and Linux. This cluster shares metadata or has similar payloads, and seems different from the one we reported in May: twitter.com/ESETresearch/s…. Marc-Etienne M.Léveillé 1/6

#ESETresearch warns about malicious Python packages in the official @PyPI repository that target Windows and Linux. This cluster shares metadata or has similar payloads, and seems different from the one we reported in May: twitter.com/ESETresearch/s…. @marc_etienne_ 1/6
account_circle
RedDrip Team(@RedDrip7) 's Twitter Profile Photo

We discovered threats from Microsoft App Store based on our Tianqing EDR product and immediately reported them to Microsoft MSRC.
Now we publish the report and IOCs to the open source community.
Security Response

Report:ti.qianxin.com/blog/articles/…
IOCs:raw.githubusercontent.com/RedDrip7/APT_D…

We discovered threats from Microsoft App Store based on our Tianqing EDR product and immediately reported them to Microsoft MSRC. Now we publish the report and IOCs to the open source community. @msftsecresponse Report:ti.qianxin.com/blog/articles/… IOCs:raw.githubusercontent.com/RedDrip7/APT_D…
account_circle
r3kapig(@r3kapig) 's Twitter Profile Photo

After 48h of hard work last weekend, we ended up in 6th place in 0ctf 2023. Thanks to 0ops.ctf and KEENLAB for the quality of the challenge. Also congratulations to the top3 team .Hopefully we can do more better in 0ctf 2024!

After 48h of hard work last weekend, we ended up in 6th place in 0ctf 2023. Thanks to @0ops_ctf and @keen_lab for the quality of the challenge. Also congratulations to the top3 team .Hopefully we can do more better in 0ctf 2024!
account_circle
n132(@n132XxX) 's Twitter Profile Photo

ROP on GOT!

We noticed there is a mitigation for the latest versions to avoid attackers using glibc GOT easily. However, got in libc is still writable, hence swing and I designed another method to achieve RCE with once Arbitrary Write:

github.com/n132/Libc-GOT-…

ROP on GOT! We noticed there is a mitigation for the latest versions to avoid attackers using glibc GOT easily. However, got in libc is still writable, hence @bestswngs and I designed another method to achieve RCE with once Arbitrary Write: github.com/n132/Libc-GOT-…
account_circle
r3kapig(@r3kapig) 's Twitter Profile Photo

We have a wonderful trip into N1CTF 2023
and finally we got 4th place
Thanks for the chal of Nu1L
if you wanna join us,pls send mail to [email protected]

We have a wonderful trip into N1CTF 2023 and finally we got 4th place Thanks for the chal of @Nu1L_Team if you wanna join us,pls send mail to root@r3kapig.com
account_circle
Zero Day Initiative(@thezdi) 's Twitter Profile Photo

Miss Piotr Bazydło's talk on .NET deserialization bugs during Hexacon? You can check out his full white paper at:
github.com/thezdi/present…

And be sure to catch his exploit videos for (youtu.be/5UyX7Hp2q3Q) and (youtu.be/ZcOZNAmKR0c)

account_circle
Xiaoli(@Memory_before) 's Twitter Profile Photo

If you compromised a Windows host in AD but didn't find any other credentials on the host, don't forget to take out the machine account, because it would be your 'best friend' in AD.

If you compromised a Windows host in AD but didn't find any other credentials on the host, don't forget to take out the machine account, because it would be your 'best friend' in AD.
account_circle
Ginkgo(@ginkgo_g) 's Twitter Profile Photo


ca8728ce8f77cfc804f9ce343de9c9ee
Consent Form_Princeton Study.vbs

f7c21b71875b8c0eb19516791298a3cb
C:\Users\Public\Videos\asdfg.vbs

hxxps://grekop.online/brad/ca.php?na=reg.gif
hxxps://grekop.online/brad/share.docx

#Kimsuky #APT ca8728ce8f77cfc804f9ce343de9c9ee Consent Form_Princeton Study.vbs f7c21b71875b8c0eb19516791298a3cb C:\Users\Public\Videos\asdfg.vbs hxxps://grekop.online/brad/ca.php?na=reg.gif hxxps://grekop.online/brad/share.docx
account_circle
Kimberly(@StopMalvertisin) 's Twitter Profile Photo

Interesting ... Target: BMO (Bank of Montreal)

ZIP -> LNK -> ZIP -> WsatConfig.exe sideloading sysglobl.dll

ITW: https://bmogc[.]ca/ethics/Code-of-Conduct.zip
Code-of-Conduct/.zip
00cd267a302b0f7bfc7c4f11f667b501

BMO-Code-of-Conduct.pdf.lnk
c400a06451e7fc11117b9e58eb97d988

Interesting ... Target: BMO (Bank of Montreal) ZIP -> LNK -> ZIP -> WsatConfig.exe sideloading sysglobl.dll ITW: https://bmogc[.]ca/ethics/Code-of-Conduct.zip Code-of-Conduct/.zip 00cd267a302b0f7bfc7c4f11f667b501 BMO-Code-of-Conduct.pdf.lnk c400a06451e7fc11117b9e58eb97d988
account_circle
Shadow Chaser Group(@ShadowChasing1) 's Twitter Profile Photo

Today our researchers found the sample which belongs to group ITW:fa016406e48a8ac27102aa4b38c75d8c
ITW:81101978f4920d9bf1ff29adb4cf87f9
filename:소명자료 목록(국세징수법 시행규칙).hwp.lnk
URL: hxxp://elinline.com/upload.php

Today our researchers found the sample which belongs to #Konni #APT group ITW:fa016406e48a8ac27102aa4b38c75d8c ITW:81101978f4920d9bf1ff29adb4cf87f9 filename:소명자료 목록(국세징수법 시행규칙).hwp.lnk URL: hxxp://elinline.com/upload.php
account_circle