This media is not supported in your browser
VIEW IN TELEGRAM
can we make it anonymous seriously like by changing the bios chip firmware and stuff like that ?
@AfroSec
@AfroSec
โ2๐ค2
Some people think that when I quit uni I just went dumb, quit life, and rot in bed. Bruh can u relax ?๐
every time I open my PC and connect to the internet, Iโm learning
letโs be honest ena malet in uni most of us only read modules for exams and forget them right after,๐
In tech ? every hour, every minute, youโre googling, low-key abusing AI lol ๐
anyways if anyone who think like this please แจแตแญแแณแฝแ แฐแแ แก๐
@AfroSec
every time I open my PC and connect to the internet, Iโm learning
letโs be honest ena malet in uni most of us only read modules for exams and forget them right after,๐
In tech ? every hour, every minute, youโre googling, low-key abusing AI lol ๐
anyways if anyone who think like this please แจแตแญแแณแฝแ แฐแแ แก๐
@AfroSec
๐16๐คฃ5๐3
The Hacker News
โ ๏ธ Astaroth banking malware is now using WhatsApp as its main delivery channel in Brazil. Researchers report a new Python-based module that steals a victimโs contact list and auto-sends malicious ZIP files, spreading the infection chat to chat. ๐ How theโฆ
astaroth is back ylal
i wrote abt it a yr ago ig
is file less malware like it executes directly in memory
@AfroSec
i wrote abt it a yr ago ig
is file less malware like it executes directly in memory
@AfroSec
๐3๐ฅ1
https://github.com/jivoi/awesome-osint
stalkers i mean Osint Nerds ๐ where are u ???? this one is for u
@AfroSec
stalkers i mean Osint Nerds ๐ where are u ???? this one is for u
@AfroSec
GitHub
GitHub - jivoi/awesome-osint: :scream: A curated list of amazingly awesome OSINT
:scream: A curated list of amazingly awesome OSINT - jivoi/awesome-osint
๐ฅ3๐3
Forwarded from AXUM SEC
CVE-2025-53770: When SharePoint Zero-Days Proved Perimeter
Security Isnโt Enough
In July 2025, attackers actively exploited a critical SharePoint zero-day to gain unauthenticated RCE, deploy web shells, steal machine keys, and persist even after patching.
The hard truth?
Patching closes the door, but it doesnโt tell you who already walked in.
Modern attacks blend into normal operations and stay quiet. Defending against them takes more than alerts it takes continuous validation and real exposure visibility.
Thatโs where AxumSec comes in.
Because modern threats donโt wait and security shouldnโt either.
๐ฌ What cyber risk do you think organizations still underestimate?
๐ https://preregister.axumsec.com
Security Isnโt Enough
In July 2025, attackers actively exploited a critical SharePoint zero-day to gain unauthenticated RCE, deploy web shells, steal machine keys, and persist even after patching.
The hard truth?
Patching closes the door, but it doesnโt tell you who already walked in.
Modern attacks blend into normal operations and stay quiet. Defending against them takes more than alerts it takes continuous validation and real exposure visibility.
Thatโs where AxumSec comes in.
Because modern threats donโt wait and security shouldnโt either.
๐ฌ What cyber risk do you think organizations still underestimate?
๐ https://preregister.axumsec.com
๐ฅ3
The Hacker News
Researchers uncovered SHADOW#REACTOR, a multi-stage campaign delivering Remcos RAT. It starts with an obfuscated VBS launcher, moves through PowerShell, and rebuilds fragmented text payloads in memory. The defining trait is text-only stagers and LOLBin abuseโฆ
First time seeing text-based stagers in the wild ๐ฎโ๐จ These guys are creative as hell fr
their Attack chain was like :
> Obfuscated VBS โ PowerShell โ Text payload fragments โ .NET Reactor loader โ MSBuild.exe โ Remcos RAT
> All in-memory reconstruction (fileless where possible)
> Self-healing downloaders that retry if payloads fail
The whole "access-as-a-service" economy is wild rn ๐
They did slip up tho large .txt files being processed by powerShell would raise SOC eyebrows but their evasion game was strong good
Text-based payloads avoid signature detection
.NET Reactor obfuscation breaks static analysis
Living-off-the-land with MSBuild.exe
Memory-only execution avoids file scanning
Overall rating: 8.5/10 ๐๐
solid OPSEC, creative TTPs, but that PowerShell + .txt combo is a bit loud for sustained stealth ๐
@AfroSec
their Attack chain was like :
> Obfuscated VBS โ PowerShell โ Text payload fragments โ .NET Reactor loader โ MSBuild.exe โ Remcos RAT
> All in-memory reconstruction (fileless where possible)
> Self-healing downloaders that retry if payloads fail
The whole "access-as-a-service" economy is wild rn ๐
They did slip up tho large .txt files being processed by powerShell would raise SOC eyebrows but their evasion game was strong good
Text-based payloads avoid signature detection
.NET Reactor obfuscation breaks static analysis
Living-off-the-land with MSBuild.exe
Memory-only execution avoids file scanning
Overall rating: 8.5/10 ๐๐
solid OPSEC, creative TTPs, but that PowerShell + .txt combo is a bit loud for sustained stealth ๐
@AfroSec
๐คฏ2โก1๐ค1