The Hacker News
Researchers uncovered SHADOW#REACTOR, a multi-stage campaign delivering Remcos RAT. It starts with an obfuscated VBS launcher, moves through PowerShell, and rebuilds fragmented text payloads in memory. The defining trait is text-only stagers and LOLBin abuseโฆ
First time seeing text-based stagers in the wild ๐ฎโ๐จ These guys are creative as hell fr
their Attack chain was like :
> Obfuscated VBS โ PowerShell โ Text payload fragments โ .NET Reactor loader โ MSBuild.exe โ Remcos RAT
> All in-memory reconstruction (fileless where possible)
> Self-healing downloaders that retry if payloads fail
The whole "access-as-a-service" economy is wild rn ๐
They did slip up tho large .txt files being processed by powerShell would raise SOC eyebrows but their evasion game was strong good
Text-based payloads avoid signature detection
.NET Reactor obfuscation breaks static analysis
Living-off-the-land with MSBuild.exe
Memory-only execution avoids file scanning
Overall rating: 8.5/10 ๐๐
solid OPSEC, creative TTPs, but that PowerShell + .txt combo is a bit loud for sustained stealth ๐
@AfroSec
their Attack chain was like :
> Obfuscated VBS โ PowerShell โ Text payload fragments โ .NET Reactor loader โ MSBuild.exe โ Remcos RAT
> All in-memory reconstruction (fileless where possible)
> Self-healing downloaders that retry if payloads fail
The whole "access-as-a-service" economy is wild rn ๐
They did slip up tho large .txt files being processed by powerShell would raise SOC eyebrows but their evasion game was strong good
Text-based payloads avoid signature detection
.NET Reactor obfuscation breaks static analysis
Living-off-the-land with MSBuild.exe
Memory-only execution avoids file scanning
Overall rating: 8.5/10 ๐๐
solid OPSEC, creative TTPs, but that PowerShell + .txt combo is a bit loud for sustained stealth ๐
@AfroSec
๐คฏ2โก1๐ค1
Forwarded from Florida๐ธ
I built my own AI News Pipeline (and why?..."readily made" apps weren't enough for me:(
I have seen many apps that claim to deliver customized news, but most of them are hidden systems where you can't control the logic, or they get the facts wrong..i wanted a system that acted as a high level content curator, so I built a custom ETL pipeline to solve this for myself
Here is what you won't find in most AI news apps:
-Parallel Data Architecture: this prevents AI hallucinations by splitting the data stream. the LLM handles the creative rewrite, while the original URLs are preserved in a separate path.
- Local LLM: by running the intelligence layer locally, i eliminated API costs,privacy concerns and third-party subscriptions.
- Smart Ranking & Filtering: delivering only the top 6 highest value stories
As a result,i no longer wake up to a mess of notifications...i just get a professional and summarized briefing of exactly what I need to know
I have seen many apps that claim to deliver customized news, but most of them are hidden systems where you can't control the logic, or they get the facts wrong..i wanted a system that acted as a high level content curator, so I built a custom ETL pipeline to solve this for myself
Here is what you won't find in most AI news apps:
-Parallel Data Architecture: this prevents AI hallucinations by splitting the data stream. the LLM handles the creative rewrite, while the original URLs are preserved in a separate path.
- Local LLM: by running the intelligence layer locally, i eliminated API costs,privacy concerns and third-party subscriptions.
- Smart Ranking & Filtering: delivering only the top 6 highest value stories
As a result,i no longer wake up to a mess of notifications...i just get a professional and summarized briefing of exactly what I need to know
โก9๐ฅ4
Rather Be (feat. Jess Glynne)
Clean Bandit
โค2โก2๐ฅฐ1
Forwarded from Cyber Vanguard @ CTBE
Are you ready to join today and tomorrow's cybersecurity foot soldiers?
picoCTF-Africa 2026 is back! Bigger, better and upto 80 students to be awarded!
Join our picoCTF-Africa prep info session
๐ 24 January
โฐ 11 am Rwanda time ( convert time to your own country )
โ๏ธโ๐ฅ bit.ly/picoCTF2026
Registration for the CTF opens on 1 February 2026, so get ready.
Competition runs 9 - 19 March 2026
stay alert. protect your accounts. share this with a friend
https://www.instagram.com/p/DTxI73ZDAS2/?igsh=MWlzYWgwbTZ1c3UyMA==
picoCTF-Africa 2026 is back! Bigger, better and upto 80 students to be awarded!
Join our picoCTF-Africa prep info session
๐ 24 January
โฐ 11 am Rwanda time ( convert time to your own country )
โ๏ธโ๐ฅ bit.ly/picoCTF2026
Registration for the CTF opens on 1 February 2026, so get ready.
Competition runs 9 - 19 March 2026
stay alert. protect your accounts. share this with a friend
https://www.instagram.com/p/DTxI73ZDAS2/?igsh=MWlzYWgwbTZ1c3UyMA==
โก3
fearsoff.org
Cloudflare Zero-day: Accessing Any Host Globally
Discover how a Cloudflare WAF bypass in /.well-known/acme-challenge/ exposed origins, its impact, and the fix. A must-read for security pros.
https://fearsoff.org/research/cloudflare-acme
so i was Just reading about logic bug in Cloudflare's ACME validation Found by Fearsoff .
when Cloudflare handles SSL cert challenges (/.well-known/acme-challenge/*), it turns off WAF so CAs can validate without interference but the old logic sometimes disabled WAF even for invalid tokens, letting malicious requests slip through to origin. smooth bypass path.
i also saw that Cloudflare posted about it Cloudflare blog
they patched it quick and they said that no evidence of exploitation so far,
( nah i dont believe that tho ๐)
@AfroSec
so i was Just reading about logic bug in Cloudflare's ACME validation Found by Fearsoff .
when Cloudflare handles SSL cert challenges (/.well-known/acme-challenge/*), it turns off WAF so CAs can validate without interference but the old logic sometimes disabled WAF even for invalid tokens, letting malicious requests slip through to origin. smooth bypass path.
i also saw that Cloudflare posted about it Cloudflare blog
they patched it quick and they said that no evidence of exploitation so far,
@AfroSec
1โก1๐ค1๐คฏ1
aight guys
one step forward always โจ
today i took the CRTA exam and passed uk it was a bit tricky at some point but i handled it ๐ช
through this cert i learned:
โข Red Teaming
โข Pentesting
โข MITRE ATT&CK
โข Web & Network Attacks
โข Enterprise Tech
โข Windows Security
โข Adversary Simulation
โข Red Team Methodologies
but look you gotta have a researcher mindset. you gotta explore beyond the course and the syslabs.
tbh i subscribed to this for the sake of infra, ykโฆ for pivot and stuff like that.
anyway let's celebrate small wins here ๐
thanks that you guys are here all the time.
like i said always one step forward
@AfroSec
one step forward always โจ
today i took the CRTA exam and passed uk it was a bit tricky at some point but i handled it ๐ช
through this cert i learned:
โข Red Teaming
โข Pentesting
โข MITRE ATT&CK
โข Web & Network Attacks
โข Enterprise Tech
โข Windows Security
โข Adversary Simulation
โข Red Team Methodologies
but look you gotta have a researcher mindset. you gotta explore beyond the course and the syslabs.
tbh i subscribed to this for the sake of infra, ykโฆ for pivot and stuff like that.
anyway let's celebrate small wins here ๐
thanks that you guys are here all the time.
like i said always one step forward
@AfroSec
3๐ฅ26๐3๐2โก1
Forwarded from Android Security & Malware
Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation
https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
Welivesecurity
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation.
๐คฏ3