Kir @dober@infosec.exchange

The end of Empire. #cybersec
Development stops on PowerShell Empire framework after project reaches its goal. https://www.zdnet.com/article/development-stops-on-powershell-empire-framework-after-project-reaches-its-goal/

Ok, #BLUEKEEP (CVE-2019-0708) in Immunity #Canvas now. When to expect in #CobaltStrike?
RT: @immunityinc@twitter.com
https://twitter.com/Immunityinc/status/1153752470130221057

#Dataleak from the Russian "0day" cybersec company that tried to sell the solution to #Telegram blocking
https://mega.nz/#F!GR8AVYqS!xNWBHEA7b2ciTNN3Qtk_wQ

Reverse engineer and review the Gamaredon Group Pteranodon Implant (including its batch scripts and decoding mechanism)
https://www.vkremez.com/2019/01/lets-learn-deeper-dive-into-gamaredon.html

APT #Gamaredon (RU) - GOV.UA targeting:
MD5: 49CDE7D0CA755F0C284D9690E84711AC
New #malware, old tehniques:
1. SFX with fake MS Word ico show real document and execute #Pteranodon
2. Comm through fake wget to winrouts.ddns[.]net

Hacker's story: https://pastebin.com/3rzCqrFk

crosspost from @matrix since their instance is currently down:

We’ve taken down the servers which host https://Matrix.org and https://Riot.im for emergency security maintenance - estimated downtime is several hours. More updates as we have them.

the security maintenance is to address issues with Matrix.org's production infrastructure. This is not a Synapse issue.

An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a matrix.org user you should change your password now.

https://matrix.org have been pwned Vulnerabilities in the groovy plugin in #jenkins, multiplied by the incorrect setting of the CI sandbox.

COPRocessor - chip that deals with all that floating point mathematical shit