Will

@BushidoToken

Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil

🇬🇧

Joined March 2013

3KFollowing

35KFollowers

Pinned

Will@BushidoToken · Jul 19

I am very pleased to announce I will be speaking at @AdversaryVillag at @DEFCON 33! My first time in Las Vegas 🇺🇸🎰 Come to Creator Stage 3 (Room 231) on 10 August at 11am to catch my talk! adversaryvillage.org/adversary-even…

BushidoToken's tweet image. I am very pleased to announce I will be speaking at @AdversaryVillag at @DEFCON 33! My first time in Las Vegas 🇺🇸🎰

Come to Creator Stage 3 (Room 231) on 10 August at 11am to catch my talk!

adversaryvillage.org/adversary-even…

8.0K

Pinned

Will@BushidoToken · Jul 24

Thanks for the report @AWNetworks! Further connected infrastructure based on upstream traffic patterns: 2.56.127.158 - cypowertech[.]org 94.131.108.94 - techzcore[.]org (recent & potentially live campaign) All four IPs in the attached image were suspended @the_hosting_ 🐉🤝🤖

AArctic Wolf@AWNetworks · Jul 23

The Arctic Wolf Labs team has uncovered a new campaign by APT group Dropping Elephant targeting major Turkish defense contractors and weapons manufacturers. Learn more in our latest blog: ow.ly/xLih50WueNn #HypersonicEspionage #TurkeyPakistan #DroppingElephant #Türkiye

6.0K

Will@BushidoToken · 12 h

Detections engineers, threat hunters, you should be putting controls in place for ‘Bring-Your-Own-EDR (BYOEDR)’ style attacks

MMike Manrod@CroodSolutions · 22 h

EDR-on-EDR Violence 1/🧵 @BushidoToken called out that EDR products were being abused by threat actors. @Shammahwoods & I realized a free trial of an attacker controlled EDR can be used to kill the existing EDR. @techspence @UK_Daniel_Card @Jhaddix github.com/CroodSolutions…

15.0K

Will Retweeted

Mike Manrod@CroodSolutions · 22 h

250

229

41.0K

Will@BushidoToken · Jul 25

Resharing this useful catalog of various EDR products "shell" and response functionalities by @cbecks_2 related to the Thread discussion below 👇 github.com/cbecks2/edr-ar…

WWill@BushidoToken · Jul 24

There’s various reports of cybercriminals abusing CrowdStrike RTR, the SentinelOne installer, and the Wazuh SIEM Agent. Seems we could do with a new @MITREattack TTP for this threat. Should be a concern for orgs running any of type of EDR/SIEM agents. (Sources linked below)

4.0K

Will@BushidoToken · Jul 25

What % of the 128 do we estimate these being DPRK 🇰🇵 IT workers 😆

LLinkedIn Lunatics@LinkedInLunat1c · Jul 25

2.0K

Will@BushidoToken · Jul 24

Creating phishing pages just got even easier! 😆

SSatya Nadella@satyanadella · Jul 23

Today we’re releasing GitHub Spark — a new tool in Copilot that turns your ideas into full-stack apps, entirely in natural language.

2.0K

Will Retweeted

Europol@Europol · Jul 23

🚨 Suspected admin of xss.is, a top Russian-speaking cybercrime forum, was arrested in Ukraine. The suspect, active for nearly 20 years, allegedly made €7M facilitating cybercrime. 🇫🇷🇺🇦🇪🇺 Operation led by France with Europol support. europol.europa.eu/media-press/ne…

158

346

77.0K

Will Retweeted

Microsoft Threat Intelligence@MsftSecIntel · Jul 22

Microsoft is sharing details from ongoing investigations of threat actors exploiting vulnerabilities targeting on-premises SharePoint servers. Linen Typhoon, Violet Typhoon, and Storm-2603 have been observed exploiting the vulnerabilities: msft.it/6015sE1p5

144

48.0K

Will@BushidoToken · Jul 21

Nothing too exciting by APT41 🇨🇳 here IMO, using Impacket, CobaltStrike, Mimikatz, Pillager, RawCopy, Neo-reGeorg Using a compromised SharePoint server for C2 is interesting I guess, especially with this new ToolShell exploit for SharePoint servers securelist.com/apt41-in-afric…

BushidoToken's tweet card. Kaspersky experts analyze an incident that saw APT41 launch a targeted attack on government IT services in Africa.

291

129

23.0K

Will@BushidoToken · Jul 20

Another exploit, another weekend of notifications. The recent SharePoint issues are a significant concern for us all. @CuratedIntel members continue to do gods work behind the scenes to stop the next wave of file theft and ransomware attacks as best we all can 🫡

2.0K

Will Retweeted

Adversary Village@AdversaryVillag · Jul 20

#Talk announcement! @BushidoToken from @teamcymru, will speak on “Red Russians: How Russian APTs Follow Offensive Security Research". 🗓️ Aug 10, 11:00-11:30 PDT 📍 Creator Stage 3, LVCC More: adversaryvillage.org/adversary-even… #AdversaryVillage at @defcon 33 #ThreatIntel #APT #DEFCON33

2.0K

Will Retweeted

Adversary Village@AdversaryVillag · Jul 19

The Schedule is Live! Check out the lineup of talks, workshops, panel discussions, and hands-on activities happening at Adversary Village at @defcon 33! Schedule: adversaryvillage.org/adversary-even… Mark your calendars - we can't wait to see you all at DEF CON! #AdversaryVillage #DEFCON33

3.0K

Will Retweeted

NCSC UK@NCSC · Jul 18

🚨Today, the NCSC is revealing that Russian military intelligence has been responsible for deploying a sophisticated malware dubbed AUTHENTIC ANTICS as part of its operations. ncsc.gov.uk/news/uk-call-o…

214

106

45.0K