Lightnews — Scholar-powered news

Reposted by Ronnie Salomonsen

gab 🇺🇦🇵🇸 @gabagool.ing · Apr 7

Excellent breakdown of the “Rogue RDP” TTP we’ve seen susp Russian APT UNC5837 using in their campaigns written by my colleague Rohit (@IzySec over on X)

Windows Remote Desktop Protocol: Remote to Rogue | Google Cloud Blog

A novel phishing campaign by Russia-nexus espionage actors targeting European government and military organizations.

cloud.google.com

8 16

Ronnie Salomonsen @r0ns3n.dk · Apr 7

Windows Remote Desktop Protocol: Remote to Rogue
cloud.google.com/blog/topics/...

Windows Remote Desktop Protocol: Remote to Rogue | Google Cloud Blog

A novel phishing campaign by Russia-nexus espionage actors targeting European government and military organizations.

cloud.google.com

1 3

Ronnie Salomonsen @r0ns3n.dk · Mar 13

Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers @googlecloud cloud.google.com/blog/topics/...

Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers | Google Cloud Blog

We discovered China-nexus threat actors deployed custom backdoors on Juniper Networks’ Junos OS routers.

cloud.google.com

1

Ronnie Salomonsen @r0ns3n.dk · Feb 3

CVE-2023-6080: A Case Study on Third-Party Installer Abuse @googlecloud cloud.google.com/blog/topics/...

CVE-2023-6080: A Case Study on Third-Party Installer Abuse | Google Cloud Blog

Mandiant exploited flaws in the Microsoft Software Installer repair action of Lakeside Software's SysTrack installer to obtain arbitrary code execution.

cloud.google.com

Ronnie Salomonsen @r0ns3n.dk · Jan 29

ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator @googlecloud cloud.google.com/blog/topics/...

ScatterBrain: Unmasking the Shadow of PoisonPlug's Obfuscator | Google Cloud Blog

We been tracking multiple espionage operations conducted by China-nexus actors utilizing POISONPLUG.SHADOW malware.

cloud.google.com

Reposted by Ronnie Salomonsen

Volatility @volatilityfoundation.org · Jan 17

@volatilityfoundation.org New Release: #volatility3 v2.11.0 - visit github.com/volatilityfo... for details and downloads.

#memoryforensics #dfir

The latest Volatility 3 is now available at https://github.com/volatilityfoundation/volatility3/releases

5 4

Ronnie Salomonsen @r0ns3n.dk · Dec 19

New to Google Secops: Top Ten YARA-L Rules Troubleshooting Tips www.googlecloudcommunity.com/gc/Community...

New to Google Secops: Top Ten YARA-L Rules Troubleshooting Tips

I’ve been asked a few times in the past month for tips that I use to troubleshoot YARA-L rules. As I thought about it, I realized this covers a lot of ground because when building detection logic, we ...

www.googlecloudcommunity.com

2

Ronnie Salomonsen @r0ns3n.dk · Dec 14

XRefer: The Gemini-Assisted Binary Navigator @googlecloud cloud.google.com/blog/topics/...

XRefer: The Gemini-Assisted Binary Navigator | Google Cloud Blog

A Gemini-powered tool to reduce response and triage time when faced with increasingly large and complex malware.

cloud.google.com

1 2

Ronnie Salomonsen @r0ns3n.dk · Dec 5

cloud.google.com/blog/topics/...

Ronnie Salomonsen @r0ns3n.dk · Dec 4

cloud.google.com/blog/topics/...

1

Ronnie Salomonsen @r0ns3n.dk · Dec 4

virustotal.github.io/yara-x/blog/...

Reposted by Ronnie Salomonsen

Allison Nixon @nixonnixoff.bsky.social · Dec 2

yay this feature is built into bluesky yay

3 7 59

Reposted by Ronnie Salomonsen

Russel Van Tuyl @russelvantuyl.bsky.social · Nov 17

Nice write up from Mandiant on some practical use cases for leveraging AI to help red team operations. What are some other use cases ya’ll are thinking of? cloud.google.com/blog/topics/...

AI Enhancing Your Adversarial Emulation | Google Cloud Blog

Learn how Mandiant Red Team is using Gemini and LLMs for adversarial emulation and defense.

cloud.google.com

1 1 2

Reposted by Ronnie Salomonsen

Russell Lowery @russell-lowery.bsky.social · Nov 19

The bad guys are moving faster.

Mandiant analyzed 138 vulnerabilities. 97 of them were exploited before patches were available.

#cyber

cloud.google.com/blog/topics/...

How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends | Google Cloud Blog

Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild.

cloud.google.com

1

Reposted by Ronnie Salomonsen

Will T @bushidotoken.net · Nov 18

Looking for more people to follow on BlueSky? Find the @curatedintel.bsky.social folks here: go.bsky.app/Kfp62Uh

3 17 28

Reposted by Ronnie Salomonsen

techy @techy.detectionengineering.net · Nov 18

I made a Detection Engineering starter pack, will be adding more as more folks jump over to bluesky! go.bsky.app/HenXJUR

8 55 130

Reposted by Ronnie Salomonsen

PIVOTcon @pivotcon.bsky.social · Nov 19

#PIVOTcon25 registration is now OPEN 🤟📥📥📥
pivotcon.org
#CTI #ThreatResearch #ThreatIntel
Please read carefully the whole 🧵 for the rules about invite -> registration (1/5)

two men are standing next to each other with the words " we open it up " on the screen

ALT: two men are standing next to each other with the words " we open it up " on the screen

media.tenor.com

2 22 42

Ronnie Salomonsen @r0ns3n.dk · Nov 19

cloud.google.com/blog/topics/...

Empowering Gemini for Malware Analysis with Code Interpreter and Google Threat Intelligence | Google Cloud Blog

When used for malware analysis, Gemini now has capabilities to address obfuscation, and obtain insights on IOCs.

cloud.google.com

1

Reposted by Ronnie Salomonsen

Austin Larsen @austinlarsen.me · Nov 18

#UNC5537 proved to be one of the most consequential threat actors of 2024 when they launched a campaign in April 2024 that systematically compromised misconfigured SaaS instances across over a hundred organizations.

cloud.google.com/blog/topics/...

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion | Google Cloud Blog

A campaign targeting Snowflake customer database instances with the intent of data theft and extortion.

cloud.google.com

1 1 2

Ronnie Salomonsen @r0ns3n.dk · Nov 18

Hello World

1 3