Marc Rivero | @seifreed's Avatar

Marc Rivero | @seifreed

@seifreed.bsky.social

🌍 Geopolitics & Cyber Intel | 🧠 Reverse Engineering Pro | πŸ”Ž Geostrategy Analyst | πŸ’» Combatting Cybercrime & APT | πŸš€ All tweets are my own!

225 Followers  |  4 Following  |  1,260 Posts  |  Joined: 09.02.2024
Posts Following

Posts by Marc Rivero | @seifreed (@seifreed.bsky.social)


Preview
##debug Add DRCOV trace import by seifreed Β· Pull Request #25275 Β· radareorg/radare2 Summary add DRCOV coverage import as analysis plugin (a:drcov) parse drcov v2 files and mark traced basic blocks load sample from testbins (drcov/drcov.sample) Testing r2r test/db/archos/linux-x...

#DRCOV coverage import support added. You can now load drcov traces via the analysis plugin (a:drcov) to mark executed blocks and improve static analysis based on coverage data.
Special thanks to @trufae.bsky.social for its support during the review @radareorg.bsky.social github.com/radareorg/ra...

25.01.2026 08:50 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Guarding Against Physical Attacks: The Xbox One Story (2019) | Hacker News Games consoles aim to prevent piracy/cheat modchips, even though the device owner has physical access and legal ownership. The levels Microsoft had to go to to prevent such attacks are something to…

Guarding Against Physical Attacks: The Xbox One Story (2019) | Hacker News news.ycombinator.com/item?id=4647...

04.01.2026 09:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
A Game's Memory: Reverse Engineering Mount and Blade: Warband | Hacker News reply

A Game's Memory: Reverse Engineering Mount and Blade: Warband | Hacker News

03.01.2026 17:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Ya lo he cambiado

30.05.2025 16:53 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
GOFFEE’s recent attacks: new tools and techniques Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

GOFFEE continues to attack organizations in Russia securelist.com/goffee-apt-n...

26.05.2025 08:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
A miner and the ClipBanker Trojan being distributed via SourceForge Malicious actors are using SourceForge to distribute a miner and the ClipBanker Trojan while utilizing unconventional persistence techniques.

Attackers distributing a miner and the ClipBanker Trojan via SourceForge securelist.com/miner-clipba...

25.05.2025 16:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
APT group ToddyCat exploits a vulnerability in ESET for DLL proxying While analyzing a malicious DLL library used in attacks by APT group ToddyCat, Kaspersky experts discovered the CVE 2024-11859 vulnerability in a component of ESET’s EPP solution.

How ToddyCat tried to hide behind AV software securelist.com/toddycat-apt...

25.05.2025 08:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
US Border Patrol Called Raid 300 Miles From Border 'Targeted'. Open Source Evidence Suggests Otherwise - bellingcat US Border Patrol travelled 300 Miles for a 'targeted' operation. Rights groups say it was anything but targeted.

US Border Patrol Called Raid 300 Miles From Border β€˜Targeted’. Open Source Evidence Suggests Otherwise www.bellingcat.com/news/2025/04...

24.05.2025 16:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
What Audio Analysis Reveals About Aid Workers Killed in Gaza - bellingcat Hundreds of shots fired at aid convoy that resulted in deaths of multiple aid workers, audio analysis shows.

What Audio Analysis Reveals About Aid Workers Killed in Gaza www.bellingcat.com/news/2025/04...

24.05.2025 08:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Analysis of Lazarus Group’s Attack on Windows Web Servers - ASEC AhnLab SEcurity intelligence Center (ASEC) has identified attack cases of the Lazarus group breaching a normal server and using it as a C2. Attacks that install a web shell and C2 script on South…

Analysis of Lazarus Group’s Attack on Windows Web Servers asec.ahnlab.com/en/86687/

23.05.2025 16:08 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor - ASEC AhnLab SEcurity intelligence Center (ASEC) uncovered that attackers, suspected to be Arabic speakers, have been distributing ViperSoftX malware targeting Korean victims since April 1, 2025.…

ViperSoftX Malware Distributed by Arabic-Speaking Threat Actor asec.ahnlab.com/en/87398/

23.05.2025 08:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
March 2025 APT Group Trends (South Korea) - ASEC Overview Β  AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea using its own infrastructure. This report covers the classification, statistics, and features of the APT…

March 2025 APT Group Trends (South Korea) asec.ahnlab.com/en/87400/

22.05.2025 16:06 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
March 2025 Threat Trend Report on Ransomware - ASEC This report provides statistics on the number of new ransomware samples, number of targeted systems, and targeted companies collected in March 2025, as well as major Korean and international…

March 2025 Threat Trend Report on Ransomware asec.ahnlab.com/en/87445/

22.05.2025 08:55 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Ransom & Dark Web Issues Week 2, April 2025 - ASEC ASEC Blog publishes Ransom & Dark Web Issues Week 2, April 2025 Β  Β  Β  Β  Β  Β  Β  Β  Β  Β  DragonForce’s Acquisition of RansomHub: A New Paradigm in the Ransomware Ecosystem Analysis of a Major Security…

Ransom & Dark Web Issues Week 2, April 2025 asec.ahnlab.com/en/87409/

21.05.2025 16:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
March 2025 Infostealer Trend Report - ASEC This report provides statistics, trends, and case information on the distribution quantity, distribution methods, and disguise techniques of Infostealer collected and analyzed during March 2025.…

March 2025 Infostealer Trend Report asec.ahnlab.com/en/87444/

21.05.2025 08:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Mobile Security & Malware Issue 2st Week of April, 2025 - ASEC ASEC Blog publishes β€œMobile Security & Malware Issue 2st Week of April, 2025”

Mobile Security & Malware Issue 2st Week of April, 2025 asec.ahnlab.com/en/87436/

20.05.2025 16:06 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Silent Ransom Group "Call-back" Phishing Campaign - Arctic Wolf Arctic Wolf has observed an uptick in activity from the Silent Ransom Group. The group has been targeting the legal industry using "call-back" phishing tactics. Find recommendations.

Silent Ransom Group β€œCall-back” Phishing Campaign arcticwolf.com/resources/bl...

20.05.2025 08:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Claro!

20.05.2025 06:58 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Amazon EC2 instance metadata targeted in SSRF attacks EC2 instance metadata can include sensitive information such as IAM role credentials.

Amazon EC2 instance metadata targeted in SSRF attacks | SC Media www.scworld.com/news/amazon-...

19.05.2025 16:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Proteger dispositivos Android, Windows y Linux contra el rastreo a travΓ©s de la red Find My El ataque nRootTag aprovecha la red de Apple para rastrear los dispositivos Android, Windows y Linux de otros proveedores. Descubre cΓ³mo es posible y cΓ³mo protegerte del ataque.

bit.ly/3XPSY4F es-prod-documents.imgix.net/undefined?w=...

19.05.2025 08:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
GoResolver: Using Control-flow Graph Similarity to Deobfuscate Golang Binaries, Automatically In the course of its investigations, Volexity frequently encounters malware samples written in Golang. Binaries written in Golang are often challenging to analyze because of the embedded libraries…

GoResolver: Using Control-flow Graph Similarity to Deobfuscate Golang Binaries, Automatically www.volexity.com/blog/2025/04...

18.05.2025 16:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Max severity RCE flaw discovered in widely used Apache Parquet A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0.

Max severity RCE flaw discovered in widely used Apache Parquet www.bleepingcomputer.com/news/securit...

18.05.2025 08:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Europcar GitLab breach exposes data of up to 200,000 customers A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information…

Europcar GitLab breach exposes data of up to 200,000 customers www.bleepingcomputer.com/news/securit...

17.05.2025 16:04 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Australian pension funds hit by wave of credential stuffing attacks Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts.

Australian pension funds hit by wave of credential stuffing attacks www.bleepingcomputer.com/news/securit...

17.05.2025 08:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
PoisonSeed phishing campaign behind emails with wallet seed phrases A large-scale phishing campaign dubbed 'PoisonSeed' compromisesΒ corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets.

PoisonSeed phishing campaign behind emails with wallet seed phrases www.bleepingcomputer.com/news/securit...

16.05.2025 16:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Port of Seattle says ransomware breach impacts 90,000 people ​Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an…

Port of Seattle says ransomware breach impacts 90,000 people www.bleepingcomputer.com/news/securit...

16.05.2025 08:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
WinRAR flaw bypasses Windows Mark of the Web security alerts A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine.

WinRAR flaw bypasses Windows Mark of the Web security alerts www.bleepingcomputer.com/news/securit...

15.05.2025 16:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Coinbase to fix 2FA account activity entry freaking out users Coinbase is fixing an incorrect account activity message that freaks out customers and makes them think their credentials were compromised.

Coinbase to fix 2FA account activity entry freaking out users www.bleepingcomputer.com/news/securit...

15.05.2025 08:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Carding tool abusing WooCommerce API downloaded 34K times on PyPI A newly discovered malicious PyPi package named 'disgrasya'Β that abuses legitimate WooCommerce stores for validatingΒ stolen credit cards has been downloaded over 34,000 timesΒ from the open-source…

Carding tool abusing WooCommerce API downloaded 34K times on PyPI www.bleepingcomputer.com/news/securit...

14.05.2025 16:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
OpenAI tests watermarking for ChatGPT-4o Image Generation model OpenAI is reportedly testing a new "watermark" for the Image Generation model, which is a part of the ChatGPT 4o model.

OpenAI tests watermarking for ChatGPT-4o Image Generation model www.bleepingcomputer.com/news/artific...

14.05.2025 08:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0