@zxqa.bsky.social
*Can’t decide my path—there’s just too much to protect.* Forever learning, always adapting. 💻✨ #CyberSecurity #ThreatHunter #InfoSec
youtube.com/clip/UgkxTSp...
When we’re quick to give advice, what happens?
Made some enhancements to my website xdscvr.com
02.04.2025 16:00 — 👍 0 🔁 0 💬 0 📌 0
Someone forgot to filter for prompt injection...
27.03.2025 16:21 — 👍 131 🔁 18 💬 5 📌 0Hayo,
I built my webapp which searches in google then outputs the search results in addition to ai summary for each search result!! Isn’t that amazing 😍
my-threat-news.vercel.app
How do you exit vim?
18.02.2025 10:06 — 👍 0 🔁 0 💬 0 📌 0Ever used forensics for threat detection?
If yes please explain.
Registry Settings for Code Persistence
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run: used to start automatically for all users during system startup.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run: used to start automatically for the current user during login.
Important registry files:
%SYSTEMROOT%\system32\config
-- SYSTEM
-- SOFTWARE
-- SAM
-- SECURITY
user profile (e.g., c:\users\administrator)
-- NTUSER.DAT
-- USRCLASS.DAT
C:\Windows\appcompat\Programs\
-- AMCACHE.HVE
It seems like a remote job is a good idea *manifesting*
07.02.2025 00:24 — 👍 0 🔁 0 💬 0 📌 0
06.02.2025 21:03 — 👍 0 🔁 0 💬 0 📌 0
Or how many incidents have occurred when in fact there were no detection rules activated to detect any !
04.02.2025 09:14 — 👍 0 🔁 0 💬 0 📌 0number of vulnerabilities patched when in fact the scanner wasn’t functioning.. Properly so the number is not accurate 🫢 and list goes on of issues
04.02.2025 09:13 — 👍 0 🔁 0 💬 1 📌 0I do consider myself highly qualified for the job of cybersecurity operations manager but i always get hit by audits because the way I look to it is that i see operational issues and I fix them but to the audits they want lets say
04.02.2025 09:13 — 👍 0 🔁 0 💬 1 📌 0Totally agree
04.02.2025 09:07 — 👍 1 🔁 0 💬 1 📌 0And just when we think we’re ahead,
Suddenly, all our efforts feel like they’re unseen, and we’re back to square one.
Every time I feel like I’m making progress whether by implementing a new solution or improving a process I get hit by regulatory checks that expose fundamental gaps.
04.02.2025 08:48 — 👍 0 🔁 0 💬 1 📌 0
People who work in cyber security of a highly regulated companies.. how do you manage the pressure of compliance and especially when IT fails to provide the necessary support or even follow basic cybersecurity guidelines?
04.02.2025 08:48 — 👍 0 🔁 0 💬 1 📌 0You’re welcome
30.01.2025 22:44 — 👍 0 🔁 0 💬 0 📌 0
i am on a mission to complete all defensive security badges in Cybrary because why NOT!
29.01.2025 16:29 — 👍 1 🔁 0 💬 0 📌 0
29.01.2025 15:42 — 👍 1 🔁 0 💬 0 📌 0
Yeah I did install it on my pc its easy to setup 👍🏼
29.01.2025 15:39 — 👍 0 🔁 0 💬 0 📌 0
I stumbled upon this open-source ChatGPT alternative that runs 100% offline!
jan.ai
Deepseek has been my daily driver for a while and what most don't know is that it is suspiciously good at writing offsec tools...
26.01.2025 09:45 — 👍 4 🔁 4 💬 1 📌 0LOLBins/Drivers Key resources:
→ LOLBAS: [lolbas-project.github.io](lolbas-project.github.io)
→ LOLDrivers: [loldrivers.io](www.loldrivers.io)
Detect abused tools & malicious drivers.
#LOLBins #LOLDrivers
11. CDK
- Escapes Docker via `mount-cgroup` and deploys crypto miners.
12. LockBit 3.0 Builder
- Custom `LB3.exe` drops ransom notes linking to `t.me/You_Dun`.
13. Telegram & Redis
- Telegram channel `You_Dun` for victim shaming.
→ [The DFIR Report](thedfirreport.com)
9. Viper C2
- Installation: Deployed via `curl -sL f8x.io/viper | bash`.
Privilege Escalation
10. Traitor
- Exploits Linux vulns (e.g., CVE-2021-4034) for root access.
🚨 the "You Dun" Threat Group
Command & Control (C2)
8. Cobalt Strike
- Plugins:
- TaoWu: Drops `SharpHound.exe` for AD recon and `JuicyPotato.dll` for privilege escalation.
- Ladon: Automates payload execution across Windows domains.
🛑 the "You Dun" Threat Group
exploitation toolkit:
5. SQLmap
- Automated SQLi tool used to dump databases
6. Seeyon_exp
- Custom exploit
7. Weaver_exp
- Zhiyuan OA weaponizer leveraging deserialization flaws.
[The DFIR Report](thedfirreport.com)
4. Dirsearch
- Directory brute-forcer to map exposed endpoints.
- TTP: Targets `/wp-admin`, `/backup`, and other sensitive paths.
- Detect: Block IPs with repetitive `404`/`403` errors in short timeframes.
3. Xray
- mass vulnerability scanner probing Chinese websites for misconfigurations.
- TTP: Focuses on CMS platforms and IoT devices.
- Detect: Watch for aggressive scanning patterns (e.g., 10+ unique paths/sec).
