Unwrapping Ursnifs Gifts - The DFIR Report
https://thedfirreport.com/2023/01/09/unwrapping-ursnifs-gifts/
Three Lessons from Threema: Analysis of a Secure Messenger
http://breakingthe3ma.app
VirusTotal - File - 1c3efcfd867dd83ade44cc660fb1ee04ff91bd78319f2d1dedca4f92c6725e72
https://www.virustotal.com/gui/file/1c3efcfd867dd83ade44cc660fb1ee04ff91bd78319f2d1dedca4f92c6725e72/detection
Triage | Malware sandboxing report by Hatching Triage
https://tria.ge/230109-caldnaag85
VirusTotal - Domain - maper.info
https://www.virustotal.com/gui/domain/maper.info/relations
ROT26 🇺🇦✊ on Twitter: "I suck at stuff like this, and I know it, but I wanted to let everybody know that @TryCatchHCF died in his sleep on Tuesday due to cancer. (1/4)" / Twitter
https://twitter.com/rotate26chars/status/1612242052955398144
LinkSys EA6100 AC1200 - Part 1 - PCB reversing
https://0x434b.dev/linksys-ea6100_pt1/
Auth0 fixes RCE flaw in JsonWebToken library used by 22,000 projects
https://www.bleepingcomputer.com/news/security/auth0-fixes-rce-flaw-in-jsonwebtoken-library-used-by-22-000-projects/
PoC of TabShell (CVE-2022-41076). More details: https://blog.viettelcybersecurity.com/tabshell-owassrf/ · GitHub
https://gist.github.com/testanull/518871a2e2057caa2bc9c6ae6634103e
Kelsey on Twitter: "#IcedID "3131022508" dropped via PDFs with payloads hosted on firebasestorage\.googleapis\.com.* Thread-hijacked email -> PDF Attachment -> payload download -> Password-Protected Zip -> ISO -> LNK -> CMD -> DLL c2: wagringamuk\.com https://t.co/o4MUWUfhMa https://t.co/mUfZjQ8MeA" / Twitter
https://twitter.com/k3dg3/status/1612495824369471488
The OWASSRF + TabShell exploit chain
https://blog.viettelcybersecurity.com/tabshell-owassrf/
Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions
https://thehackernews.com/2023/01/hackers-distributing-malicious-visual.html
Threema on Twitter: "There’s a new paper on Threema’s old communication protocol. Apparently, today’s academia forces researchers and even students to hopelessly oversell their findings. Here’s some real talk: https://t.co/G53PlDzViL" / Twitter
https://twitter.com/threemaapp/status/1612349998837940226
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls
https://thehackernews.com/2023/01/malicious-pypi-packages-using.html
Cybersecurity Calendars – Threat Intelligence Academy
https://hubs.ly/Q01xnmrR0
Exchange TabShell RCE PoC (CVE-2022-41076) - YouTube
https://youtu.be/i4JcvwVuCSU
GitHub - Wh04m1001/RazerEoP
https://github.com/Wh04m1001/RazerEoP