The Hacker News
Researchers uncovered SHADOW#REACTOR, a multi-stage campaign delivering Remcos RAT. It starts with an obfuscated VBS launcher, moves through PowerShell, and rebuilds fragmented text payloads in memory. The defining trait is text-only stagers and LOLBin abuse…
First time seeing text-based stagers in the wild 😮💨 These guys are creative as hell fr
their Attack chain was like :
> Obfuscated VBS → PowerShell → Text payload fragments → .NET Reactor loader → MSBuild.exe → Remcos RAT
> All in-memory reconstruction (fileless where possible)
> Self-healing downloaders that retry if payloads fail
The whole "access-as-a-service" economy is wild rn 😂
They did slip up tho large .txt files being processed by powerShell would raise SOC eyebrows but their evasion game was strong good
Text-based payloads avoid signature detection
.NET Reactor obfuscation breaks static analysis
Living-off-the-land with MSBuild.exe
Memory-only execution avoids file scanning
Overall rating: 8.5/10 😂😂
solid OPSEC, creative TTPs, but that PowerShell + .txt combo is a bit loud for sustained stealth 🙃
@AfroSec
their Attack chain was like :
> Obfuscated VBS → PowerShell → Text payload fragments → .NET Reactor loader → MSBuild.exe → Remcos RAT
> All in-memory reconstruction (fileless where possible)
> Self-healing downloaders that retry if payloads fail
The whole "access-as-a-service" economy is wild rn 😂
They did slip up tho large .txt files being processed by powerShell would raise SOC eyebrows but their evasion game was strong good
Text-based payloads avoid signature detection
.NET Reactor obfuscation breaks static analysis
Living-off-the-land with MSBuild.exe
Memory-only execution avoids file scanning
Overall rating: 8.5/10 😂😂
solid OPSEC, creative TTPs, but that PowerShell + .txt combo is a bit loud for sustained stealth 🙃
@AfroSec
🤯2⚡1🤓1
Forwarded from Florida🛸
I built my own AI News Pipeline (and why?..."readily made" apps weren't enough for me:(
I have seen many apps that claim to deliver customized news, but most of them are hidden systems where you can't control the logic, or they get the facts wrong..i wanted a system that acted as a high level content curator, so I built a custom ETL pipeline to solve this for myself
Here is what you won't find in most AI news apps:
-Parallel Data Architecture: this prevents AI hallucinations by splitting the data stream. the LLM handles the creative rewrite, while the original URLs are preserved in a separate path.
- Local LLM: by running the intelligence layer locally, i eliminated API costs,privacy concerns and third-party subnoscriptions.
- Smart Ranking & Filtering: delivering only the top 6 highest value stories
As a result,i no longer wake up to a mess of notifications...i just get a professional and summarized briefing of exactly what I need to know
I have seen many apps that claim to deliver customized news, but most of them are hidden systems where you can't control the logic, or they get the facts wrong..i wanted a system that acted as a high level content curator, so I built a custom ETL pipeline to solve this for myself
Here is what you won't find in most AI news apps:
-Parallel Data Architecture: this prevents AI hallucinations by splitting the data stream. the LLM handles the creative rewrite, while the original URLs are preserved in a separate path.
- Local LLM: by running the intelligence layer locally, i eliminated API costs,privacy concerns and third-party subnoscriptions.
- Smart Ranking & Filtering: delivering only the top 6 highest value stories
As a result,i no longer wake up to a mess of notifications...i just get a professional and summarized briefing of exactly what I need to know
⚡9🔥4
Forwarded from Cyber Vanguard @ CTBE
Are you ready to join today and tomorrow's cybersecurity foot soldiers?
picoCTF-Africa 2026 is back! Bigger, better and upto 80 students to be awarded!
Join our picoCTF-Africa prep info session
📅 24 January
⏰ 11 am Rwanda time ( convert time to your own country )
⛓️💥 bit.ly/picoCTF2026
Registration for the CTF opens on 1 February 2026, so get ready.
Competition runs 9 - 19 March 2026
stay alert. protect your accounts. share this with a friend
https://www.instagram.com/p/DTxI73ZDAS2/?igsh=MWlzYWgwbTZ1c3UyMA==
picoCTF-Africa 2026 is back! Bigger, better and upto 80 students to be awarded!
Join our picoCTF-Africa prep info session
📅 24 January
⏰ 11 am Rwanda time ( convert time to your own country )
⛓️💥 bit.ly/picoCTF2026
Registration for the CTF opens on 1 February 2026, so get ready.
Competition runs 9 - 19 March 2026
stay alert. protect your accounts. share this with a friend
https://www.instagram.com/p/DTxI73ZDAS2/?igsh=MWlzYWgwbTZ1c3UyMA==
⚡3
fearsoff.org
Cloudflare Zero-day: Accessing Any Host Globally
Discover how a Cloudflare WAF bypass in /.well-known/acme-challenge/ exposed origins, its impact, and the fix. A must-read for security pros.
https://fearsoff.org/research/cloudflare-acme
so i was Just reading about logic bug in Cloudflare's ACME validation Found by Fearsoff .
when Cloudflare handles SSL cert challenges (/.well-known/acme-challenge/*), it turns off WAF so CAs can validate without interference but the old logic sometimes disabled WAF even for invalid tokens, letting malicious requests slip through to origin. smooth bypass path.
i also saw that Cloudflare posted about it Cloudflare blog
they patched it quick and they said that no evidence of exploitation so far,
( nah i dont believe that tho 🙄)
@AfroSec
so i was Just reading about logic bug in Cloudflare's ACME validation Found by Fearsoff .
when Cloudflare handles SSL cert challenges (/.well-known/acme-challenge/*), it turns off WAF so CAs can validate without interference but the old logic sometimes disabled WAF even for invalid tokens, letting malicious requests slip through to origin. smooth bypass path.
i also saw that Cloudflare posted about it Cloudflare blog
they patched it quick and they said that no evidence of exploitation so far,
@AfroSec
1⚡1🤔1🤯1
aight guys
one step forward always ✨
today i took the CRTA exam and passed uk it was a bit tricky at some point but i handled it 💪
through this cert i learned:
• Red Teaming
• Pentesting
• MITRE ATT&CK
• Web & Network Attacks
• Enterprise Tech
• Windows Security
• Adversary Simulation
• Red Team Methodologies
but look you gotta have a researcher mindset. you gotta explore beyond the course and the syslabs.
tbh i subscribed to this for the sake of infra, yk… for pivot and stuff like that.
anyway let's celebrate small wins here 🎉
thanks that you guys are here all the time.
like i said always one step forward
@AfroSec
one step forward always ✨
today i took the CRTA exam and passed uk it was a bit tricky at some point but i handled it 💪
through this cert i learned:
• Red Teaming
• Pentesting
• MITRE ATT&CK
• Web & Network Attacks
• Enterprise Tech
• Windows Security
• Adversary Simulation
• Red Team Methodologies
but look you gotta have a researcher mindset. you gotta explore beyond the course and the syslabs.
tbh i subscribed to this for the sake of infra, yk… for pivot and stuff like that.
anyway let's celebrate small wins here 🎉
thanks that you guys are here all the time.
like i said always one step forward
@AfroSec
3🔥26🎉3🏆2⚡1
Forwarded from Android Security & Malware
Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation
https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
Welivesecurity
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation.
🤯3