Paul Rascagneres
@r00tbsd.bsky.social
📤 304
📥 211
📝 1
Lord of Loaders at Volexity
reposted by
Paul Rascagneres
Volexity
6 months ago
@volexity.com
#threatintel
: Multiple Russian threat actors are using Signal, WhatsApp & a compromised Ukrainian gov email address to impersonate EU officials. These phishing attacks abuse 1st-party Microsoft Entra apps + OAuth to compromise targets.
www.volexity.com/blog/2025/04...



#dfir
loading . . .
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows
Since early March 2025, Volexity has observed multiple suspected Russian threat actors conducting highly targeted social engineering operations aimed at gaining access to the Microsoft 365 (M365) acco...
https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-abuse-oauth-in-ongoing-targeted-attacks/
0
18
13
reposted by
Paul Rascagneres
Volexity
6 months ago
Today,
@volexity.com
released GoResolver, open-source tooling to assist reverse engineers with obfuscated Golang samples.
@r00tbsd.bsky.social
& Killian Raimbaud presented details at INCYBER Forum earlier today. Learn how GoResolver works+where to download it:
www.volexity.com/blog/2025/04...
#dfir
loading . . .
GoResolver: Using Control-flow Graph Similarity to Deobfuscate Golang Binaries, Automatically
In the course of its investigations, Volexity frequently encounters malware samples written in Golang. Binaries written in Golang are often challenging to analyze because of the embedded libraries and...
https://www.volexity.com/blog/2025/04/01/goresolver-using-control-flow-graph-similarity-to-deobfuscate-golang-binaries-automatically/
0
24
15
reposted by
Paul Rascagneres
PIVOTcon
7 months ago
📣 Oops!... They did it again!!! 61 Talks submitted and so many too good that, once again, we had to increase a bit the number of accepted talks.🔥
#PIVOTcon25
Agenda is finally here, and the caliber is insane!!! Check it out➡️
pivotcon.org/agenda-2025/
#CTI
#ThreatIntel
Talks and presenters in🧵⬇️ 1/18
1
20
19
reposted by
Paul Rascagneres
PIVOTcon
7 months ago
"Edge Devices Investigation" Paul Rascagneres, Principal Threat Researcher, Volexity (@r00tbsd ,
@r00tbsd.bsky.social
, @
[email protected]
) 5/18
1
8
3
reposted by
Paul Rascagneres
Volexity
8 months ago
@volexity.com
recently identified multiple Russian threat actors targeting users via
#socialengineering
+
#spearphishing
campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success:
www.volexity.com/blog/2025/02...
#dfir
#threatintel
#m365security
loading . . .
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack cam...
https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/
2
34
27
reposted by
Paul Rascagneres
Volexity
10 months ago
This talk is a great way to watch/listen to the details behind the work
@stevenadair.bsky.social
,
@5ck.bsky.social
,
@tlansec.bsky.social
+ Volexity’s
#threatintel
& IR teams did to investigate the Nearest Neighbor Attack. The related blog post is here:
www.volexity.com/blog/2024/11...
add a skeleton here at some point
0
8
6
reposted by
Paul Rascagneres
Volatility
10 months ago
We were happy to have
@volexity.com
's
@stevenadair.bsky.social
&
@5ck.bsky.social
present “The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access” for the
#FTSCon
Keynote in October. The video of their talk is available here:
youtu.be/qSNlDCg-IOM
.
#dfir
loading . . .
https://youtu.be/qSNlDCg-IOM
0
9
8
reposted by
Paul Rascagneres
Daniel Lunghi
10 months ago
Our latest report presents Earth Minotaur, a threat actor targeting Tibetans and Uyghurs using Moonshine, an exploitation framework for Android apps described in 2019 by
@citizenlab.ca
leveraging vulnerabilities in applications embedding old versions of Chromium
trendmicro.com/en_us/resear...
0
12
9
reposted by
Paul Rascagneres
PIVOTcon
11 months ago
#PIVOTcon25
#CfP
is open and you can submit your proposals till 7 FEB 2025 Remember - one track,30m - no recording/streaming/tweeting. U should feel comfy to share more - No TLP:WHITE - Original content only Let us guide u through with a little meme-thread
#CTI
#ThreatIntel
1/10
1
31
22
reposted by
Paul Rascagneres
Volexity
11 months ago
@Volexity.com
has developed a new open-source tool, “HWP Extract”, a lightweight Python library & CLI for interacting with Hangul Word Processor files. It also supports object extraction from password-protected HWP files. Download here:
github.com/volexity/hwp...
loading . . .
GitHub - volexity/hwp-extract: A library and cli tool to extract HWP files.
A library and cli tool to extract HWP files. Contribute to volexity/hwp-extract development by creating an account on GitHub.
https://github.com/volexity/hwp-extract
0
12
6
reposted by
Paul Rascagneres
PIVOTcon
11 months ago
#PIVOTcon25
registration is now OPEN 🤟📥📥📥
pivotcon.org
#CTI
#ThreatResearch
#ThreatIntel
Please read carefully the whole đź§µ for the rules about invite -> registration (1/5)
2
42
33
Let’s try here and see how it goes ;)
11 months ago
0
3
0
reposted by
Paul Rascagneres
tlansec
11 months ago
Excited that we
@volexity.com
are able to share a writeup of one of our most interesting incidents! This case involves: * A 0-day exploit * Physical trips to the customer site to determine root cause * Compromise via Wi-Fi.
www.volexity.com/blog/2024/11...
#nearestneighbor
#threatintel
loading . . .
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...
https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/
3
46
17
reposted by
Paul Rascagneres
Volexity
11 months ago
@volexity.com
’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world.  Read more here:
www.volexity.com/blog/2024/11...
loading . . .
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...
https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/
2
81
54
you reached the end!!
feeds!
log in