Tản mạn 2025.004
Chuỗi tản mạn
Một vài thứ hay ho
2025-w27 weekly note
Wednesday weekly note 2025-w27
- Analysis:
- Chinhphu.apk: downloader, obfuscated
- Gh0stRAT & ValleyRAT:
- Proofpoint
- secrss Qi An Xin: custom protocol C2
- Palo Alto:
- psslib: typo, shutdown windows
- BreachForums:
- MyBB 0day
- Phish:
- NjRAT and DCRat: Zoom & Google Meet.
- CapCut: Cofense
- APT35: Checkpoint: spear, legit domain, google domain
- APT-C-36: proton66, checkpoint, .url file
- 0-click FB takeover: send code via FB notification
- System:
- HardeningKitty: windows
- GeminiCli