Jammy Profile Banner
Jammy Profile Image
Jammy

@jcarndt

Followers
780
Following
177
Media
186
Statuses
1,719

Christian, husband, father, IT security, Reverse the malware, click the things

Joined November 2010
Don't wanna be here? Send us removal request.
Jammy Retweeted
@DissectMalware
Malwrologist
8 days ago
Updating grammar is scary... but sometimes inevitable New technique used in #xlm #maldocs that breaks #xlmdeobfuscator: multiple macros in one cell =f1=f2=f3 #xlmdeobfuscator grammar assumes only one formula Fixed in handle_multi_statement branch, still needs more testing https://t.co/7acy5r30PN
Tweet media one
Tweet media two
Tweet media three
1
14
42
@jcarndt
Jammy
a month ago
Gooooood morning, #remcosrat! VBA creates a string, string gets converted to base64, powershell executes base64, powershell downloads .exe, .exe then executes. Nice and easy. https://t.co/m1vMlB0QN6 https://t.co/pGb9NZdNtK
Tweet media one
Tweet media two
0
5
12
Jammy Retweeted
@SBousseaden
Samir
a month ago
macro doc spreading itself via outlook (no malicious payload) https://t.co/F21cDD2mwb https://t.co/nsmFjYAxCb
Tweet media one
1
29
96
@jcarndt
Jammy
a month ago
Just don't "Enable Content". https://t.co/LwITwdxVXw
@ParikPatelCFA
Dr. Parik Patel, BA, CFA, ACCA Esq. 💸
a month ago
The ideal bedsheets don’t exi— https://t.co/u1fU0x4dby
Tweet media one
1
0
2
Jammy Retweeted
@reecdeep
reecDeep
a month ago
Tweet media one
0
14
27
Jammy Retweeted
@bigmacjpg
Kirk Sayre
2 months ago
Malicious Excel writers, start your engines! The obfuscation possibilities for this are HUGE! 😾 Hopefully AMSI XLM 4.0 integration has actually rolled out (??) and AV vendors are looking more closely at XLM 4.0 macros. https://t.co/KP0fgPO1cg
@msexcel
Microsoft Excel
2 months ago
Excel keeps evolving to give users even more. Now, with the power of LAMBDA, you can write your own reusable functions with the Excel formula language. See how we're transforming Excel: https://t.co/QaurxsvtHA https://t.co/wToQ7k3lPc
Tweet media one
2
27
73
@jcarndt
Jammy
2 months ago
If Kaopectate had any marketing sense, they'd be pushing for everyone to have super bowels on this Super Bowl Sunday. #SuperBowl #superbowels
0
0
0
Jammy Retweeted
@reecdeep
reecDeep
2 months ago
#Gozi #ISFB v3 from #French language xls document #France hxxp://uidacrtsppxece.com/ioir.png 🔥c2: topitophug.]xyz version:300932 group: 24 key: 7za1mzR2NxrR21Fc @CERT_FR #infosec #CyberSecurity #cyberattacks #cybercrime #DFIR https://t.co/HZ6omOFbUW
Tweet media one
Tweet media two
Tweet media three
0
17
22
@jcarndt
Jammy
2 months ago
Gooooooooood morning, .xlsb! @InQuest has been putting out some interesting documents lately. Thought I'd take a crack at one. We've got .xlsb, hidden sheets, protected sheets, XLM, and super-sneaky white font. And all that just to drop a .dll. https://t.co/AZGuKEpBSW
3
36
83
Jammy Retweeted
@InQuest
InQuest
2 months ago
Saw a handful of non-weaponized lures yesterday. Looks to be loaded today with the #campo loader today. #GOZI https://t.co/GnzloDVHIP @James_inthe_box @jcarndt @SeraphimDomain @lazyactivist192 @Anti_Expl0it https://t.co/k1tAbeX068
Tweet media one
1
7
14
Jammy Retweeted
@kwm
Keith
2 months ago
💡 Simple, measurable ATT&CK testing via Atomic Red Team. 🔢 Pick a technique, execute test(s), and track: 1. We tested it 2. We have defensive telemetry 3. We detect it 4. We block it ⚛️ Atomic tests https://t.co/OHCU3BduML 📊 Tracking spreadsheet https://t.co/546QiJ6nRH https://t.co/9xemgA7oQM
Tweet media one
5
118
372
Jammy Retweeted
@ffforward
TheAnalyst
2 months ago
Tweet media one
Tweet media two
Tweet media three
3
25
66
Jammy Retweeted
@Europol
Europol
2 months ago
Bye-bye botnets👋 Huge global operation brings down the world's most dangerous malware. Investigators have taken control of the Emotet botnet, the most resilient malware in the wild. Get the full story: https://t.co/NMrBqmhMIf https://t.co/K28A6ixxuM
Tweet media one
71
2K
3K
Jammy Retweeted
@InQuest
InQuest
2 months ago
🍩🏆 Wave of low detection maldocs 🏆🍩 The doughnut trophy experiment is sourcing great samples. Making sure to include into the InQuest Breach and Attack Simulation. https://t.co/e86xUQNI8W sup.dll <-hxxp://172.105.79[.]146/campo/o/o @James_inthe_box @jcarndt Wacatac? https://t.co/qP58Vh4VhM
Tweet media one
3
10
18
Jammy Retweeted
@DissectMalware
Malwrologist
2 months ago
Amazed by the complexity of obfuscation in this #Zloader (f9adf499bc16bfd096e00bc59c3233f022dec20c20440100d56e58610e4aded3) Updated #xlrd2 to parse arrays Added multiple functions to #xlmdeobfuscator Fixed a few bugs Work in progress Image shows how a letter is deobfuscated https://t.co/VTjGY4QT2R
Tweet media one
3
15
41