Comprehensive analysis of malicious behavior in files shared via Discord. Key findings include:
A detailed analysis of the sample associated with "EclipseOfLegends" was conducted using Hybrid Analysis.
The sample (hash: df46dbe66498cd0d9ea8cc62c693172943bc91ff200c06617aa1f5503dae7976) revealed
the following findings:
RCC.exe, PID: 3320) was associated with the sample.The full Hybrid Analysis report can be accessed here.
Conducted Open Source Intelligence (OSINT) research to identify 9 discord servers and reporting 160 websites hosting or distributing illegal pornographic content. Collaborated with hosting providers to ensure these websites and server's were taken down efficiently within legal frameworks as well as contributing actionable intelligence to law enforcement.
As a Twitch chat moderator for multiple streamers, I developed numerous regular expressions to filter out spam, malicious links, and inappropriate content. These expressions helped maintain a positive and safe environment for the community by automatically identifying and removing harmful messages.
(?i)(^(best|b\se\ss\st) (viewers|v\si\se\sw\se\sr\ss) (on|o\s))\b([w-wW-W][a-aA-A][n-nN-N][n-nN-N][a-aA-A]\s[b-bB-B][e-eE-E][c-cC-C]
[o-oO-O][m-mM-M][e-eE-E]\s[f-fF-F][a-aA-A][m-mM-M][o-oO-O][u-uU-U][s-sS_S].<>\s[b-bB-B][u-uU-U][y-yY-Y]\s([p-pP-P][r-rR-R][i-iI-I][m-mM-M]
[e-eE-E][s-sS-S]|[f-fF-F][o-oO-O][l-lL-L][l-lL-L][o-oO-O][w-wW-W][e-eE-E][r-rR-R][s-sS-S]|[v-vV-V][i-iI-I][e-eE-E][w-wW-W][e-eE-E]
[r-rR-R][s-sS-S]|[v-vV-V][i-iI-I][e-eE-E][w-wW-W][s-sS-S]))\b
These contributions streamlined moderation tasks, reducing manual interventions and ensuring real-time enforcement of community guidelines.
These extensions showcase my practical contributions to cybersecurity during my SOC analyst internship. Each tool addresses inefficiencies in manual workflows, saving time for security professionals and streamlining threat analysis processes. By automating repetitive tasks like IP checks, Event ID lookups, and IOC searches, these tools demonstrate my problem-solving skills and focus on practical cybersecurity applications.
This Firefox extension facilitates quick lookups of IP addresses on AbuseIPDB, enabling security professionals to identify malicious activity efficiently. Designed with network administrators and SOC analysts in mind, it streamlines the process of assessing the trustworthiness of IP addresses without needing direct access to AbuseIPDB's web interface. Unique features include handling direct IP lookups and simplifying threat detection workflows.
This tool allows users to perform real-time IP address and domain investigations on Shodan. Security analysts can retrieve detailed device and network information instantly, enhancing threat intelligence capabilities. The extension processes user-selected text for IP addresses or domains, transforming it into actionable insights via Shodan's search capabilities. It's an indispensable resource for deep-dive device reconnaissance.
The VirusTotal Lookup extension streamlines the identification of malware by searching URLs, domains, and file hashes on VirusTotal. Security researchers benefit from its ability to handle complex redirects and provide immediate access to VirusTotal's threat intelligence database. It's an essential tool for anyone conducting malware analysis or IOC verification.
This extension supports SOC analysts and system administrators in investigating Windows security logs. By quickly retrieving detailed information on selected Event IDs, it eliminates the need for manual searches in documentation, making log analysis more efficient and precise.
Automates ARP spoofing attacks, redirecting traffic on local networks to monitor or intercept communications. This tool is effective for simulating man-in-the-middle (MITM) scenarios and identifying security weaknesses in ARP protocols.
Helps identify and prevent ARP spoofing attacks on local networks. By monitoring for unusual ARP activity, it aids in maintaining the integrity of network communications.
Injects arbitrary code into network traffic to simulate exploitation scenarios. Useful for testing application robustness and identifying vulnerabilities in poorly secured systems.
Redirects DNS queries to a specified IP, enabling researchers to study how devices behave when presented with malicious DNS responses. A valuable tool for analyzing DNS security.
Captures files transmitted over network protocols, providing insights into potential data exfiltration risks during an active MITM attack.
Alters the MAC address of a network interface for anonymity and testing purposes. Ideal for bypassing network restrictions or simulating scenarios involving device spoofing.
Scans a specified subnet to identify active hosts and retrieve their IP and MAC addresses. This tool supports reconnaissance tasks and helps network administrators maintain an up-to-date inventory of connected devices.
Monitors network traffic in real-time, capturing HTTP requests and filtering for login credentials. Aids in analyzing unsecured traffic and evaluating the risk of sensitive information being exposed.
These tools are designed to enhance system performance monitoring and simplify troubleshooting: