Advertisement Β· 728 Γ— 90
#
Hashtag
#AdversaryTradecraft
Advertisement Β· 728 Γ— 90
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Hashtag index for navigation:
#InsiderThreat
#RansomOps
#SupplyChainSecurity
#CTI
#AdversaryTradecraft
#CyberDisinfo
#EDRAbuse
#APT15

Stay informed. Stay unpredictable. Stay ahead.

1 0 0 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Thread 7: PurpleHaze

A China-linked APT breached a vendor with access to SentinelOne’s logistics β€” targeting the supply chain, not the core.

#APT15 #SupplyChainSecurity #AdversaryTradecraft

0 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Thread 6: Nitrogen

One ransomware gang skipped hacking altogether β€” and licensed security software by impersonating real companies.

#RansomOps #EDRAbuse #AdversaryTradecraft

0 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Thread 4: Recruiters as Sensors
SentinelOne trained recruiters to spot adversary patterns.

Result: hiring became a detection system.

#CTI #InsiderThreat #AdversaryTradecraft

0 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Thread 3: Resume Warfare
DPRK IT workers submitted 1,000+ fake job applications.

Their goal?
Insider access.

#InsiderThreat #APT38 #AdversaryTradecraft

0 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Thread 2: Vendors Are the Target
Security companies aren’t off-limits β€” they’re central objectives.

One breach = insight into thousands of environments.

#EDRAbuse #CyberDisinfo #AdversaryTradecraft

0 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

🧡 Here’s the full recap.

#AdversaryTradecraft #CTI #CyberDisinfo

0 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Hashtags for this thread:
#CTI #InsiderThreat #AdversaryTradecraft #SupplyChainSecurity

3 1 0 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Next:
Recap Thread

A summary of this 9-thread series β€” all the tactics, all the links, all the takeaways.

#CTI #AdversaryTradecraft #SupplyChainSecurity

0 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

From hiring to sales to vendor vetting β€” CTI is everywhere.
🧡
#CTI #InsiderThreat #AdversaryTradecraft

0 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Hashtags for this thread:
#APT15 #CyberDisinfo #AdversaryTradecraft #CTI

5 1 0 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Next:
Threat Intel as the Corporate Nervous System

Why CTI isn’t a backroom team anymore β€” it’s how companies defend hiring, sales, product, and trust.

#CTI #InsiderThreat #AdversaryTradecraft

0 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

This isn’t just espionage. It’s strategic ambiguity.
🧡
#APT15 #CyberDisinfo #AdversaryTradecraft

0 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Hashtags for this thread:
#APT15 #SupplyChainSecurity #AdversaryTradecraft #CyberDisinfo

3 1 0 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Next:
ShadowPad, ScatterBrain & Attribution Fog

How Chinese APTs hide in shared tools and blended infrastructure β€” and why that makes disinfo so easy.

#APT15 #CyberDisinfo #AdversaryTradecraft

1 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Here’s how China’s PurpleHaze threat cluster quietly probed the supply chain.
🧡
#APT15 #SupplyChainSecurity #AdversaryTradecraft

1 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Hashtags for this thread:
#RansomOps #EDRAbuse #AdversaryTradecraft #CyberDisinfo

3 0 0 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Next:
China’s PurpleHaze: When the Target Is Your Logistics Vendor

What happens when the attacker compromises your suppliers instead of your servers.
#SupplyChainSecurity #APT15 #AdversaryTradecraft

0 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Nitrogen: The Ransomware Gang That Buys Its Way In

They didn’t hack an EDR console.
They didn’t bribe an insider.
They posed as a real company β€” and bought the software.

Nitrogen is changing how ransomware gains access.
🧡
#RansomOps #EDRAbuse #AdversaryTradecraft

10 4 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Hashtags for this thread:
#RansomOps #EDRAbuse #AdversaryTradecraft #CyberDisinfo

2 0 0 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Ransomware crews are probing, bribing, and buying their way into EDR platforms β€” before the attack even starts.
🧡
#RansomOps #EDRAbuse #AdversaryTradecraft

1 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Hashtags for this thread:
#InsiderThreat #CTI #AdversaryTradecraft #CyberDisinfo

2 0 0 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Next:
Access for Sale

Ransomware crews aren’t bypassing your security tools β€” they’re logging into them.
#EDRAbuse #RansomOps #AdversaryTradecraft

1 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

How Recruiters Became Intelligence Sensors

The inbox is the new intrusion vector.

And the people reading resumes? They’re part of your threat surface.

Here’s how one security company turned hiring into early warning.
🧡
#CTI #InsiderThreat #AdversaryTradecraft

6 3 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Hashtags for this thread:
#InsiderThreat #APT38 #AdversaryTradecraft #CTI

2 0 0 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Next:
How Recruiters Became Intelligence Sensors

How one collaboration turned passive screening into proactive threat detection.

#InsiderThreat #CTI #AdversaryTradecraft

2 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

And they’re getting smarter.
🧡
#InsiderThreat #APT38 #AdversaryTradecraft

2 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Hashtags for this thread:
#InsiderThreat #EDRAbuse #CyberDisinfo #AdversaryTradecraft

2 0 0 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

Up next:
Resume Warfare

North Korea isn’t just hacking your infrastructure β€” it’s applying for jobs.

#InsiderThreat #APT38 #AdversaryTradecraft

2 0 1 0
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
Gavril Ducu πŸ‡·πŸ‡΄ πŸ‡©πŸ‡ͺ πŸ‡ΊπŸ‡Έ πŸ‡³πŸ‡± πŸ‡ͺπŸ‡Ί πŸ‡ΊπŸ‡¦
@ducugavril.nafoforum.org
11 months ago

🧡 Why security vendors sit at the center of the modern threat surface.
#AdversaryTradecraft #CyberDisinfo

0 0 1 0