Profero @ProferoSec

For two years we told clients to wait on post-quantum migration. As of this month, we are telling them to start. Two recent papers cut the qubits needed to break P-256 by ~20x. Valsorda now puts CRQC at 2029. Inventory your crypto. Ship ML-KEM hybrid in TLS 1.3. profero.io/blog/quantum-c…

We added a detection rule for --allow-dangerously-skip-permissions in Claude Desktop. Then we found an attack chain nobody was talking about. "No shell, no impact" is the wrong mental model for AI agents. An agent running with that flag, even with Bash blocked, can still: • Read SSH private keys, .env files, AWS credentials, and browser session databases • Write to ~/.zshrc, .git/hooks/pre-commit, ~/.ssh/authorized_keys, or source files in your repo Execution is deferred. The next terminal you open, the next commit you push, the next CI run, runs the payload. It gets worse. Skills load as trusted context with no signatures, no checksums, and no version pinning. Inject once, persist in ~/.claude/skills/, and wait. The user invokes the skill days later in a fresh session, and the payload runs with full trust. No anomalous process, network, or permission signal to catch it. What defenders should do today: • Monitor ~/.claude/skills/ for unexpected modifications • Vet every MCP tool and skill before installation • Audit shell configs and git hooks after any agent session • Stop treating --allow-dangerously-skip-permissions as safe just because Bash is off Full breakdown by @barnhartguy : profero.io/blog/hiddenper… #AISecurity #IncidentResponse #ThreatIntelligence #ClaudeCode #RapidIR

The war between wars is being fought inside your controllers. Our IRT breaks down an IRGC front’s paired IT wiper and OT sabotage campaign, with GRAT IOCs and a YARA rules. profero.io/blog/war-betwe…

From the Profero team. Happy Shavuot! May your holiday be filled with peace, growth, and meaningful moments.

Our team just published research on a malware campaign that hit 25+ organizations, several in Israel. The attacker built it so badly that anyone who opened a sample got kill-switch access to the entire botnet. The malware: WindowsAudit. Runs as LocalSystem on compromised hosts. Discord as C2. The mistake: Discord bot token hardcoded in plaintext inside the binary. No XOR, no encryption, no obfuscation. Same token in every sample on every infected machine. What we did with it: • Authenticated to Discord with the token and pulled the full activity history •Extracted everything the attacker stole from victims: AD dumps, network maps, screenshots, file listings, usernames •Identified 25 distinct victims from the data •Tracked the attacker’s working hours and timezone in real time •Every time a new build got pushed, automation grabbed it, reversed it, and pulled fresh IOCs The architecture is worse: •Every infected host runs the same binary •That binary receives commands from the attacker AND can issue commands to other infected hosts •No command signing, no authentication. If you hold the token, you operate the botnet. •A single command could uninstall the malware from every victim. Accidental kill switch. We didn’t fire it. Any command we sent would surface in the attacker’s Discord and burn the monitoring op. Full IOCs in the writeup. Worth a look if you’re defending an Israeli environment. profero.io/blog/windowsau…

New research from Profero: a malware campaign affecting 25+ organizations, several in Israel, brought down by the attacker’s own operational security failure. The malware, WindowsAudit, runs as LocalSystem on compromised hosts and uses Discord for command and control. The Discord bot token was hardcoded in plaintext inside the binary, identical across every sample on every infected machine. Our research team used the exposed token to: •Authenticate to the attacker’s Discord and recover the full operation history •Recover all data the attacker had exfiltrated from victims, including AD dumps, network maps, screenshots, and file listings •Identify 25 distinct victim organizations •Profile the attacker’s working hours and timezone in real time •Automatically retrieve, analyze, and extract IOCs from every new build the attacker deployed A flaw in the malware’s design compounded the issue. Every infected host runs the same binary, capable of both receiving commands from the operator and issuing commands to other infected hosts. No signing, no authentication. Anyone holding the token could push a single command and uninstall the malware across the entire botnet. An accidental kill switch. We chose not to use it. Any command we sent would have appeared in the attacker’s own Discord and ended the monitoring operation. Full technical writeup and IOCs available at the link below. Particularly relevant for organizations operating in Israel. profero.io/blog/windowsau…

Full teardown, detections, and IOCs: profero.io/blog/windowsau…

Profero IRT pulled apart "WindowsAudit.exe", a 101MB .NET RAT running as LocalSystem that uses a Discord guild as its primary C2. Two channels inside one guild: one for tasking, one for results. Operators issue slash commands to target agents by hostname, Machine GUID, or broadcast to all. MQTT and Telegram sit as fallbacks. Inside the kit: LSASS dumps, DPAPI browser theft, full AD takeover toolkit, Hell's Gate syscalls, AMSI/ETW patches, EDR kill for 15+ vendors, WireGuard relay for pivoting. This isn't a script-kiddie RAT. Looks like a ransomware crew warming up.

Happy Independence Day!

profero.io/blog/everyone-…

Mythos is a real capability leap. The threat model that changes is narrower than the coverage implies, concentrated where it was always going to hurt most: incident response.

What happens when incident responders build their own platform? Rapid‑IR: Reforged brings four operational quadrants into one system, powered by Deep Breach Focus™ and designed as a continuous workflow where every feature was created to support real preparation and real response.

Read the full story: profero.io/blog/the-theat…

Russia's GRU built NotPetya. This week "Russian Legion" misspelled SharePoint in a fake nuclear breach screenshot. That gap is strategy, not decline. Full brief in next reply.

Deep Breach Focus™ is what makes Rapid‑IR: Reforged different. Built entirely in-house from real breach casework, it turns years of incident response experience into continuous scoring, prioritization, and intelligence-without relying on third-party AI. Your data never leaves the platform. Real incident knowledge. Applied where it matters.

Happy Easter! While you take time to recharge, Rapid‑IR: Reforged is here to keep readiness running-so when incident response matters most, you're already prepared.

Happy Passover to our customers, partners, and community. May your holiday be peaceful, and may Rapid‑IR bring even more confidence and readiness to your security journey.

Read the full blogpost: profero.io/blog/why-we-re…

When an incident hits at 2 AM, most organizations don't start with response-they start with chaos. PDFs, scattered tools, unclear priorities, and a clock that's already running. That's not rapid response. Years of real casework taught us something simple: the organizations that recover fastest aren't the ones with the biggest teams. They're the ones that were ready before the incident began. That's why we rebuilt Rapid-IR: Reforged, from the ground up-not as a feature update, but as a complete platform built around one conviction: the fastest response starts before the incident. Read the full blog in the first comment.

We don't know exactly how Handala got into Kash Patel's accounts-and we're not going to speculate. But after years tracking MOIS-linked intrusions, the answer is usually far less "zero-day" and far more credential dumps, stealer logs, and old breach data. Read the full breakdown on the blog: profero.io/blog/the-key-w…