Log inSign up
Vitali Kremez
4,669 posts
Image
user avatar
Vitali Kremez
@VK_Intel
Ethical Hacker | Reverse Engineer | CEO @AdvIntel | Malware Course Author "Zero2Hero" / "Zero2Automated" | Former .gov Cybercrime | Threat Seeker Award
New York, NY
vkremez.com
Joined August 2015
86
Following
43.4K
Followers
RepliesRepliesMediaMedia

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • Pinned
    user avatar
    Vitali Kremez
    @VK_Intel
    Aug 9, 2022
    🎁Gift for the community: Post-#Conti #ransomware operation mindmap world. Enjoy!
    Image
  • user avatar
    Vitali Kremez
    @VK_Intel
    Aug 11, 2021
    Meme of the day - exploring typical flow of ransomware initial access patient zero research
    Image
  • user avatar
    Vitali Kremez
    @VK_Intel
    Apr 12, 2020
    [*] Beware: Some scams utilize my name and impersonate myself to amplify extortions.
    Image
  • user avatar
    Vitali Kremez
    @VK_Intel
    Dec 2, 2020
    🔥We have a major discovery to be announced soon probably one of the most important in 2020 😉 Stay tuned until tomorrow.
    Image
    GIF
  • user avatar
    Vitali Kremez
    @VK_Intel
    Dec 17, 2021
    🔥[Breaking blog] Ransomware Advisory:#Log4Shell Exploitation for Initial Access & Lateral Movement 1⃣Log4Shell |2⃣Discovery: Conti Becomes The First Sophisticated Crimeware Group Weaponizing Log4j2 |3⃣Early Warning: Ransomware Exploitation of Vuln advintel.io/post/ransomwar…
    Image
    Image
  • user avatar
    Vitali Kremez
    @VK_Intel
    Nov 6, 2020
    2020-11-06: 🔥[Breaking] 📚"Anatomy of Attack: Inside #BazarBackdoor to #Ryuk #Ransomware "one" Group via #CobaltStrike" 1⃣Ryuk “one” Adversary Dossier 🔖 2⃣Cobalt Strike Anatomy of the Attack ⛓️ 3⃣Post-Exploitation Detections & Mitigations 🛡️ advanced-intel.com/post/anatomy-o…
    Image
    Image
    Image
    Image
  • user avatar
    Vitali Kremez
    @VK_Intel
    Jul 2, 2021
    🤯Today is the largest ransomware case by impact on a Friday! >200 orgs 📌REvil affiliate "sub:8254" - watch for changing logged-on user's pass & config to automatically login on reboot as "DTrump4ever" It is recommended to immediately isolate Kaseya VSA! h/t @malwrhunterteam
    Image
    Image
  • user avatar
    Vitali Kremez
    @VK_Intel
    Apr 21, 2021
    🛡Tomorrow at 10am ET we release probably one of the largest unique discoveries/service ever of its kind. The discovery is tied to a number of high-profile breaches & ransomware cases across the globe. It will illuminate old breaches for which never figured out initial access.
    Image
    GIF
  • user avatar
    Vitali Kremez
    @VK_Intel
    Mar 25, 2021
    2021-03-25: 🔥[Anatomy of an Attack] #REvil #Ransomware Human Exploitation Operation: 🦆Windows Defender Bypass Includes SmartScreen ShutDown 🎯Hunting Query: icacls "%systemroot%\System32\smartscreen.exe" /inheritance:r /remove *S-1-5-32-544 *S-1-5-11 *S-1-5-32-545 *S-1-5-18
    Image
  • user avatar
    Vitali Kremez
    @VK_Intel
    Nov 3, 2020
    2020-11-03: 🆕👁‍🗨#RegretLocker #Ransomware 🔒 Weaponizes Windows Virtualization for Ransomware🔥 1⃣open_virtual_drive /* OpenVirtualDisk➡️AttachVirtualDisk➡️ GetVirtualDiskPhysicalPath➡️.➡️ */ 2⃣smb_scanner 3⃣crypted_callback 4⃣get_process_opened_file (Rm*) h/t @malwrhunterteam
    Image
    Image
    Image
    Image
  • user avatar
    Vitali Kremez
    @VK_Intel
    Dec 3, 2020
    2020-12-03:🔥 And ... [Major Discovery] 🤖"Persist, Brick, Profit -#TrickBot Offers New “#TrickBoot” UEFI-Focused Functionality" 🆕*First* Time Crimeware Group Pursued UEFI Firmware Exploitation | #YARA+IOCs in MISP JSON/CSV @eclypsium | @IntelAdvanced advanced-intel.com/post/persist-b…
    Image
    Image
    Image
  • user avatar
    Vitali Kremez
    @VK_Intel
    May 18, 2021
    🔥Welcome to a new era...Introducing #MountLocker #Ransomware | Domain “Worm” Feature 🏘️First corporate ransomware for "pros" w/ LDAP domain queries for Active Directory enumeration LDAP ActiveDS API NetGetDCName➡️ADsOpenObject(…“(objectClass=computer)“) h/t @malwrhunterteam
    Image
  • user avatar
    Vitali Kremez
    @VK_Intel
    Mar 24, 2021
    2021-03-23:🆕 #REvil #Ransomware Smart Tactics to Bypass EDR/AV Probably Inspired by #Snatch Earlier WinExec API: 1⃣bootcfg /raw /a /safeboot:network /id 1 2⃣bcdedit /set {current} safeboot network 🛡️Ensure security product is running in "safe mode" as it is not often the case.
    Image
  • user avatar
    Vitali Kremez
    @VK_Intel
    Jun 8, 2020
    2020-06-08: 🆕🐍#SNAKE/#EKANS #Ransomware | Possible @Honda Lockdown Incident RW References to Honda: 1⃣Honda ISP ("AHMC") 🇺🇸IP "170.108.71. 153" 2⃣"MDS. HONDA. COM" Check Source: C:/Users/Admin3/go/src/.../<RAND>.go @malwrhunterteam @BleepinComputer
    Image
    Image
    Image
Advertisement
Advertisement