Corsin
@cocaman.ch
📤 225
📥 237
📝 21
it security & cyber guy, research @
http://vulnerability.ch
, friendly, swiss | Opinions are my own
reposted by
Corsin
thesilence
23 days ago
#PIVOTcon2026
call for papers is open! Remember, it's
#PIVOTcon
for a reason - your proposal should give insight into techniques and methodology, not just "what my favorite threat group did last summer". 😎 Bring on those proposals!
#CFP
add a skeleton here at some point
0
7
4
reposted by
Corsin
Ollie Whitehouse
2 months ago
Our annual review is out covering technical highlights such as - Engineering resilience against critical loss - Passkeys - The future of digital identity - Post quantum crypt transition - Our Initiate r&d program with industry - Radical transparency in technology .. and more
add a skeleton here at some point
0
7
7
reposted by
Corsin
Disobey_Fi
5 months ago
You know you want to speak at Disobey 2026. And now is your chance to do that! Our CfP is open at:
cfp.disobey.fi/disobey-2026/
Check the guidelines from the link and send your proposal by Sep 30th!
0
11
7
reposted by
Corsin
Greg Lesnewich
5 months ago
Tap in to the stream this week for some YARA fun, highlighting some crazy rules, how I think about learning yara (or anything) as a mid-career professional, and more!
add a skeleton here at some point
3
14
6
Well, where else do you get fresh Yara rules? cc
@stvemillertime.bsky.social
@greg-l.bsky.social
5 months ago
2
6
0
Finally a new template for a phishing email. Sender IP: 45.138.48[.]158 Subject: Your email quarantine summary!!! URLscan:
urlscan.io/result/01980...
Phishing URL reported and blocked by Google Safe Browsing already.
5 months ago
0
1
0
reposted by
Corsin
Saher
7 months ago
@greg-l.bsky.social
drops knowledge on TA406 (Konni) as North Korea shows new interest in Ukraine, likely to keep tabs on the progress of the war and Russia's ability to keep pace on the battlefield
www.proofpoint.com/us/blog/thre...
loading . . .
TA406 Pivots to the Front | Proofpoint US
What happened In February 2025, TA406 began targeting government entities in Ukraine, delivering both credential harvesting and malware in its phishing campaigns. The aim of these
https://www.proofpoint.com/us/blog/threat-insight/ta406-pivots-front
1
15
14
reposted by
Corsin
Ollie Whitehouse
8 months ago
Incidents impacting retailers – recommendations from the NCSC
www.ncsc.gov.uk/blog-post/in...
loading . . .
Incidents impacting retailers – recommendations from the NCSC
A joint blog post by the NCSC’s National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse.
https://www.ncsc.gov.uk/blog-post/incidents-impacting-retailers
0
4
2
reposted by
Corsin
Greg Lesnewich
8 months ago
amazing work from Palo Alto and Wired today on TraderTraitor (aka SlowPisces, UNK_MachoMan, UNC something or other, Jade Sleet)
unit42.paloaltonetworks.com/slow-pisces-...
www.wired.com/story/trader...
and a minor line item, only one mention of the L word is a major success
loading . . .
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
North Korean state-sponsored group Slow Pisces (Jade Sleet) targeted crypto developers with a social engineering campaign that included malicious coding challenges. North Korean state-sponsored group ...
https://unit42.paloaltonetworks.com/slow-pisces-new-custom-malware/
0
3
2
reposted by
Corsin
evacide
9 months ago
Infosec must not remain silent while Trump goes after Chris Krebs:
www.eff.org/deeplinks/20...
loading . . .
Cybersecurity Community Must Not Remain Silent On Executive Order Attacking Former CISA Director
Cybersecurity professionals and the infosec community have essential roles to play in protecting our democracy, securing our elections, and building, testing, and safeguarding government infrastructur...
https://www.eff.org/deeplinks/2025/04/cybersecurity-community-must-not-remain-silent-executive-order-attacking-former
3
348
171
reposted by
Corsin
Bartek Jerzman
10 months ago
Aaaaand we have just released the
#PIVOTcon25
#agenda
Again You will find there crème de la crème of
#CTI
#ThreatIntel
#ThreatReserch
Top researchers tracking both APTs and cybercriminals using very clever and effective PIVOTs 😎💪 Link and thank you ⬇️1/2
add a skeleton here at some point
1
5
1
reposted by
Corsin
10 months ago
February 2025 was a high-volume month on data leak and ransomware sites. Our system picked up and enriched 705 events, the highest ever. CL0p has been active posting victims from their December 2024 attack against vulnerable Cleo servers. Get the full picture with our subscription at
eCrime.ch
0
5
6
Great job by police organisations around the globe to seize domains and arrest
#ransomware
operators of Phobos/#8BASE.
www.khaosodenglish.com/news/2025/02...
11 months ago
0
19
5
reposted by
Corsin
Andy Greenberg
11 months ago
A teen DOGE staffer recently given access to government systems worked at a startup known for hiring convicted hackers. Someone using a Telegram handle associated with him also solicited a cyberattack-for-hire service in 2022. All raising questions about his vetting.
www.wired.com/story/edward...
loading . . .
DOGE Teen Owns ‘Tesla.Sexy LLC’ and Worked at Startup That Has Hired Convicted Hackers
Experts question whether Edward Coristine, a DOGE staffer who has gone by “Big Balls” online, would pass the background check typically required for access to sensitive US government systems.
https://www.wired.com/story/edward-coristine-tesla-sexy-path-networks-doge/
1225
19421
9226
reposted by
Corsin
Selena Larson
11 months ago
Subscribing to WIRED should be mandatory for anyone who is concerned about what's happening and wants in-depth coverage from journalists who have been reporting on privacy, security, feds, and national security for years. Plus my besties
@dell.bsky.social
and
@couts.bsky.social
work there.
add a skeleton here at some point
0
19
4
reposted by
Corsin
Squiblydoo
11 months ago
Interesting report from Twitter: "Another certificate was acquired by this company and used to sign a malicious kernel driver. The driver injects an IIS module into w3wp.exe, embedding JS into webpages that redirects to a Chinese adult site, tricking users into downloading a spyware-like app."
1
2
1
@benkoe.com
Apple Intelligence seit heute in der Schweiz verfügbar?
11 months ago
0
1
0
reposted by
Corsin
Internet Archive
12 months ago
This year, we worked swiftly to save legacy media sites
Vice.com
and MTVNews before decades worth of valuable journalism could be erased. These sites are now searchable on the Wayback Machine! Help us in saving these resources::
https://archive.org/donate/?origin=blsky-eoy2024
53
8197
2289
reposted by
Corsin
Ollie Whitehouse
about 1 year ago
The Annual Report for the National Cyber Security Centre is out
www.ncsc.gov.uk/collection/n...
Threat assessment:
www.ncsc.gov.uk/collection/n...
loading . . .
NCSC Annual Review 2024
Looking back at the National Cyber Security Centre's eighth year and its key developments and highlights, between 1 September 2023 and 31 August 2024.
https://www.ncsc.gov.uk/collection/ncsc-annual-review-2024
1
12
7
It’s complete! The script migrated 37.7 million archived posts, making them lightning-fast to search.
add a skeleton here at some point
about 1 year ago
0
5
0
Well, I am doing it a different way now, as the import broke down after two weeks. And now it might actually work and is fast :-D
add a skeleton here at some point
about 1 year ago
0
5
1
reposted by
Corsin
PIVOTcon
about 1 year ago
#PIVOTcon25
#CfP
is open and you can submit your proposals till 7 FEB 2025 Remember - one track,30m - no recording/streaming/tweeting. U should feel comfy to share more - No TLP:WHITE - Original content only Let us guide u through with a little meme-thread
#CTI
#ThreatIntel
1/10
1
31
22
reposted by
Corsin
ᴉpᴉǝH 🐐💕
about 1 year ago
I have no words - and if you know me, that's super surprising! Thank you to the Australian Information Security Association (AISA) for the awards to Kids SecuriDay for Best STEM Promoter of the Year and Community Education Program of the Year!
6
29
5
reposted by
Corsin
The Register
about 1 year ago
Another 'major cyber incident' at a UK hospital, outpatients asked to stay away
loading . . .
Another 'major cyber incident' at a UK hospital, outpatients asked to stay away
Third time this year an NHS unit's IT systems have come under attack A UK hospital is declaring a "major incident," cancelling all outpatient appointments due to "cybersecurity reasons."…
http://dlvr.it/TGPMmv
1
15
8
Discovered
bsky-follow-finder.theo.io
to find more interesting people to follow here
loading . . .
Bluesky Network Analyzer
Find accounts that you don't follow (yet) but are followed by lots of accounts that you do follow.
https://bsky-follow-finder.theo.io
about 1 year ago
0
2
0
reposted by
Corsin
Kyle Eaton
about 1 year ago
Yara rule to match concatenated zip files. I like this one (biased) because of how we are able to avoid matching nested zip files. More info:
x.com/threatinsigh...
#yara
github.com/EmergingThre...
loading . . .
threatresearch/yara/zip_file.yara at master · EmergingThreats/threatresearch
I wanted to call this repo "Nuclear Football Codes". I was outvoted.. - EmergingThreats/threatresearch
https://github.com/EmergingThreats/threatresearch/blob/master/yara/zip_file.yara
2
14
8
Trying to migrate 34 million SQL rows to an OpenSearch system. Time remaining: 1364 hours. I am sure there must be a better way :-D
about 1 year ago
0
2
1
you reached the end!!
feeds!
log in
