Paul Melson
@pmelson.bsky.social
📤 297
đź“Ą 133
đź“ť 21
If I won the lottery, I might not tell anyone, but there would be signs.
about 1 month ago
0
3
0
reposted by
Paul Melson
SLEUTHCON
2 months ago
Check out his full talk here:
www.google.com/url?sa=t&sou...
loading . . .
Keynote | SLEUTHCON 2025
June 6th, SLEUTHCON 2025 in Arlington, VA Presented by Paul Melson
https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.youtube.com/watch%3Fv%3D9FvBwgj6NHo&ved=2ahUKEwi_36OdwquQAxVQM9AFHbLjIdQQtwJ6BAgREAI&usg=AOvVaw0Y6PcOru5vRWUxpOwdCFHq
0
2
1
reposted by
Paul Melson
SLEUTHCON
2 months ago
Paul Melson joined us this year as our keynote speaker to talk about the history of crimeware and its evolution through the years. In his keynote he also gives some good advice to those who are in the field and creating their professional network. Check out what he had to say!
loading . . .
1
3
1
If you’re not already alerting on CONHOST.EXE spawning CMD.EXE spawning WGET.EXE or CONHOST.EXE spawning CONHOST.EXE spawning CONHOST.EXE you’re gonna want to close that gap today.
3 months ago
0
1
0
Are weekly dental cleanings a thing?
add a skeleton here at some point
3 months ago
0
1
0
reposted by
Paul Melson
SLEUTHCON
3 months ago
ICYMI: Paul Melson, VP of Cyber Intelligence Engineering at Capital One, delivered the SLEUTHCON 2025 keynote! Watch here >>
www.youtube.com/watch?v=9FvB...
loading . . .
Keynote | SLEUTHCON 2025
YouTube video by SLEUTHCON
https://www.youtube.com/watch?v=9FvBwgj6NHo
0
6
2
Happy International Dog Day, hope you spent it with your best friends
4 months ago
0
2
0
Don’t miss the use of ngrok for tunneling here. Continue to see malicious actors use this service to hide C2. Ngrok uses AWS IPs across multiple zones for egress NAT. I recommend sinkholing their domains across your network. ngrok[.]com ngrok[.]io ngrok-free[.]app
www.microsoft.com/en-us/securi...
loading . . .
Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog
Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed a...
https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/
5 months ago
0
3
1
It’s that time again, apparently.
6 months ago
0
1
2
reposted by
Paul Melson
Robert Jordan
7 months ago
Paul Melson's Brief History of Crime[ware] was a lovely (?!) trip down memory lane. I'm old too,
@pmelson.bsky.social
#SLEUTHCON
#traumamemories
0
5
1
It is my position that Chatham House rules and TLP should extend to any trolling that takes place in those channels and venues.
8 months ago
1
3
1
reposted by
Paul Melson
SLEUTHCON
8 months ago
New keynote drop: Paul Melson is taking the SLEUTHCON stage to dissect the rise of crime[ware]—how it started, how it scaled, and how we shut it down. 23+ yrs defending networks. ScumBots founder. Now VP @ Capital One. 🎤 June 6 📍IRL + virtual 🎟️ Tix moving fast -
sleuthcon.com
🗓️ CFP closes April 18
0
21
9
Today I am thankful for all of the folks working a shift and watching the wires to keep us safe. I see you and I appreciate you.
about 1 year ago
0
1
1
reposted by
Paul Melson
Volexity
about 1 year ago
@volexity.com
’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world.  Read more here:
www.volexity.com/blog/2024/11...
loading . . .
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...
https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/
2
81
54
reposted by
Paul Melson
Brad
about 1 year ago
2024-11-22 (Friday)
#XLoader
/
#Formbook
: I've been fired by my non-existent HR department. At least I got a "salary-receipt.exe"
bazaar.abuse.ch/sample/003b5...
Tria.ge
and Any.Run don't identify the malware, but Joe Sandbox does:
www.joesandbox.com/analysis/156...
Also runs in my lab just fine
2
17
10
I’m in the process of migrating ScumBots from Twitter to Mastodon /
infosec.exchange
. You can follow the bot here now:
infosec.exchange/@ScumBots
loading . . .
ScumBots (@
[email protected]
)
21 Posts, 0 Following, 83 Followers · I drop dox on scumbag bots and RATs
https://infosec.exchange/@ScumBots
about 1 year ago
0
2
0
I posted a writeup analyzing a malicious PDF file containing a heavily obfuscated PHP payload over on infosec[.]exchange:
infosec.exchange/@pmelson/113...
loading . . .
Paul Melson (@
[email protected]
)
Attached: 1 image I found a PDF file that appears to be an exploit for a PHP web app. It contains a valid PDF file header but is not a valid PDF document. It also contains an HTML/PHP document that i...
https://infosec.exchange/@pmelson/113358401230330682
about 1 year ago
0
5
1
you reached the end!!
feeds!
log in
