Much of our security work is communicating with colleagues throughout the org. 10 habits that sharpen how the technical work gets heard. https://zeltser.com/strong-communication-skills

Device-code phishing is surging. One cybercriminal tool can target virtually every Microsoft user. Okta Threat Intelligence digs deep into the OAuth CLI device flow and how to minimize your attack surface. www.okta.com/blog/threat-...

I highly recommend this comprehensive blog on EDR internals 0xdbgman.github.io/posts/edr-in...

We report certificates for revocation when they sign malware. What about before they sign malware? I've started adding certificates to Cert Graveyard that are being used to "warm" the certificate and improve it's score before being sign malware. 1/4

Launching oauthsentry.github.io Look up any OAuth app ID and find out what it actually is across thousands of legitimate, risky, and malicious apps (Entra, Google, GitHub). Multiple feeds, API, detection ideas and remediation guidance. Still improving the detections a bit 🦾

Great listen!

Out-of-the-box Claude Code is solid for general work. What makes it indispensable is the personalization, hardening, and connectors you layer on top. I mapped my setup into a seven-layer Personal AI Stack, so you can optimize yours.

Spotify open.spotify.com/episode/5lkC...

2026-04-23 (Thursday): #SmartApeSG campaign using #ClickFix instructions to push some sort of #RAT. Not sure what this #malware is yet, but it looks like a RAT. Details at www.malware-traffic-analysis.net/2026/04/23/i...

Joined by Katrina Manson to hear all about her latest book release: Project Maven & the Dawn of AI Warfare 👀 We talk AI usage at the Pentagon, drone intel, AI enabled targeting, and the ethical tipping point of autonomous weapons. Super fascinating ideas. Video: youtu.be/OVgruylpVXc

New Video: Build your own LLM dynamic analysis lab 🦔🎥 ➡️ AI debugs and unpacks with x64dbg ➡️ AI can access powershell terminal www.youtube.com/watch?v=QrWz...

Wild story on a big AI-powered social engineering campaign, leveraging Device Code phishing to steal Entra ID/Microsoft accounts -- all with entirely unique and personalized per-victim lures from vibecode-crafted infrastructure 🤯 Video: youtu.be/9b3kirR8s2U

I wrote an article about SugarSMP Minecraft scams, Spark stealer, extortion and hacked accounts. After a brief contact to the threat actor, we talked to two victims and followed the trail. Analysis in collaboration with @rifteyy #GDATATechblog #GDATA blog.gdatasoftware.com/2026/03/3839...

🤓 A month ago I published a blog post on how to monitor Claude Code sessions using hooks and NOVA Protector! At the time, no one was really talking about this. Coding agents were being handed full access to your machine and people were just trusting the output blindly. The post covers how I […]

New post out! "The Red Queen’s Race: Arms Race Dynamics in Threat Detection" medium.com/@koifsec/the...

On this episode of Discarded, our team explores how #artificialintelligence is shaping modern #malware analysis and detection workflows. Listen now on your favorite #podcast platform, and you'll get a balanced view of AI's growing impact on cybersecurity. 🎙️: www.proofpoint.com/us/podcasts/...

🤓 Happy to see that my DEFCON talk on crypto money laundering and tracking techniques was featured in the DEFCON 33 Almanac! Read it here: https://harris.uchicago.edu/sites/default/files/the_def_con_33_hackers_almanack.pdf

I started making comics, in part, as a respite from the grind that is cybersecurity. Only hackers/scammers are everywhere. I’m no @johnhammond.bsky.social but here is my video on how scammers try to take advantage of creators on Kickstarter.

This looks very interesting! 👇

Episode 2 of Breach Log is now available! Special thanks to Max Margolis for joining me and telling his story. If you have a story you'd like to share, get in contact and we can have some fun! breachlogpodcast [@] gmail[.]com open.spotify.com/episode/4SDz...

🤓 Let me introduce you to MoltThreats: The first AI Threat Intel Feed for Ai Agents! In one week, OpenClaw became a widely used general AI agent. People started to run their own agents all over the world and connect them directly to the internet. But this […] [Original post on infosec.exchange]

2026-01-31 (Friday): I've posted a new traffic analysis exercise. It's Lumma in the room-ah! Join the fun at www.malware-traffic-analysis.net/2026/01/31/i... I mean, this guy looks like he's having fun.

2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at www.malware-traffic-analysis.net/2026/01/06/i...

I've released my new course: Practical Threat Hunting for Beginners Similar courses: $$$$ This course: $$ academy.bluraven.io/course/pract... #ThreatHunting #DetectionEngineering

🦔 📹 New Video: Can office files be malicious without Macros? ➡️ VSTO Add-Ins ➡️ External Templates ➡️ Checklist for Office analysis #MalwareAnalysisForHedgehogs www.youtube.com/watch?v=RtHH...

Karsten's samplepedia is a great resource for malware samples and analysis solutions!

Is the 9-5 a thing of the past? 💀 Dhillon Kannabhiran (HITB) says the "hacker ethos" is replacing the corporate ladder. From on-demand bug hunting to working across time zones, the rules of the game have changed. podcasts.apple.com/us/podcast/e...

😵‍💫 The Chrome extension ecosystem really is the wild west, and remains largely uncharted territory for security teams. You need visibility into what’s actually running in the browser. cc: @campuscodi.risky.biz @zackwhittaker.com @bleepingcomputer.com

Nice work from @malware-traffic-analysis.net in the ISC diary blog on Lumma scheduled tasks from yesterday: isc.sans.edu/diary/Infect...

I released a tool for making your website or docs easily available to AI assistants via an MCP server. This helps ensure people's AI tooling can access the latest details at the right time. For instance, this is how REMnux users now can get info about its malware analysis tools.

Recommending this one, it’s a great idea! 👇

Found the perfect product for @selenalarson.bsky.social - changing fingernail color on demand via iPhone! Next up: hacking Selena’s nails! www.reuters.com/video/watch/...

📣 Happy New Year everyone! If you're looking to get some hands-on malware/reversing training to kick off the year, now is your chance! Check out this virtual training we'll be offering in March with RingZer0 👇 ringzer0.training/countermeasu...

2026-01-07 (Wednesday): #MassLogger infection from email attachment. Copies of the emails, associated malware, indicators, and a #pcap of the infection traffic are available at www.malware-traffic-analysis.net/2026/01/07/i...

So many of us set this up ages ago and have totally forgotten we're still fetching POP3 mail - time to go through and migrate things I guess. Ughh like I needed this chore right now??

2026-01-06 (Tuesday): #SmartApeSG CAPTCHA page uses #ClickFix technique to push #RemcosRAT, with #Remcos #RAT C2 server at 192.144.56[.]80. A #pcap of the traffic, the Remcos RAT #malware, and a list of indicators are available at www.malware-traffic-analysis.net/2026/01/06/i...

As most of us get back to work in earnest this week, I can’t help but think of the sheer chaos of 2025 and now strapping in for the dumpster that is already on fire for this year. Godspeed to all in ‘26!

Great idea here 👇

#100DaysofYARA - Day 2 YARA rule to detect the default Delphi darkmode dib icon. I've seen this icon excessively over the years. Using @unpacme 's YARA hunting tools, I saw 0 known goodware and 800 packed junk. Rule at end 1/4

2026-01-01 (Thursday): #LummaStealer infection with follow-up malware. A #pcap of the infection traffic, the #Lumma #Stealer files, and a list of IOCs are available at www.malware-traffic-analysis.net/2026/01/01/i...

𝗝𝘂𝘀𝘁 𝗹𝗮𝘂𝗻𝗰𝗵𝗲𝗱 𝗮𝘄𝗲𝘀𝗼𝗺𝗲-𝗱𝗳𝗶𝗿-𝘀𝗸𝗶𝗹𝗹𝘀 𝘄𝗶𝘁𝗵 @fr0gger_ ! Designed to save time during investigations and everyday DFIR tasks Thomas has built an excellent malware triage skill, and I’ve added a couple of timeline analysis skills to help you get started.

I listen to a LOT of security related podcasts, and this is the only one that makes me truly think when listening to the topical subjects that are discussed each week. Excellent!

2025-12-29 (Monday): #ClickFix page leads to #NetSupportRAT infection. Details at www.malware-traffic-analysis.net/2025/12/29/i...

I added a python script to monitor a folder during dynamic analysis and dump changed files with timestamp github.com/struppigel/h...

🦔 📹New Video: RenPy game loads stealer, beginner friendly ➡️ strategies for finding malware in 2956 files ➡️ extracting and decompiling RenPy ➡️ remote access tool config extraction ➡️ unpacking native payload #MalwareAnalysisForHedgehogs #RenPy www.youtube.com/watch?v=Fmfg...

React2Shell blog update 🚨 compromised Next.js nodes are rapidly being enlisted into botnets; threat actor activity reaches ~80 source countries; and more. #React2Shell #Nextjs #GreyNoise #ThreatIntel

🦔📹 New Video: Modifying string decrypter for a ConfuserEx2 variant ➡️ Defeating antis with Harmony hooks ➡️ AsmResolver ➡️ .NET string deobfuscation #MalwareAnalysisForHedgehogs www.youtube.com/watch?v=sARn...

Full length reverse engineering with Invoke RE! Showcasing new iterations of the "Scavenger" malware, or what we saw as "ExoTickler" previously as a fake City Skylines 2 video game mod, now w/ more crypto/creds stealing and C2. Binary Ninja, x64dbg & more: youtu.be/wFBdeak0t70

🎁 I am running an exclusive 'Black Friday' promo on my book Visual Threat Intelligence with code 'CYBERVTI25'! The ebook is 50% off for the next 4 days, thousands of researchers already read it! The bundle also includes the high quality illustrations from […] [Original post on infosec.exchange]

🎙️ In the latest episode of Behind the Binary, Nino Isakovic joins us to talk about the art of deconstructing problems, building a robust RE toolkit, and his work on deobfuscating ScatterBrain! 👉 open.spotify.com/episode/2Iyy...