🤓 Happy to see that my DEFCON talk on crypto money laundering and tracking techniques was featured in the DEFCON 33 Almanac! Read it here: https://harris.uchicago.edu/sites/default/files/the_def_con_33_hackers_almanack.pdf

I started making comics, in part, as a respite from the grind that is cybersecurity. Only hackers/scammers are everywhere. I’m no @johnhammond.bsky.social but here is my video on how scammers try to take advantage of creators on Kickstarter.

This looks very interesting! 👇

Episode 2 of Breach Log is now available! Special thanks to Max Margolis for joining me and telling his story. If you have a story you'd like to share, get in contact and we can have some fun! breachlogpodcast [@] gmail[.]com open.spotify.com/episode/4SDz...

🤓 Let me introduce you to MoltThreats: The first AI Threat Intel Feed for Ai Agents! In one week, OpenClaw became a widely used general AI agent. People started to run their own agents all over the world and connect them directly to the internet. But this […] [Original post on infosec.exchange]

2026-01-31 (Friday): I've posted a new traffic analysis exercise. It's Lumma in the room-ah! Join the fun at www.malware-traffic-analysis.net/2026/01/31/i... I mean, this guy looks like he's having fun.

2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at www.malware-traffic-analysis.net/2026/01/06/i...

I've released my new course: Practical Threat Hunting for Beginners Similar courses: $$$$ This course: $$ academy.bluraven.io/course/pract... #ThreatHunting #DetectionEngineering

🦔 📹 New Video: Can office files be malicious without Macros? ➡️ VSTO Add-Ins ➡️ External Templates ➡️ Checklist for Office analysis #MalwareAnalysisForHedgehogs www.youtube.com/watch?v=RtHH...

Karsten's samplepedia is a great resource for malware samples and analysis solutions!

Is the 9-5 a thing of the past? 💀 Dhillon Kannabhiran (HITB) says the "hacker ethos" is replacing the corporate ladder. From on-demand bug hunting to working across time zones, the rules of the game have changed. podcasts.apple.com/us/podcast/e...

😵‍💫 The Chrome extension ecosystem really is the wild west, and remains largely uncharted territory for security teams. You need visibility into what’s actually running in the browser. cc: @campuscodi.risky.biz @zackwhittaker.com @bleepingcomputer.com

Nice work from @malware-traffic-analysis.net in the ISC diary blog on Lumma scheduled tasks from yesterday: isc.sans.edu/diary/Infect...

I released a tool for making your website or docs easily available to AI assistants via an MCP server. This helps ensure people's AI tooling can access the latest details at the right time. For instance, this is how REMnux users now can get info about its malware analysis tools.

Recommending this one, it’s a great idea! 👇

Found the perfect product for @selenalarson.bsky.social - changing fingernail color on demand via iPhone! Next up: hacking Selena’s nails! www.reuters.com/video/watch/...

📣 Happy New Year everyone! If you're looking to get some hands-on malware/reversing training to kick off the year, now is your chance! Check out this virtual training we'll be offering in March with RingZer0 👇 ringzer0.training/countermeasu...

2026-01-07 (Wednesday): #MassLogger infection from email attachment. Copies of the emails, associated malware, indicators, and a #pcap of the infection traffic are available at www.malware-traffic-analysis.net/2026/01/07/i...

So many of us set this up ages ago and have totally forgotten we're still fetching POP3 mail - time to go through and migrate things I guess. Ughh like I needed this chore right now??

2026-01-06 (Tuesday): #SmartApeSG CAPTCHA page uses #ClickFix technique to push #RemcosRAT, with #Remcos #RAT C2 server at 192.144.56[.]80. A #pcap of the traffic, the Remcos RAT #malware, and a list of indicators are available at www.malware-traffic-analysis.net/2026/01/06/i...

As most of us get back to work in earnest this week, I can’t help but think of the sheer chaos of 2025 and now strapping in for the dumpster that is already on fire for this year. Godspeed to all in ‘26!

Great idea here 👇

#100DaysofYARA - Day 2 YARA rule to detect the default Delphi darkmode dib icon. I've seen this icon excessively over the years. Using @unpacme 's YARA hunting tools, I saw 0 known goodware and 800 packed junk. Rule at end 1/4

2026-01-01 (Thursday): #LummaStealer infection with follow-up malware. A #pcap of the infection traffic, the #Lumma #Stealer files, and a list of IOCs are available at www.malware-traffic-analysis.net/2026/01/01/i...

𝗝𝘂𝘀𝘁 𝗹𝗮𝘂𝗻𝗰𝗵𝗲𝗱 𝗮𝘄𝗲𝘀𝗼𝗺𝗲-𝗱𝗳𝗶𝗿-𝘀𝗸𝗶𝗹𝗹𝘀 𝘄𝗶𝘁𝗵 @fr0gger_ ! Designed to save time during investigations and everyday DFIR tasks Thomas has built an excellent malware triage skill, and I’ve added a couple of timeline analysis skills to help you get started.

I listen to a LOT of security related podcasts, and this is the only one that makes me truly think when listening to the topical subjects that are discussed each week. Excellent!

2025-12-29 (Monday): #ClickFix page leads to #NetSupportRAT infection. Details at www.malware-traffic-analysis.net/2025/12/29/i...

I added a python script to monitor a folder during dynamic analysis and dump changed files with timestamp github.com/struppigel/h...

🦔 📹New Video: RenPy game loads stealer, beginner friendly ➡️ strategies for finding malware in 2956 files ➡️ extracting and decompiling RenPy ➡️ remote access tool config extraction ➡️ unpacking native payload #MalwareAnalysisForHedgehogs #RenPy www.youtube.com/watch?v=Fmfg...

React2Shell blog update 🚨 compromised Next.js nodes are rapidly being enlisted into botnets; threat actor activity reaches ~80 source countries; and more. #React2Shell #Nextjs #GreyNoise #ThreatIntel

🦔📹 New Video: Modifying string decrypter for a ConfuserEx2 variant ➡️ Defeating antis with Harmony hooks ➡️ AsmResolver ➡️ .NET string deobfuscation #MalwareAnalysisForHedgehogs www.youtube.com/watch?v=sARn...

Full length reverse engineering with Invoke RE! Showcasing new iterations of the "Scavenger" malware, or what we saw as "ExoTickler" previously as a fake City Skylines 2 video game mod, now w/ more crypto/creds stealing and C2. Binary Ninja, x64dbg & more: youtu.be/wFBdeak0t70

🎁 I am running an exclusive 'Black Friday' promo on my book Visual Threat Intelligence with code 'CYBERVTI25'! The ebook is 50% off for the next 4 days, thousands of researchers already read it! The bundle also includes the high quality illustrations from […] [Original post on infosec.exchange]

🎙️ In the latest episode of Behind the Binary, Nino Isakovic joins us to talk about the art of deconstructing problems, building a robust RE toolkit, and his work on deobfuscating ScatterBrain! 👉 open.spotify.com/episode/2Iyy...

I am suggesting a new malware type: the browser remote access tool (BRAT) It's a form of browser hijacker that remotely controls your browser based on server commands. Typical form: press key combos for copy-pasting URLs, opening tabs, context menu, downloading files etc

Podcast thoughts on Anthropic's conflicting marketing messages about Claude Code automating Chinese APT attacks #threebuddyproblem @jags.bsky.social @craiu.bsky.social

Check Point looks at a very niche phishing group named Payroll Pirates that uses malvertising to target the users of payroll systems, credit unions, and trading platforms cyberint.com/blog/threat-...

2025-11-11 (Tuesday): Cryptocurrency #scam starts with an email. Potential victims must click through several web pages to finish the process. I recorded a video showing what I did after the last image in this post at youtu.be/yUV7OkQqSBk More info on this activity at github.com/PaloAltoNetw...

Yesterday folks got a phishing email for a fake DMCA report-- myself included. Caught me at a good time so I could record poking at the scam and the malware it leads to: ultimately infostealer malware (the usual) from a fake domain & clearly AI slop site: youtu.be/IzKjL16-sgY

We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️ #GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel

Here's the Wired story www.wired.com/story/peter-...

I’m convinced there’s no better time of the week than Saturday morning

Well done AI…

PDFs have been a constant struggle and I’ve found that this helps. Might be a little biased tho

🎙️ Ever wonder what it takes to secure a massive event like Black Hat? 🤔 Mark Overholser from Corelight joins us to pull back the curtain on how the Black Hat Network Operations Center (NOC) is built, monitored, and the craziest things that have shown up! Spotify: open.spotify.com/episode/2F4x...

Normally when we hear about a malware operation being disrupted, it's because it has been shut down by the cops. But in the case of Lumma Stealer, it appears to have been sabotaged by other cybercriminals. Read more on the Fortra blog: www.fortra.com/blog/cybercr...

⚠️ Attackers are moving beyond credentials. Our blog shows they’re increasingly weaponizing #OAuth applications to maintain persistent access in the cloud—even after #passwords are reset or #MFA is enforced. This persistence poses a growing risk to modern enterprises.

🔥 Live stream with Hahna Kane begins in ~1 hour, join us on YouTube! youtube.com/live/HG_JsFq...

Our DEF CON33 ICS Village talk is now on YouTube! @sam-hans0n.bsky.social and I share stories of malware we discovered while searching for ICS threats, and discuss our approach to assessing their reputation. Don't Cry Wolf: Evidence-Based Assessment of ICS Threats

Amid the security incident involving F5 BIG-IP announced today, GreyNoise is sharing recent insights into activity targeting BIG-IP to aid in defensive posturing. The anomalies reported in our blog may not necessarily relate to the 15 Oct incident. ⬇️