CYBERWARCON is coming!!! Registration and CFP are now open for this year's #CYBERWARCON! This year's keynote speaker will be @dmitri.silverado.org!! We are back in Arlington, VA this year on November 19th. www.cyberwarcon.com

TIL about ASPs (App-Specific Passwords) thanks to Rebekah and her Citizen Lab colleagues...check it out! citizenlab.ca/2025/06/russ...

Excited to be here at @sleuthcon.bsky.social! I've taken a step back from social media, so it will be nice to say hi to some of you in person. 😀 Looking forward to a great day, kicking off with Paul Melson.

As you're planning your week, be sure to sign up for our Red Canary webinar on initial access to hear about common adversary techniques and what to do about them. redcanary.com/resources/we... Don't miss it!

💰🐍THE SLEUTHCON 2025 LINEUP IS NOW LIVE🐍💰 From cybercrime units and big-box threat teams to red teamers and deception engineers—this year’s speaker lineup spans the full spectrum of financially motivated threat hunting, intel analysis, and response. www.sleuthcon.com/2025lineup

New keynote drop: Paul Melson is taking the SLEUTHCON stage to dissect the rise of crime[ware]—how it started, how it scaled, and how we shut it down. 23+ yrs defending networks. ScumBots founder. Now VP @ Capital One. 🎤 June 6 📍IRL + virtual 🎟️ Tix moving fast - sleuthcon.com 🗓️ CFP closes April 18

Today we're launching a new system where the public can help us develop the next ATT&CK release through Macrotechnique Refinement. To start refining FUZZYSNUGGLYDUCK, click here: attack.mitre.org/macro-techni.... Fabulous prizes await success.

Japan CERT researchers look at the multitude of North Korean APT groups and the problem of classifying most of their activity as Lazarus blogs.jpcert.or.jp/en/2025/03/c...

Don't miss my teammates as they present the 2025 Red Canary Threat Detection Report tomorrow afternoon! This report is overwhelming with goodness, and they'll help you navigate it. 😀 redcanary.com/resources/we...

💼 Join us on Wednesday! Our thorough review includes assessment of formatting, content clarity and alignment with industry standards! www.blacksincyberconf.com/online-commu... ⁠ #BlacksInCyber #BlacksInCybersecurity #LitLikeBIC #CareerServices

Interview tip: always, always come prepared with thoughtful questions to ask your interviewers. These questions are often a key factor in me recommending for or against a hire - they tell me a lot about someone's preparedness for the interview and genuine interest in the role.

Happy Valentine's Day everyone! Thank you for this @selenalarson.bsky.social ❤️

🚨 EclecticIQ analysts uncovered a Sandworm #cyber espionage campaign targeting Ukrainian Windows users. Attackers used trojanized #Microsoft KMS activation tools to deploy the BACKORDER loader and Dark Crystal RAT, enabling data theft and espionage. blog.eclecticiq.com/sandworm-apt...

📆 It's crime time! #SLEUTHCON is coming to Arlington, VA on Friday, June 6th, 2025! 🎉 Stay tuned for more information.

Do you have teammates you go to when you need a grounded perspective on some new security topic? Keith McCammon and Dave Farrow are two of these people for me. Now you can benefit from their wisdom as well! Join them starting next Tuesday for Red Canary Office Hours. redcanary.com/resources/we...

What's the story you're telling yourself about why you can't separate from work? When can you say I'm NOT available? Such good advice from Dr. Daniel Shore. #CTISummit

We're kicking off Day 2 of the #CTISummit with a keynote by Dr. Daniel Shore on mental health and burnout - an issue we all need to pay attention to. He's kicking off with an example from his own life around summer camp.

This is a fantastic visual from Tom and Lior that shows how complicated it is to cluster intrusions #CTISummit

Quishing is coming when, @attack.mitre.org? 😀 #CTISummit

Interesting example from Arda of cyber criminals changing their branding after public exposure by Mandiant. #CTISummit

I'm excited to be here to kick off the 13th SANS #CTISummit with a keynote by Dr. Jeannie Johnson on anticipatory intelligence!

We're just two weeks away from the SANS CTI Summit, one of my favorite conferences of the year! I've seen several presentation drafts, and they are 🔥. Register today to join Live Online (free!) or in-person in Alexandria, VA! ➡️ Register: sans.org/u/1xCe

Hi #shmoocon! I'm here all afternoon, if you see me, please say hi! It's bittersweet to be here for the last one, this was my very first hacker con. ❤️

🔥 new blog detailing 0day exploitation of Ivanti appliances as well as some newly observed malware families tracked as PHASEJAM and DRYHOOK. We also detail activity related to the previously observed SPAWN* malware ecosystem tied to China-nexus cluster UNC5337. cloud.google.com/blog/topics/...

🚀 Excited to announce the alpha release of NIMS - a Notion-based Incident Management System! Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features. #InfoSec #DFIR #IncidentResponse #SecOps #Notion

One of the finest hackers & humans to ever hack the planet needs our help. Marc Rogers (@marcwrogers on the other site) is lucky to be alive & we are luckier to be able to help him. Donate if you can, and please *share* to spread the word. gofund.me/27112e30

Pretty awesome ransomware training from @first.org www.first.org/education/ra... www.first.org/blog/2024122...

Big thanks to @likethecoins.bsky.social and SANS for having the #PEAK #ThreatHunting team (@letswastetime.bsky.social and @dr-fett.bsky.social) on their livestream today. What a fun conversation, and excellent audience questions too! If you missed it, catch the recording at

"What radicalized you?" Hospitals, schools, libraries, SLTT govs getting disrupted. My sister impacted by ransomware *four different times*, disrupting her work and life. Watching criminals get away with it for so long. I wrote about why we need to change our thinking. www.rusi.org/explore-our-...

🐧 It’s finally here! 🔍 The Linux EDR Telemetry Project results are live! After months of testing and collaboration, we’re excited to share how well EDR solutions handle Linux visibility. Read the full blog here: 📝👇 kostas-ts.medium.com... 1/2

Most intrusions involve some type of identity compromise. Join Keith and Sam this Thursday for key insights on how to better prepare! redcanary.com/resources/we...

We've just released our Q3 Adversarial Threat Report. Being part of the team creating the threat disruption discipline has been the high point of my last 6 years at Meta. The report covers influence operations and adversarial ops we've detected and disrupted in the last quarter. Some key takeaways:

🚨 Time’s Running Out! 🚨 Take your DFIR skills to the next level with 35% OFF all our DFIR Labs! 🔥 ⏰ Hurry—this deal ends 11/30 at 0500 UTC! store.thedfirreport.com/collections/...

Initial access brokers have recently been using social engineering + RMM tools, and this could lead to Black Basta ransomware. I'm worried. Check out recommendations here and make sure you're detecting RMM tools. www.reliaquest.com/blog/black-b... redcanary.com/threat-detec...

My first starter pack continues to gain new peeps who skeet. go.bsky.app/HfDbLVY

I love Josh Atkins' take on not tracking IRGC org charts because it's unnecessary. "We track the details as much as necessary, and as little as possible." ♥️ @cyberwarcon.bsky.social #CYBERWARCON

I'm a little sad this isn't 0px by 0px. #CYBERWARCOM