##100daysofyara more yara-x > Dumping a RedCurl malware pe I saw Rich Header and thought I would give it a try. Rule: github.com/mgreen27/100da…

The first step to getting robust detections is writing brittle ones that get bypassed and finding out in a red team report.

"svchost.exe should always have services.exe as a parent process and should never be launched without any arguments/parameters" Welcome to the real world.

Following the release of volatility 2.11, VolWeb 3.13.3 is now available including most of the new plugins and a bunch of new features. github.com/k1nd0ne/VolWeb…

In our latest Analyst Skills Vault lesson, Tony Lambert breaks down how to analyze and decode the Meduza stealer malware's network communication traffic.

Cert Central .org is live! We track and report abused code-signing certs. By submitting to the website, you contribute to the DB of >800 certs—a DB you can access and view. Want to get more involved? Check out the Training and Research pages to learn more. 1/2

A cool new #threatdetection blog by Phil Hagen and Tony Lambert which uses #synapse to analyze network tunneling behavior of a few malware families! 🎉 redcanary.com/blog/threat-de…

📣 The 2025 Threat Detection Report is here! Dive into our analysis of 93,000 threats our customers' security controls missed, with actionable guidance on every page. Read the ungated report here: redcanary.com/threat-detecti…

Apple will (finally!) bring TCC events to Endpoint Security in macOS 15.4 🥳 I've just posted "TCCing is Believing" which covers details, nuances, and PoC code for the new 'ES_EVENT_TYPE_NOTIFY_TCC_MODIFY' event objective-see.org/blog/blog_0x7F…

PSA: if you use an MDR/MSSP, name your servers, or at the very least your DCs, descriptively. Cutesy names aren't gonna be helpful when we're in the middle of a hands-on intrusion and we have to decide whether or not to lock down your whole network.

Chrome 136 now has enhanced cookie security 🍪 → goo.gle/3DMf5SS Changes to remote debugging switches protect your data. Find out how the --remote-debugging-port and --remote-debugging-pipe switches are now being handled.

Threat Detection Highlights Webinar series – April Edition: This month’s session is extra special. zoom.us/webinar/regist… We're excited to welcome Tony Lambert Tony Lambert , Senior Malware Analyst at Red Canary, known for his sharp research and impactful community

JUST IN: Red Canary Intel has observed activity exploiting a newly-documented unrestricted file upload vulnerability in SAP NetWeaver Visual Composer, software used to develop enterprise applications for business analysts. 🔗 Read our blog for detection opportunities and

In our latest Analyst Skills Vault lesson, Tony Lambert walks through a dynamic analysis of the Meduza Stealer Malware, focusing on host-based artifacts.

Do you miss cobaltstrikebot 🌻? If so, here's a blog post showing how you can pull Cobalt Strike SpawnTo and watermark info with Shodan and some PowerShell: forensicitguy.github.io/squeezing-coba…

Just 2 days until the next session in our Detection Series! This time, we’re covering all things initial access — and how to better defend against these evolving tactics. 🎯 This session is a must-attend for blue teams and threat analysts. ➡️ Register now before the

✨ Red Canary ➕ Zscaler Today we are announcing Zscaler’s agreement to acquire Red Canary. It’s a major milestone in our journey. This is a significant step forward in our mission to improve security operations, not just for our customers, but for the entire cybersecurity

In our latest Analyst Skills Vault Lesson, Michael Fischler steps through analysis of the LummaC2 MaaS Infostealer. He'll demonstrate several tools and strategies for breaking down the malware's intent.

excited bc today Huntress is releasing our analysis of a gnarly intrusion into a web3 company by the DPRK's BlueNoroff!! 🤠 we've observed 8 new pieces of macOS malware from implants to infostealers! and they're actually good (for once)! huntress.com/blog/inside-bl…

Not only is Huntress a generous supporter of our Foundation, they also consistently publish top-notch research on emerging macOS threats 🤩 Their latest (by alden & Stuart Ashenbrenner 🇺🇸 🇨🇦): "Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion": huntress.com/blog/inside-bl…