OK Gemini 1.5 pro is pretty cool. I just threw half a megabyte of minified/obfuscated JS from a CSAW CTF challenge at it and it did a pretty good job of telling me what it did! I dream of a future where I never have to read JavaScript again

Looked into this earlier, it was available on insider builds but off by default signal-labs.com/windows-hotpat…

I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-) github.com/amlweems/xzbot

I would be *shocked* if this code was only used for this attack... There is so much reusable kit in both the shell script and the injected payload that I think it's reasonable to assume that they have also been used elsewhere.

Another week, another SSLVPN RCE - this time, it's CVE-2024-3400 in Palo Alto's GlobalProtect. But, we've seen no public analysis 🙁 so, allow us.. labs.watchtowr.com/palo-alto-putt…

I published a step by step guide on using Windows event logs to hunt for malware trying to steal sensitive data from browsers e.g. cookies, passwords etc. security.googleblog.com/2024/04/detect… #DFIR Hope it's useful!

🦘CFP announcement imminent.

Thanks BSides Brisbane for letting me talk about why “Kernel ETW is the best ETW”. It’s not everyday that you get to talk about scripting a decompiler after watching a keynote from the mother of decompilers…

I'll be running a free 3 hour training session at BSidesCanberra teaching people how to defend IIS servers by learning how to attack them. I'll be posting recommended host setups closer to the event so be sure to give me a follow. cfp.bsidescbr.com.au/bsides-canberr…

It’s wonderful to see what Xeno Kovah and his collaborators have built for the community. I always recommend OST2 for my new hires and other juniors, or just anyone trying to get started on a new topic. The courses are excellent. It’s an honor to sponsor the Windows Security Path

Some personal news: I will be joining Meta's security team (focusing on WhatsApp) starting next week. This is a big life change, I'm also moving to London permanently. I took this opportunity to reflect on the state of threat intel: blog.kwiatkowski.fr/threat-intel-t… LMK if it resonates!

Heading to #OBTS v7? There are still spots open in iVerify researcher Helthydriver's workshop on iOS threat hunting. Special Bonus: On day 3 of this training you will analyze an actual Pegasus case & learn the skills to dissect the Malware on your own. objectivebythesea.org/v7/trainings.h…

Normalize Conference Talks To Also Include Talks About Failed Projects and Failed Research Tell us stories of the journey and the struggles. None of us are perfect and We should stop admitting that we all haven't completely screwed up research.

🎉 RooCon25 is coming! 🎉 Join us on 5-6 November for our 3rd edition! As one of Australia's key cyber threat intelligence conferences, we're building on past success to make this our best event yet. Our Call for Papers opens in just one week! [1/3]

A while back I was curious about the access check that occurs when someone tries to consume from the Threat-Intelligence ETW provider. I decided to write a short blog on the topic. jonny-johnson.medium.com/peeling-back-t…

12 months ago I presented a 3 hour course on attacking and defending Microsoft IIS servers to a packed room at BSides Canberra, today the 30+ hour version went live on XINTRA !