🔥 ⬇️ ⬇️ ⬇️

Time context when it comes to iocs is important x.com/1zrr4h/status/…

Gotta take time to say that I’m having a really good time at the new job. I get to look at some really wild stuff.

When is the last time your vendor gave you receipts?

I know I posted about this earlier, but if you missed the linked thread, take a moment to read it. Imagine being a SOC analyst responding to an alert. Most IOC or reputation feeds tell you something was flagged, but not why. Or even in some cases if it’s just stale data creating

Right by my house. So stoked.

If you wonder what the owl in my name is for:

Please include network indicators in your malware write ups. Ty.

Tools for the community!

How does a malicious coin miner end up running from an extension you install from the VS code marketplace? It can start by a developer copying another extension.

Jokes on you. This is what I look like

Happy Halloween you ghouls

The Kansas City Royals 2026 Season Now Loading!!!!!!!! LETS GO!!!!!!!

Beautiful day for a match

From North Korean tradecraft to being used in Cursor extensions in two weeks. Etherhiding is a technique where malware can use Ethereum contracts as a resilient C2 channel detailed by Google Oct 15th. It is now appearing in code extensions with the first sighting November 1st.

If I wanted a scripting language optimised for maximum obfuscation and signature evasion, I’d model it on PowerShell This talk by Daniel Bohannon breaks down the real-world methods attackers use youtube.com/watch?v=mej5L9…

#NewProfilePic

I made this… am I doing it right?