Seeing AdaptixC2 pop up in real breaches now 🔍Hunting tips for AdaptixC2: • Look for default user-agent • Use YARA rules + config extractor from Unit 42 • Leverage C2 & hash feeds: ThreatFox, MalwareBazaar, C2IntelFeedsBot Here’s how defenders can spot it fast 👇

I teach malware analysis. Use this coupon for -40% on the intermediate course MAH4HEDGEHOGS …nalysis-for-hedgehogs.learnworlds.com

LSASS dump via comsvcs.dll is still in play. Recently seen in a ransomware cases Rundll32 calling MiniDump from comsvcs is a big red flag. I tested this in the lab. These 3 Sigma rules fired without fail 👇 Blog with full command and sigma rule links dropping soon..

Attackers are still dumping LSASS - comsvcs.dll is showing up in real breaches. What's Inside: ✅ Exact cmd ✅Visual Sigma mapping ✅ Microsoft (Kusto) + Splunk queries Thanks to Florian Roth ⚡️, Nasreddine Bencherchali & Swachchhanda Poudel for the Sigma rules 👇 Full blog link in reply

New malware analysis blog on #DarkCloud, an infostealer written in VB6 + a config extractor and string decryption tool for IDA Pro! esentire.com/blog/eye-of-th…

Just got my Sigma → Markdown (KQL & Elastic) converter working vibe-coded using Codex CLI - Converts into Markdown (KQL & Lucene) using sigma backends. - Saves them into your Obsidian - easy to search & link. If anyone’s interested, drop me a comment or DM. I might publish

My recent writeup on updates in #Rhadamanthys stealer, along with some scripts that may be helpful in analysis. Check it out!

New Sigma release r2025-10-01 is available for download. 🌟43 New Rules 🛡️34 Rule updates 🔬27 Rule Fixes Explore the full release -> github.com/SigmaHQ/sigma/… This release introduces a bunch of new rules and updates - A bunch of CVE detections including CVE-2025-54309,

Turns out even built‑in cmds like nltest, net & whoami are still handy tools in real attacks. Seen them in ransomware plays & real‑world incidents. Shared tested Sigma rules + SIEM detections (KQL & Elastic) + example output to catch them🔍 👇Blog link in the reply.

Ever lost track of short-lived malware processes? Use ProcMon Process Tree to catch even exited Processes + cmdline. 1. Start capture 2. Run sample 3. Hit Ctrl+T -> full tree, even the gone ones 🚀 Bonus: Right-click root -> "Add Process & Children to Include" to cut noise.