Excited to be a part of the growing #cybersecurity ecosystem in British Columbia! link.medium.com/8eAfs9Lgvob

"If you can reliably detect the precursors to a modern ransomware attack, you can reliably detect a whole bunch of other interesting stuff" - Mark Orlando #BlueTeamSummit

The authors of #BumbleBee released a new version of their bot, which includes a new command: “plg” (plug-in?). For now, it has the same functionality as command “dij” (download, inject). We suspect that this malware family is being modularized like #TrickBot. #ESETresearch 1/5

If you've ever wondered what an active SmokeLoader malware campaign looks like, see attached images below

I've had a few people ask me recently where is a good place to get started with #MISP threat information sharing platform. If you are looking for a very detailed intro to MISP, I highly recommend this video series from FIRST.org: youtube.com/watch?v=-NuODy… #threatintelligence

Interesting change in #Vidar infostealer C2 traffic. Instead as part of the multipart payload, the Id, Token and hwid are now sent as part of the header. Sample: tria.ge/230222-yxyhdsf…

If you are not able to be in Strasbourg this week for Botconf, you can tune in to the livestream here. Some high quality #malware and #botnet talks on the agenda this year! #cybersecurity #cybercrime #botnets #reverseengineering #malwareanalysis youtube.com/live/XPXhnj8nX…

Great analysis of #Aurora Stealer and primer on #reversing #golang #malware

If you are interested in learning more about how you can use #ChatGPT for #cybersecurity investigations, check out my talk "ChatGPT for Security Analysts" at BSides Vancouver next weekend. Pumped for the legendary Keynote speaker @mikko! sites.google.com/fourthplanet.c…

Interesting shift for #Vidar C2 servers: some communications occur on the port 11111 (why?) Malware builds still use profiles on Telegram and Steam as Dead Drop Resolver. Recent C2: 116.203.2.]149:11111 116.203.220.]83:11111 95.217.246.]227 116.203.240.]51 116.203.15.]24

Did some hunting based on this excellent share by @0xperator and was able to find another active #Rhadamanthys #Stealer #c2 panel: hxxp://185.228.234[.]189:443/admin/console/index.html cc Dee R.

Some additional #IcedID #malware IPs from a related .pdf campaign: 80.77.23[.]154 80.77.23[.]155 80.77.23[.]170 80.77.23[.]176 80.77.23[.]64 91.240.202[.]190 91.240.202[.]195 pdf name: Document_[mm_dd]_[number].pdf

Don't miss the chance to speak at BSides Vancouver Island! The CFP is closing this week, we want to hear from you. Apply now at bsidesvi.com/callforpapers.… and get ready to rock the stage!

Excited to present "ChatGPT for Security Analysts" at #BSidesCalgary tomorrow! I will be exploring using AI to streamline #securityanalyst workflows - from #malwareanalysis to #threatintelligence and #threathunting. See you there! #ChatGPT #AI

Interesting interview with the author of #Amadey loader, which is consistently one of the top malware families observed in the wild recently

Captured a screenshot of a live #panel of the #Ermac 3.0 #Android #bot builder. Some interesting functionality here: ✅ #C2 connection URL ✅ Backend encryption key ✅ Crypt the #apk ✅ Emulator blocking ✅ Custom icon ✅ Build with a clean app #malware

Today is 123123

Join me at BSides Vancouver on May 26 for my workshop "Precision #ThreatHunting: Unveiling Adversary Infrastructure using Free and Open Source Tools," designed to teach participants techniques for discovering and analyzing adversary infrastructure. Only 6 seats left! #OSINT