Engineer: “this is going to take at least a month” Product manager: “if it takes one engineer one month, it will take 4 engineers one week. I’ll ask for headcount”

Excited to team up with Google DeepMind, Google Cloud Security, Hex-Rays SA, Mandiant (part of Google Cloud), and VirusTotal! Together, we're scaling up binary analysis with GenAI. Learn how Gemini 1.5 Flash is enhancing threat detection, including identifying zero-hour malware: cloud.google.com/blog/topics/th…

📢Giveaway! 🎁 I'm sponsoring 5 people to join the The DFIR Report's DFIR Labs CTF for FREE on September 7th! 🛠️To qualify: ✅ Like this post; ✅ Comment; ✅ Follow Reference: thedfirreport.com/services/dfir-…

#SaveTheDate 🚨🚨🚨#PIVOTcon25 is coming: 7-9 May 2025 👀👀👀 Book your calendars to sit with us on the #yellowsofa and listen to the top threat intelligence research and analytical pivots 💪 #CTI #ThreatIntel New venue ⬇️ 🇪🇸 🏖️ 1/3

Using Google NotebookLM's innovative Audio Overview feature to make threat intelligence simple and accessible, by Bernardo Quintero blog.virustotal.com/2024/09/virust…

🚨 #DFIRtips 🚨 Today, during an investigation, I found a registry key that proved to be extremely useful in identifying the execution of a malicious executable: HeapLeakDetection! You can find it in the Software hive, specifically at

🚀 HeapLeakDetection Simulator! 🛡️ Easily simulate memory leaks to test Windows RADAR detection. Perfect for defenders looking to enhance their forensic analysis skills. Check it out on GitHub! 🔍💻 Based on: - x.com/samaritan_o/st… - harelsegev.github.io/posts/the-myst… Mostly, just

🚨🚨 Massive MOVEit Vulnerability Breach: 🚨🚨 Hacker Leaks Employee Data from Amazon, McDonald’s, HSBC, HP, and Potentially 1000+ Other Companies infostealers.com/article/massiv…

Shodan for AWS is here!! You know those side projects you never finish? Well I started this one in October 2021 and it's finally finished. Well it won't ever be done, but it's available for anyone to use. Enter an account ID into awseye.com and see what it can find

Nerve ( github.com/evilsocket/ner… ) and the code_auditor example tasklet ( github.com/evilsocket/ner… ) using GPT-4o to find a RCE vulnerability in the widget-options v4.0.7 Wordpress Plugin 🧠 Zero code, fully autonomous agent as a simple YAML file.

Browsing around for Black Friday deals on cybersecurity products this year, I came across one that truly stood out👀, deadline Dec 8! If you’re serious about malware analysis, now’s the time to equip your team with a top-tier interactive sandbox like ANY.RUN . 🚀 Check it

If you want to come and work (and first of all have fun) with us this is your chance 😃

POV: you work in tech (reposted, all love and credit goes to Under Studio, a new small animation studio who we spoke with today)

🚨 Active Cloud Threat Campaign: LLM Hijacking Alert 🚨 Wiz Research has uncovered new activity targeting AWS environments, aiming to hijack AWS Bedrock models through compromised IAM user access keys and privilege escalation. 🧵

Unit 42 just dropped an awesome blog about LDAP detection used by different adversaries. Pretty awesome to see a shoutout to our Dagon Locker report from The DFIR Report, which we published a few months back. #dfir unit42.paloaltonetworks.com/lightweight-di…

2024 was probably very different from what I had imagined. It challenged me on many levels, both professionally and personally. Sometimes things didn’t go as planned, but reflection is key. A summary here 👇 👇 In 2024, I Failed All My Goals dfirblog.com/in-2024-i-fail…

Do you like EZTools? Do you like up to date runtimes? Well I have news for you... All EZ Tools are now available as net9 executables! Get-ZimmermanTools has been updated to support this, but net6 is still the default to give people time to transition. Within a few months, net9

Pretty sure most of you know I’m a happy user of ANY.RUN as a sandbox tool and just noticed they’ve added real-time Android analysis recently. Even better: it looks like it’s available for free! Definitely worth digging into and testing how effective it is

Remember the CrowdStrike incident that left many of your devices trapped in a BSOD loop? Turns out that Microsoft has been quietly working on something that could help you recover the next time it happens. (Because, yes, there will be a next time.) This new feature is called

🚀Introducing Guardrails, our security layer for agents and MCP-powered AI apps. Think of Guardrails as a deterministic constraining layer within your LLM and MCP servers. It enforces precise guardrails on your system, all while entirely transparent to your agent. (1/n) 👇