Steve YARA Synapse Miller's Avatar

Steve YARA Synapse Miller

@stvemillertime.bsky.social

threat intelligence @google writing & sharing on adversary tradecraft, malware, threat detection, ics/ot + cyber physical intel, and of course all things #yara

1,946 Followers  |  235 Following  |  62 Posts  |  Joined: 28.07.2023
Posts Following

Posts by Steve YARA Synapse Miller (@stvemillertime.bsky.social)

Post image

If you need me I'll be in the Andromeda Galaxy

18.10.2025 15:39 β€” πŸ‘ 6    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

Hang on gotta pump up the valuation so my series B folks can exit

03.07.2025 22:38 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Those of you building modern edge devices, packet tools, network sensors, SSL decrypt, Suricata, etc -- it'll be a couple years yet, but your day will come again. Slow and steady like erosion, the attention, the investment, the market will come crawling back to you.

03.07.2025 21:54 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Imo the security product market is almost always a decade behind needs, but over time ends up being pulled to meet the adversary where they are operating. In the 2010s the market came late to the endpoint, in the 2020s late to the cloud, in the 2030s it'll be back to the network.

03.07.2025 21:54 β€” πŸ‘ 6    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

Summer of George

19.06.2025 20:57 β€” πŸ‘ 9    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

I'll give it a top 10 :D

28.05.2025 21:20 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

My top 5 movies about ~hacking probably say more about my age than anything else, but still:

#1 - Hackers (1995)
#2 - War Games (1983)
#3 - Johnny Mnemonic (1995)
#4 - Ghost in the Shell (1995)
#5 - Office Space (1999) <- surprisingly full of hacks

28.05.2025 14:35 β€” πŸ‘ 14    πŸ” 0    πŸ’¬ 5    πŸ“Œ 0

True Lies

11.05.2025 03:36 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

The Wire, but a cybercrime version of it

09.05.2025 21:50 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 1    πŸ“Œ 0

imo, great defenders think like attackers
and great attackers think like defenders
and great security folks think like both
and great intelligence folks think like neither
beep boop
computers

08.05.2025 15:53 β€” πŸ‘ 10    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

I used to secretly judge folks that don't *love* music. But I learned that not everyone has the same ability to _detect_ musical features (pitch, rhythm, harmony etc). This happens not in the ear but in the brain. W/ diff neuro wiring & genes, folks don't always hear what I hear.

27.04.2025 17:30 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

"The game is out there, and it's either play or get played." - Omar

12.04.2025 19:25 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Which of the Warhammer 40K races and factions should I get into? Sisters of Battle? Space Wolves? Henry Cavill?

11.04.2025 21:37 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Windows Remote Desktop Protocol: Remote to Rogue | Google Cloud Blog A novel phishing campaign by Russia-nexus espionage actors targeting European government and military organizations.

Really neat exposΓ© on RDP tradecraft to include signed .rdp configs, resource redirection, RemoteApps and probably PyRDP.

cloud.google.com/blog/topics/...

07.04.2025 16:02 β€” πŸ‘ 12    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Preview
Windows Remote Desktop Protocol: Remote to Rogue | Google Cloud Blog A novel phishing campaign by Russia-nexus espionage actors targeting European government and military organizations.

Excellent breakdown of the β€œRogue RDP” TTP we’ve seen susp Russian APT UNC5837 using in their campaigns written by my colleague Rohit (@IzySec over on X)

07.04.2025 15:06 β€” πŸ‘ 16    πŸ” 8    πŸ’¬ 0    πŸ“Œ 0
Preview
Windows Remote Desktop Protocol: Remote to Rogue | Google Cloud Blog A novel phishing campaign by Russia-nexus espionage actors targeting European government and military organizations.

Windows Remote Desktop Protocol: Remote to Rogue
cloud.google.com/blog/topics/...

07.04.2025 15:18 β€” πŸ‘ 3    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

"NIST to purge 'wasteful' algorithms, return to using DES"

06.04.2025 21:48 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

gorge

22.03.2025 15:14 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

We most definitely trained at the same dojo! and lots of folks rotated through it over the years, I think there is a hybrid 100DoY-fu slowly developing :D

08.03.2025 14:29 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
MalChela – A YARA and Malware Analysis Toolkit written inΒ Rust Saturday was for Python. Sunday was for Rust. After my success with the Python + YARA + Hashing, I decided to take things to the next level. Over the past few years I've created a number of Python and PowerShell scripts related to YARA and Malware Analysis. What if I combined them into a single utility? While we're at it, let's rewrite them all from scratch in Rust.

Introducing MalChela. A YARA and Malware Analysis utility written in Rust. #DFIR #MalwareAnalysis #YARA #Hashing

03.03.2025 20:10 β€” πŸ‘ 7    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

Seeing these scrips run brings me joy. #DFIR #MalwareAnalysis #Python #YARA

02.03.2025 01:01 β€” πŸ‘ 8    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
Creating custom hash sets with YARA andΒ Python I don't like to brag, he said, but you should see the size of my malware library. For a recent project, I wanted to produce a hash set for all the malware files in my repository. Included in the library are malware samples for Windows and other platforms. Within the library there are also a lot of pdf's with write ups corresponding to different samples.

Creating custom hash sets with YARA andΒ Python

I don't like to brag, he said, but you should see the size of my malware library. For a recent project, I wanted to produce a hash set for all the malware files in my repository. Included in the library are malware samples for Windows and other…

01.03.2025 18:13 β€” πŸ‘ 9    πŸ” 2    πŸ’¬ 0    πŸ“Œ 1

Do not despair, my friends, the only way out is through;
And the climate will probably kill us all pretty soon anyway

01.03.2025 15:17 β€” πŸ‘ 10    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

One rule's FP is another rule's FN.

25.02.2025 14:52 β€” πŸ‘ 4    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

SSH is the cyber blood magick of both the world's most stalwart orgs and the world's toughest adversaries.

21.02.2025 14:42 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

You’re an MSS or SVR cyber targeter who’s spent years trying to find an access vector into SPS/PAM; then suddenly a pack of high-profile, right-wing, edgelord zoomers β€” who will definitely click on any link they think will get them laid β€” just get admin access. Prepositioning acquisition speedrun.

05.02.2025 00:18 β€” πŸ‘ 63    πŸ” 14    πŸ’¬ 1    πŸ“Œ 1

American companies have been giving my data to China for a decade. I don't see why I shouldn't have the option to just give it to them myself.

19.01.2025 17:30 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

For those reasons and more, I've been slowly dialing back Amazon altogether in favor of other things. Hoping to cancel Prime by next year. Just a terrible shopping experience.

13.01.2025 23:18 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Years of mediocre gen AI commodities will birth a generation of neo-luddites who refuse to delegate the joys of art, music, writing & human connection to machines. They'll sketch, read human-gen pBooks, buy vinyls at concerts, share hand-written original pre-trend non-memes.

10.01.2025 20:19 β€” πŸ‘ 2    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

If you want to test out my YARA rule linting work use this PR: github.com/VirusTotal/y...

If you want to get the basic gist of it, this config file change has documentation on it: github.com/VirusTotal/y...

Just set it in your config file and use "yr check" for now.

Happy #100DaysOfYARA. ;)

09.01.2025 14:58 β€” πŸ‘ 15    πŸ” 6    πŸ’¬ 1    πŸ“Œ 0