Jamie Levy 🦉

We're looking for a Principal Threat Intel Incident Commander here at @huntress.com ! Do you love to:

🔍 Conduct #DFIR analysis?
👀 Track threat actors?
🕸️ Work with others across different departments?
✍️ Write about your findings?
👩‍💼 Present your work?

Apply!: job-boards.greenhouse.io/huntress/job...

just choked on my beverage

Details can be found here:

job-boards.greenhouse.io/huntress/job...

🤔 Reach out if you have questions.

There's an open role for a Staff CTI Analyst on my team here
@huntress.com
📢💫

✨Do you love doing correlations between different incidents, sometimes digging into them, or doing malware analysis?

✨Do you like doing data analysis, and using this to make threat reports? 👇

Joe Grand's Hardware Hacking Basics [FTSCon 2025] This two-day comprehensive course teaches fundamental hardware hacking concepts and techniques used to explore, manipulate, and exploit electronic devices.

We are excited to announce that we are hosting a second training course for #FTSCon week! Join @joegrand.bsky.social as he leads his popular 2-day Hardware Hacking Basics course on Oct. 21-22 in Arlington VA! Registration is now OPEN!

We are so excited to have @joegrand.bsky.social keynoting at #FTSCon 2025! Come join us on October 20th!

From The Source 2025 Learn Directly from the World’s Leading Digital Investigators: On Monday, October 20, 2025, the Volatility Foundation is hosting From The Source, a one-day summit, in Arlington, VA, followed by fou…

We are counting down to #FTSCon 2025! We have a slate of great speakers—you don't want to miss this event!


If you haven't registered yet, register here: events.humanitix.com/from-the-sou....

Stay tuned for speaker spotlights!

#FTSCon Speaker Spotlight: Juan Andrés Guerrero-Saade is presenting “From Threat Hunting to Threat Gathering” in the HUNTER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

#FTSCon Speaker Spotlight: Toni de la Fuente is presenting “Open Cloud Security, lessons learned building Prowler” in the MAKER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

#FTSCon Speaker Spotlight: Wesley Shields (@wxs.bsky.social) is presenting “COLDRIVER: NOROBOT/YESROBOT/MAYBEROBOT” in the HUNTER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

#FTSCon Speaker Spotlight: Aleksandra Doniec (@hasherezade.bsky.social) is presenting “Uncovering Malware's Secrets with TinyTracer” in the MAKER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

#FTSCon Speaker Spotlight: Joseph Edwards (@eflags.bsky.social) is presenting “The Forensics of Zoom's Remote Control” in the HUNTER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

#FTSCon Speaker Spotlight: Andrew Case (@attrc.bsky.social) is presenting “Detection and Analysis of Memory-Only Linux Rootkits” in the MAKER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

Excited to speak at FTSCon next month!

#FTSCon Speaker Spotlight: Joe FitzPatrick (@securelyfitz.bsky.social) is presenting “Rethinking DMA Attacks with Erebus” in the MAKER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

#FTSCon Speaker Spotlight: Daniel Gordon (@validhorizon.bsky.social) is presenting “When the AppleJeus GitHub is Worth the Squeeze: Citrine Sleet Investigation” in the HUNTER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

#FTSCon Speaker Spotlight: Denis Bueno is presenting “CTADL: Customizable Static Taint Analysis” in the MAKER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

#FTSCon Speaker Spotlight: Michael Horka is presenting “Lilac Typhoon aboard the Indigo Train - The Current State of Chinese Obfuscation Networks” in the HUNTER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

An Attacker’s Blunder Gave Us a Look Into Their Operations | Huntress An attacker installed Huntress onto their operating machine, giving us a detailed look at how they’re using AI to build workflows, searching for tools like Evilginx, and researching targets like software development companies.

An incredible firsthand glimpse into threat actor operations from Huntress:

CYBERWARCON is back.

🗓️ Wednesday, Nov 19, 2025 | Crystal City + virtual
🔗 cyberwarcon.com

Last chance to be a part of *THE* premier #InfoSec event in Northern Virginia, #BSidesNoVA!

Submit a talk or workshop by 11:59PM ET tonight, August 15th.
sessionize.com/bsidesnova-2...

Active Exploitation of SonicWall VPNs | Huntress A likely zero-day vulnerability in SonicWall VPNs is being actively exploited to bypass MFA and deploy ransomware. Huntress advises disabling the VPN service immediately or severely restricting access...

We've seen quite a lot of intrusions involving SonicWall devices here at @huntress.com

We decided to write a bit about what attacker tradecraft we've seen on the other end of these intrusions:

🔎 www.huntress.com/blog/exploit...

BSidesNYC thanks @gleeda.bsky.social and the rest of the 0x05 Technical CFP Committee, @cyb3rkitties.bsky.social, Cesar Vargas, Jase English, Jamie Williams, Jessica Hyde, @rmettig.com, and Stephanie Aceves for volunteering their time to review talks. Many thanks for curating our programming.

The BSidesNYC call for papers is still open. Submit your topic today! bsidesnyc.org

This is the first of a series of posts we're doing on some of the vulns found as part of the HackerOne work – we have lots more fun ones coming up about some great SSRF, SQLi, and RCE vulns it discovered, with very clever exploit techniques :)

Inside the BlueNoroff Web3 macOS Intrusion Analysis | Huntress Learn how DPRK's BlueNoroff group executed a Web3 macOS intrusion. Explore the attack chain, malware, and techniques in our detailed technical report.

excited bc today @huntress.com is releasing our analysis of a gnarly intrusion into a web3 company by the DPRK's BlueNoroff!! 🤠

we've observed 8 new pieces of macOS malware from implants to infostealers! and they're actually good (for once)!

www.huntress.com/blog/inside-...

Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows Since early March 2025, Volexity has observed multiple suspected Russian threat actors conducting highly targeted social engineering operations aimed at gaining access to the Microsoft 365 (M365) acco...

@volexity.com #threatintel: Multiple Russian threat actors are using Signal, WhatsApp & a compromised Ukrainian gov email address to impersonate EU officials. These phishing attacks abuse 1st-party Microsoft Entra apps + OAuth to compromise targets.

www.volexity.com/blog/2025/04...

#dfir

Congratulations to all of the Volatility contributors - this was no small feat! We are proud to be a sustaining sponsor of this important open-source project that remains the world’s most widely used memory forensics platform. #dfir

Announcing FTSCon 2025 & In-person Malware and Memory Forensics Training! Mark your calendars for Monday, October 20, 2025! We will again be hosting FTSCon in Arlington, Virginia.You can read more event details here. Registration is now open!

We are excited to announce FTSCon 2025 on October 20, 2025, in Arlington VA! Registration is now OPEN + we have a Call for Speakers.

Following FTSCon will be a 4-day Malware & Memory Forensics Training course with Volatility 3.

See the full details here: volatilityfoundation.org/announcing-f...

It’s raining, and feeding time, so what do we do? Sheep and goat dance set!!!

💣💥 turn up the volume! 🔊🔊