@validhorizon.bsky.social
Thought Trailer, Cyber Threat Intel, DFIR. He/Him. Bucketing, sharing, and bacon-saving as a service. https://validhorizon.medium.com/
25% off all courses, promo code ALLYALL and sale ends at midnight ET on 12/2
LIFTOFF! All my courses on networkdefense.io are 25% off until Tuesday, 12/2, at midnight ET π
This is the only sitewide sale we do all year, and the cheapest you'll see these courses.
This event is for all y'all, so to get the discount, use code ALLYALL at checkout.
For software developers: there's currently a highly sophisticated hacking group targeting developers with backdoored coding skills tests. They typically take the form of large source codes specific to your skillset. Please email any suspicious code to me on: suspicious-skill-tests@protonmail.com
1/2
On the plus side, if you had to decided to go into law or politics this would have just been a normal Tuesday.
27.11.2025 03:10 β π 1 π 0 π¬ 1 π 0Honestly just being able to summarize the scale and current state of the issue in 25 minutes is a pretty significant achievement.
24.11.2025 21:15 β π 3 π 0 π¬ 1 π 0"A Pain in the Mist: Navigating Operation DreamJobβs arsenal" published by OrangeCyberdefense. #DreamJob, #MISTPEN, #UNC2970, #DPRK, #CTI https://www.orangecyberdefense.com/global/blog/cert-news/a-pain-in-the-mist-navigating-operation-dreamjobs-arsenal
21.11.2025 13:30 β π 3 π 1 π¬ 0 π 0Even ignoring all the practical challenges: marketing, researchers, customers/defenders and policy makers use threat group names differently. Standardization canβt really account for these different use cases very well.
20.11.2025 14:00 β π 1 π 0 π¬ 0 π 0
The keynote from @dmitri.silverado.org was both a heartfelt apology but also basically this xkcd.com/927/ haha
20.11.2025 13:54 β π 3 π 0 π¬ 1 π 0This is a pretty wild evolution. Both the integration of cyber and kinetic and the fact IRGC and that MOIS might actually be working effectively together.
20.11.2025 11:48 β π 2 π 0 π¬ 0 π 0It was a pleasure to be a part of this event along with quite the cast of characters, including some folks who Iβve worked with over the years. Thank you to the organizers and their truly amazing promotional themes! See folks tomorrow at @cyberwarcon.bsky.social
19.11.2025 00:10 β π 4 π 0 π¬ 0 π 0
Bsides Pyongyang starts in 15 minutes if the Cloudflare gods cooperate.
youtube.com/@bsidespyong...
m.twitch.tv/bsidespyongy...
At the end of the day in incident response, you may get accolades if you catch the attacker, but you will have the most impact if you have met the victim's needs. #infosec #dfir
17.11.2025 21:36 β π 3 π 1 π¬ 0 π 0I really enjoy when my research on unusual suspected state sponsored hacking groups is useful. *monkey paw curls*
17.11.2025 11:45 β π 3 π 0 π¬ 0 π 0Tax dollars?
16.11.2025 08:29 β π 2 π 0 π¬ 2 π 0Over the course of my career Iβve found and accomplished some pretty wild stuff. Next week I will be talking, for the first time, about one of the wildest things I ever found. The talk will be geared to analysts and practitioners but pretty sure this will be fascinating for everyone.
14.11.2025 02:57 β π 9 π 1 π¬ 0 π 0They dropped this in August which was better than I expected from an AI company. www.anthropic.com/news/detecti...
Theyβve hired some established names in CTI.
I honestly donβt consider this recent report to be that extraordinary given the number of people trying to figure how to AI everything.
Theyβre sharper and more careful than I am though maybe Iβm a low bar to clear
13.11.2025 21:01 β π 3 π 0 π¬ 1 π 0Lots of orgs redact IOCs, which I hate, but when you have only one method of detection, you donβt broadcast it for the adversary.
I believe you know security folks but you donβt know the CTI team or you wouldnβt be posting.
Why would they call a 3rd party about platform abuse? Also Bishop Fox wtf?
Cannot believe Iβm defending an AI company but no 1,4,5 are not legit. Like not even slightly legit.
13.11.2025 20:35 β π 1 π 0 π¬ 1 π 0
An org chart with R at the top, Iβs and Bβs at the second level and Gβs and Bβs on the third.
AI will do it for us!
13.11.2025 15:50 β π 3 π 0 π¬ 0 π 0Fixed π
11.11.2025 21:11 β π 2 π 0 π¬ 0 π 0Something is broken in YARA for VirusTotal right now, signatures matching on things for no apparent reason.π«‘ to any folks who have to clean up
11.11.2025 16:14 β π 3 π 0 π¬ 1 π 0Doesnβt look like DPRK to me, should probably give them your social security number
10.11.2025 14:15 β π 3 π 0 π¬ 1 π 0I donβt know. Not a lot of public info on that. In the current environment, I suspect they write a love letter, do a photo op, and build a hotel and get him back for free but π€·ββοΈ
10.11.2025 00:57 β π 0 π 0 π¬ 0 π 0If you defect, your family goes to a prison camp or worse.
09.11.2025 23:04 β π 0 π 0 π¬ 1 π 0*Screams incoherently at five different things about this that make no sense*
09.11.2025 18:36 β π 2 π 0 π¬ 1 π 0bsky.app/profile/vali...
08.11.2025 16:17 β π 2 π 0 π¬ 1 π 0A lot of βinfrastructure geolocates to X, therefore state sponsored by Xβ. A lot of βmajor ransomware attack was to distract from an [unrelated] major espionage intrusionβ and a lot of βI heard about something a couple times therefore growing trendβ.
08.11.2025 13:57 β π 2 π 0 π¬ 0 π 0With that said Iβve certainly seen this kind of thing from western intel folks as well and spent way more time than I would like debunking grand conspiracy theories and wild unsupported attribution statements.
08.11.2025 13:57 β π 2 π 0 π¬ 1 π 0I know dunking on this is fun and all but if you watch the clip Christo is laughing and mocking this conspiracy theory he heard from Russian intel. Iβve heard stories about the terrible quality of Russian intel but this is bad.
08.11.2025 13:43 β π 4 π 0 π¬ 1 π 1Also I should note Christo is relaying Russian intel RUMINT rather than things he actually believes.
07.11.2025 00:28 β π 0 π 0 π¬ 1 π 0
