tlansec

YouTube video by Pascal Burger Bran Van 3000 - Drinking in LA (live at Nulle Part Ailleurs)

youtube.com/watch?v=5Z6a...

⏰ The inaugural SOS conference is 30 days away! Have you gotten your ticket yet?!?

Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more.

Registration is still open! stateofstatecraft.com/agenda

COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz The Russia-linked group COLDRIVER targeted dissidents and their supporters using a ClickFix technique, resulting in the deployment of BAITSWITCH and SIMPLEFIX.

www.zscaler.com/blogs/securi... - Nice writeup by zscaler on some COLDRIVER malware. I'm talking about this stuff at #FTSCon in a few weeks and will have lots more details there.

RedNovember Targets Government, Defense, and Technology Organizations RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...

First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...

Staff Security Research Engineer About Us: We are the leader in human-centric cybersecurity. Half a million customers, including 87 of the Fortune 100, rely on Proofpoint to protect their organizations. We’re driven by a mission to s...

Couple of openings here in our threat research org!

Staff Security Research Engineer:
proofpoint.wd5.myworkdayjobs.com/en-US/Proofp...

Senior Threat Researcher (ecrime team):

proofpoint.wd5.myworkdayjobs.com/ProofpointCa...

In Swedish, a word for what you eat to bridge the gap between meals (or while waiting for the main course to cook) is stödmacka. It means "support sandwich."

A similar word in Norwegian is ventepølse, or "waiting sausage."

Gamaredon X Turla collab ESET researchers reveal how the notorious APT group Turla collaborates with fellow FSB-associated group known as Gamaredon to compromise high‑profile targets in Ukraine.

www.welivesecurity.com/en/eset-rese...

#FTSCon Speaker Spotlight: Wesley Shields (@wxs.bsky.social) is presenting “COLDRIVER: NOROBOT/YESROBOT/MAYBEROBOT” in the HUNTER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...

From The Source 2025 Learn Directly from the World’s Leading Digital Investigators: On Monday, October 20, 2025, the Volatility Foundation is hosting From The Source, a one-day summit, in Arlington, VA, followed by fou…

I’ll be giving a talk at FTS this year. Not going to lie, I’m doing it just so I can heckle Sir Tom of The House of Lancaster (@tlansec.bsky.social) in person.

volatilityfoundation.org/from-the-sou...

ME, IN TEARS: you can't just say every single part of a computer system is a file

UNIX, POINTING AT THE MOUSE: file

Malware and Memory Forensics Training - Memory Analysis Malware and memory forensics training courses offered by the Memory Analysis Team.

The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques

memoryanalysis.net/courses-malw...

Now up to 22 different Cinnamon Toast Crunch related products. The quest continues.

TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge
@rationaledge.bsky.social
rationaledge.io

#threatintel #threathunting #cti #reverseengineering #detection 1/9

And that’s a wrap for our 2025 #summerinternship program! This was a great summer of challenging impactful projects & fun team-building excursions. We wish our students all the best as they settle back into their Dept of Computer Science programs at University of Notre Dame & University of Maryland!

I don't think children should have phones. They should have huge beige desktop computer with "Windows 9x Operating System", "Dedicated 3D accelerator", and "SoundBlaster compatible sound card"

Coming this October: #FTSCon 2025, hosted by @volatilityfoundation.org! And this year there are TWO in-person training opportunities!👇

#dfir #memoryforensics #volatility3 #hardwarehackingbasics #grandideastudio

We are thrilled to announce that @joegrand.bsky.social is this year’s #FTSCon Keynote speaker! Joe will be sharing stories & technical details about his wallet hacking adventures to kickoff our full-day event on Monday, Oct 20, 2025. You don’t want to miss this!

Go Get 'Em: Updates to Volexity Golang Tooling Volexity’s GoResolver tool was released in April 2025 to help with analysis of these samples, reducing analyst load when working with obfuscated Golang binaries. However, there are still some difficul...

@volexity.com has released updates to its #opensource GoResolver project and more! This work was part of a project for one of our #summerinternship students. Read more details about Volexity’s updated GoResolver projects + other #golang tools in our special blog post!

#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese...
1/7

Release v1.5.0 · VirusTotal/yara-x Implement the crx module for parsing Chrome Extension files (#423). Allow underscores in integer and float literals (#405). Adopt Anomali's symhash algorithm for Mach-O files (#425). Support boolea...

YARA-X 1.5.0 is out. Nice new features (including a crx module) and bug fixes. Congratulations to Victor and all the contributors!

github.com/VirusTotal/y...

Incredible writeup from Eye Security on their adventures logging into internal-only MS services: research.eye.security/consent-and-...

A radiologist called me yesterday. It sounded serious. They said they spotted an anomaly on my x-rays. I was prepared for the worst. They found a strange shape and the word "Quantamonster." That's the company logo of my new startup. Years ago I asked a surgeon to engrave it onto my patella. Now, every time I go for an X-ray, the radiologist sees it, gets intrigued. If they search it, they'll find that we've just opened a new seed round. They sign up. Some say to raise investor money you have to think outside the box. I say you need to think inside the body. Venture capitalism is in my bones.

A radiologist called me yesterday. I was prepared for the worst

YouTube video by Bee4Brendan "I don't know shit about fuck" - Ruth Langmore - Ozark

I think about this quote alot:

youtu.be/8J8A9ZiIeUQ?...

QUIZ: Are You Even Good Enough to Have Imposter Syndrome?

Jen Easterly was a supremely effective leader of CISA and you would be very hard pressed to find anyone who's a more qualified and quietly competent professional than her. This administration and its gormless hacks continue to cut off our collective noses to spite our face.

The Kremlin's Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware The FSB cyberespionage group known as Turla seems to have used its control of Russia's network infrastructure to meddle with web traffic and trick diplomats into infecting their computers.

Microsoft found Turla, Russia's elite FSB cyberespionage group, hacking foreign embassies' staff in Moscow by directly meddling with ISP traffic to infect targets with spyware that silently stripped away encryption on their communications and credentials. www.wired.com/story/russia...

First cell-phone network cyberattack on Tibetan leader detected - Phayul Phayul.com is one of the most popular & successful Tibetan news website in English. With daily readers touching over 12,500 and still growing. It features news and views on Tibet.

First cell-phone network cyberattack on Tibetan leader detected @tibcert.bsky.social

www.phayul.com/2025/07/29/5...

~Paloalto~
Nation-state actor Liminal Panda uses custom malware like GTPDoor to infiltrate telecom networks for persistent access and potential location tracking.
-
IOCs: GTPDoor, ChronosRAT, NoDepDNS
-
#GTPDoor #LiminalPanda #ThreatIntel

When your CTI blog uses AI art, it immediately loses 10 respect points. Discuss.