The Dragos 2026 Year In Review Report is live: 3 new threat groups, updates from 3 of our more active threat groups, and (my personal favorite) coverage of a subset ICS-related capabilities that we found last year.
17.02.2026 15:01 β π 5 π 2 π¬ 0 π 0
βAI will change the average persons lifeβ
The average person using AI:
(h/t Reid Wightman for finding this gem)
Every year at @cyberwarcon.bsky.social thereβs an extraordinarily well sourced deeply detailed talk about a topic that I literally know nothing about but is extraordinarily fascinating. Congrats @bees.infosec.exchange.ap.brid.gy for producing this yearβs edition.
19.11.2025 19:24 β π 10 π 2 π¬ 1 π 0Not surprised - Jonathan truly knows his shit. Congrats Jonathan!
19.11.2025 20:00 β π 3 π 0 π¬ 0 π 0
Me watching everyone at CYBERWARCON this week
19.11.2025 13:20 β π 3 π 0 π¬ 0 π 0
βFour of the 16 short links were clicked, three by the senior staff members.β
Thatβs a pretty good return rate for phishing. Blasting out hundreds of phish, as they did, and youβll always get someone. But 25% for a given orgβ¦
*sends phish to John Podesta using public account on bitly to hide URL*
βholy shit, this guys goodβ¦world-class, even.β
Glad they got this asshole
Thatβs what we call an OPSEC oopsie
14.11.2025 14:17 β π 7 π 0 π¬ 0 π 0
Had a great time presenting at LSU this week on hunting and analyzing Go and Python malware samples while hunting for ICS malware. For those who couldn't make it, you can catch a recording of this talk from Hou.Sec.Con last month with @sam-hans0n.bsky.social
www.youtube.com/watc...
A lot of folks have reached out about Socketβs recent report on a supply chain attack using malicious NuGet packages to target Siemens S7 protocol and other PLCs.
This is not a supply chain attack in the traditional sense.
1/6
That game hurt my soul, last Vikings drive wasβ¦rough to say the least.
09.11.2025 21:49 β π 0 π 0 π¬ 0 π 0
Went to a wedding and danced. Then went to a bar and danced. I didn't care about people watching me dance and people liked that I danced.
Just dance.
See you all tomorrow at #bsidesTC at Open Book in downtown Minneapolis!
16.10.2025 20:13 β π 2 π 3 π¬ 0 π 0
Our DEF CON33 ICS Village talk is now on YouTube!
@sam-hans0n.bsky.social and I share stories of malware we discovered while searching for ICS threats, and discuss our approach to assessing their reputation.
Don't Cry Wolf: Evidence-Based Assessment of ICS Threats
DEF CON talk now on YouTube! Check it out:
16.10.2025 19:20 β π 1 π 0 π¬ 0 π 0Excited to launch the BSidesTC CTF this evening! Its been a lot of fun planning and designing the challenges with @sam-hans0n.bsky.social. I hope everyone has fun with it and I look forward to seeing how people do!
11.10.2025 03:54 β π 2 π 1 π¬ 0 π 0
The BSidesTC 2025 Capture The Flag challenge has officially launched.
Head to our website to download the zipped executable file:
bsidestc.org?page_id=145
Players will need an x86_64 Linux sandbox to start the challenge.
Organizers will be available at the conference to answer any questions.
Dropping very soon!!
11.10.2025 01:08 β π 1 π 0 π¬ 0 π 0
In ICS, malware analysis can feel like archaeology. I started the week with a 13 year old sample and ended the week with @sam-hans0n.bsky.social pinging about an 18 years old sample.
So, save your old Windows ISOs and VMs, you might need them!
βWhat made you investigate that specific sample on VirusTotal?β
17.02.2025 17:59 β π 2 π 0 π¬ 0 π 0
Super excited about a new tool, PyLingual, a transformed based Python decompiler. This will be super useful for malware analysis, great work to the teams involved.
pylingual.io/about
Check out their research paper here (also fun to see Dragos cited):
softsec.kaist.ac.kr/~sangkilc/pa...
11.12.2024 20:28 β
π 1
π 0
π¬ 0
π 0
Without the direct ties to an event or IoCs, it can be difficult making that determination.
Is it malware or a red teaming tool?
Is it malware or a research project?
Itβs not always obvious. Malware repositories can contain some real gold. But without hard evidence, we canβt make conclusions.
Another day of βis it malware or is it a CTF challengeβ
06.12.2024 17:53 β π 1 π 0 π¬ 1 π 0Btw - your cooking pics look incredible. Teach me your ways.
01.12.2024 17:31 β π 1 π 0 π¬ 1 π 0*infosec.
01.12.2024 17:28 β π 1 π 0 π¬ 1 π 0Agreed. I get astrophotography, infused, and cats. So much better.
01.12.2024 17:26 β π 1 π 0 π¬ 1 π 0
The River of Doubt!
Itβs about Theodore Roosevelt expedition after his 1912 election loss. I just finished it today, itβs incredible what he persevered.
And yes βoff the Xβ is a double entendre. But it feels fitting, cause Twitter became disgusting and dangerous.
01.12.2024 15:56 β π 0 π 0 π¬ 0 π 0
Hello Bluesky community! Figured I should do an introduction.
Iβm a vuln/malware analyst at Dragos, specializing in malware analysis, vulnerability research, and (some) threat hunting.
Big fan of anything space-related, fitness, and general nerd shit.
Happy to be βoff the Xββ¦ so to speak π
