Greg Lesnewich

If this many wealthy people are illiterate idiots and so many in leadership roles are spineless outside of their own selfishness, perhaps there’s some flaws in our system

What if he got extradited from a neighboring nation? Would same punishment apply?

but DPRK ops are so nascent, would there be enough intelligence gain to put Hyok on like house arrest (with no internet) for cooperation? I don’t think you could safely flip him in place because any scent of disloyalty would get met with the business end of a Hwasong

lol at the names

BUT

Idk anything about defections. What would Park Jin Hyok (or another prolific DPRK operator) have to walk out of Pyongyang with for US/SK services to not just throw dude in prison?

Because CN or RU operators I feel like you jail for use later in a strategic trade.

"Shut up Greg"

I think you mean "A little TA453, a little TA450, a lot TA455"

Crossed wires: a case study of Iranian espionage and attribution | Proofpoint US Proofpoint would like to thank Josh Miller for his initial research on UNK_SmudgedSerpent and contribution to this report.  Key findings  Between June and August 2025,

New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...

Remote access, real cargo: cybercriminals targeting trucking and logistics | Proofpoint US Key findings  Cybercriminals are compromising trucking and freight companies in elaborate attack chains to steal cargo freight.  Cargo theft is a multi-million-dollar criminal

Threat actors are teaming up with organized crime to target truckers — stealing identities, placing fraudulent bids on freight, and making off with the cargo. Their entry point? Emails with links delivering Remote Monitoring and Management (RMM) tools. Together with @selenalarson.bsky.social :

These posts convinced me to pull the trigger on this bad boy:

Still testing 🤞

For those able to use #BinaryNinja projects; #BinYars can sort the files into folders based upon the #Yara-X rule metadata field, BNFolder. The folder nesting structure is determined by the number of matches that reside under each folder - check out the video below!

It's getting close to being done - #BinYars a #YARA-X #BinaryNinja plugin! Still testing, but plan on open sourcing it for all to use.

Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 github.com/1337-42/Simp...

Video: Part 1 of 2

If you pay enough, I hear they’ll give you a tour of an nuclear enrichment site, maybe even a ride on an ICBM

Proofpoint releases innovative detections for threat hunting: PDF Object Hashing | Proofpoint US Key findings Proofpoint created a new open-source tool for creating threat detection rules based on unique characteristics in PDFs called “PDF Object Hashing”.  This technique can

The tool has been released in the Proofpoint Emerging Threats public #GitHub for other defenders to leverage.

Learn more about it here: brnw.ch/21wWSH0

#PDF #threatdetection #cyberthreat

Proofpoint threat researchers have designed an open-source tool—named PDF Object Hashing—to track and detect the unique characteristics of PDFs used by threat actors... similar to a digital fingerprint. 🫆

We use this tool internally to help track multiple threat actors with high confidence.

What Athens was to Ancient Greece, NJ is to America

Common NJ W

Warm October days are great because it’s sunny enough for key lime pie after lunch

And cool enough at night for pumpkin pie after dinner

Excellent choice

Decoder Loop | Reverse Engineering Training Decoder Loop | Reverse Engineering Training

The amazing @cxiao.net is offering training at decoderloop.com for
#Rust #Malware #ReverseEngineering 😱
Her insight is absolutely priceless, she's taught me all I know about this. If you are organizing an event: This is the state-of-the-art training you are looking for.

same here

Tho I was given mercy due to the box mysteriously already having been opened and raided prior to my discovery of its location

That’s some wisdom on a Thursday night brother man

I’m envious of folks that can take social media breaks, so i am happy and envious of them

“You can get lost in the Sauce, but without the Sauce, you are lost”

Saw this Timothee Chamalet post elsewhere and immediately thought of @gabagool.ing @bigbadw0lf.bsky.social

In C YARA the grammar requires the stuff after the "of" to be a string set (string identifiers or string identifiers with wildcards). YARA-X just takes a tuple of boolean expressions.

This is incredibly useful. You can now say things like:

2 of ($a, pe.exports("foo"), pe.imphash() == "pants")

Thanks to @xorhex for an interesting discussion that is worth sharing here. I knew I read this somewhere but here's a fun thing you can do in YARA-X:

2 of ($a*, $b*, 3 of ($c*))

This is documented but not widely known: virustotal.github.io/yara-x/docs/...

“sir, the hut has been out-pizza’d”

When walking a zip file's central directory structure using #yara-x, `math.max` and `with` are your friends.

CN APT targets Serbian Government Mustang Panda continues targeting European governments

Quite a bit of CN APT activity in europe in the past week

strikeready.com/blog/cn-apt-...

As always, if you're interested in tuning your skills, download the samples here github.com/StrikeReady-...

if solo, I agree

If at brunch or breakfast, I think you have to go donut holes instead of full sized. But determining if an order of donuts for the table, is as Good as an order of pancakes for the table… will require further research

To the diner and bakery!