Chi En (Ashley) Shen

Heading to Hacker Summer Camp next week? 🌵If you’re curious about the journeys behind the hacks, the challenges and the stories that shaped us, come join our panel: "Hacking the Status Quo”. With Valentina Palmiotti (Chompie), Natalie Silvanovich, and Vandana Verma. #BHUSA #blackhatusa

The SOS conference is officially THREE months away! On October 28, we gather to discuss the latest developments in nation-state operations with leading experts!

⏰ CFP Ends September 1st!
🐧 Early Bird Tickets almost sold out!
🕵️ Come talk espionage, sabotage, ORBATs, and more!

stateofstatecraft.com

State of Statecraft A new conversation for a new era.

Excited to see another threat intel focused conference taking place in Europe, and it’s organized by threat analyst in the field! The CFP is opened until Sept 1st. Looking forward to see your amazing research!
#What_is_SOS #StateOfStatecraft

www.stateofstatecraft.com

Had a great time on the @malspace.bsky.social podcast with Julien talking about my PIVOTcon presentation from tracking compartmentalized attacks to thoughts on attribution. Fun convo (and I loved the theme song at the end!). 🎶 Thanks for having me!

malspace.com/episodes/mul...

I'm excited to return to Black Hat USA this year and have the opportunity to give away one briefings pass to the conference. If you're a student or someone who could use a little support to attend, I'd love to hear from you. DM me if you're interested!
#BHUSA

Looking forward to my week at @botconf.infosec.exchange.ap.brid.gy ! Please come say hi if you are around! #Botconf2025

OffensiveCon25 - YouTube OffensiveCon 2025 Talks

Talks from the OffensiveCon 2025 security conference, which took place last week, are now available on YouTube

www.youtube.com/playlist?lis...

Huge thanks to @vertexproject.bsky.social for updating Synapse to support the new "relationship" context.
We’re excited to see this research foster collaboration and push real change across the threat intelligence community. (3/3)

Defining a new methodology for modeling and tracking compartmentalized threats How do you profile actors and defend your systems when multiple threat actors are working together? In Part 2, Cisco Talos proposes an extended Diamond Model to analyze complex relationships between a...

In blog 2, we dive into the challenges of investigating compartmentalized campaigns. We share our approach to identifying them and propose an extended Diamond Model with a new "relationship" layer to close the analytical gaps. (2/3)
blog.talosintelligence.com/compartmenta...

📡 New blogs out: Compartmentalized attacks are no longer limited to financially motivated actors, state-sponsored groups are adopting them too. We propose a new taxonomy for initial access groups to reflect broader motivations and affiliations. (1/3)

TA406 Pivots to the Front | Proofpoint US What happened  In February 2025, TA406 began targeting government entities in Ukraine, delivering both credential harvesting and malware in its phishing campaigns. The aim of these

@greg-l.bsky.social drops knowledge on TA406 (Konni) as North Korea shows new interest in Ukraine, likely to keep tabs on the progress of the war and Russia's ability to keep pace on the battlefield www.proofpoint.com/us/blog/thre...

Had an amazing time speaking at @pivotcon.bsky.social last week! Grateful for the chance to share insights and connect with the brilliant minds. PIVOTcon remains my favorite threat intel event in Europe. Huge thanks to the organizers for creating this community and the memorable experience.

HITCON 2025 CFP HITCON 2025 CFP

A lot of you have been asking, YES! HITCON 2025 CFP is open! The conference will be host on August 15 - August 16. Submit your talk before June 8th. Looking forward to your submissions! #HITCON #HITCON2025
CFP: cfp2025.hitcon.org/en/

Come work with us! We are looking for a creative and self-motivated communications professional to join our team this summer in the role of Digital Communications Specialist. This is a FT, hybrid position based at @uoft.bsky.social in downtown Toronto.

Learn more: citizenlab.ca/2025/05/job-...

BREAKING: jury awards massive $167 million in punitive damages against spyware company NSO Group.

Precedent-setting win against notorious #Pegasus spyware maker.

Very consequential for victims to see this.

Congratulations to #WhatsApp on sticking this case through since 2019. Some thoughts 1/

We just published our investigation into a Cactus ransomware campaign, uncovering TOYMAKER, an IAB group using a custom backdoor LAGTOY. It’s still challenging to identify compartmentalized attacks. We’ll share our approach and solutions at @pivotcon.bsky.social in 2 weeks! #toymaker

China-nexus APT exploits Ivanti Connect Secure VPN vulnerability to infiltrate multiple entities - TeamT5 In late March, TeamT5 detected that the China-nexus APT group exploited the critical vulnerability in Ivanti Connect Secure VPN appliances to infiltrate multiple entities around the globe. The victims...

New blog from TeamT5 warns a China-nexus APT is exploiting a vulnerability in #Ivanti Connect Secure VPN appliances to target victims in EMEA and the US. Today Shadowserver's CVE-2025-22457 tracker shows 4,098 unpatched instances remain, mostly in Asia and the US.

pse.is/7esf4n

Wrapped up 2 panels at Black Hat Asia 🥳 ! Had such a great time meeting everyone. Thank you to all who stopped by the Community Lounge! I truly enjoyed the discussions and hope our answers were helpful. See you next year! #BHASIA

Lego of Black Hat Operations Center 😍😍 Love the Bricks & Picks zone at Black Hat Asia this year! #BHASIA

After nearly 9 years on the Black Hat Asia review board (ufff time flies!), I’m honored to take on more responsibility and join the Black Hat USA review board this year. The CFP closes in 2 days—get your brilliant research in! #BlackHat #BHUSA
💻Submit CFP: usa-briefings-cfp.blackhat.com

Black Hat Black Hat

Event page: www.blackhat.com/asia-25/feat...

Come join us at the Ask A Security Expert session at Black Hat Asia on April 4th! I'll be there with Orange Tsai, Ryan Flores, and Dr. Marina Krotofil answering your cybersecurity questions. Submit your topics in advance using the form on the event page. Looking forward to seeing you there!

abuse.ch - Figthing malware and botnets abuse.ch is providing community driven threat intelligence on cyber threats

Introducing: abuse.ch Hunting Platform abuse.ch/blog/introdu...

I had an amazing time at the Devcore conference last weekend! It was an honor to share my thoughts on exploit hunting there. Super impressed by the quality of talks and really enjoyed meeting so many great people. Huge thanks to the Devcore team for the wonderful experience!

It looks like Microsoft has been quietly updating its 2023 new APT naming table with new entries

The table used to have 20-30 entries... it's now gigantic!

Bookmark it: learn.microsoft.com/en-gb/unifie...

Love the swags from @devco.re.web.brid.gy conference 2025 😍

Here we go!!

✈️  Heading to Taiwan this week for @devco.re.web.brid.gy Conference 2025! I’ll give an intro on exploit hunting and its challenges. Excited to speak in Taiwan again and looking forward to the great talks and meeting everyone there!

conf.devco.re/2025/agenda/

Honored and excited to be speaking at @pivotcon.bsky.social again this year! 🎉 Huge shoutout to the co-authors @_vventura, @b4n1shed.bsky.social and @asheermalhotra —couldn’t have done this research without you! Looking forward to seeing everyone in Málaga.

This year I must join the Karaoke!😆

Weathering the storm: In the midst of a Typhoon Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights ou...

📣 @talosintelligence.com investigated #SaltTyphoon and discovered a custom-built tool called JumbledPath, used for packet capturing. While no new exploits were observed, their tactics remain a significant threat to targeted organizations. blog.talosintelligence.com/salt-typhoon...