@ashl3y-shen.bsky.social
Security researcher @ Cisco Talos. / Ex-Google TAG / Black Hat & HITCON review board / Organiser of Rhacklette.
1/ Today we release a new report exposing previously undisclosed entities connected to the wider #Intellexa ecosystem as well as newly identified activity clusters in Iraq and indications of activity in Pakistan: www.recordedfuture.com/research/int...
04.12.2025 04:17 β π 26 π 21 π¬ 2 π 4
So excited that Iβm going to present my latest research at @districtcon.bsky.social in January! The last round of tickets are going on sale on this Sunday (Nov 16th @12pm EST). Looking forward to see you in DC!
13.11.2025 13:06 β π 3 π 0 π¬ 0 π 0
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
05.11.2025 13:37 β π 18 π 12 π¬ 2 π 0
Gonna be in Belgium for the first time after living in Europe for 7 years. Come catch me if you are at @what-is-sos.bsky.social tomorrow!!!
27.10.2025 11:18 β π 1 π 0 π¬ 0 π 0Great work and thanks for referencing our research on redefining IAB! The four-tier classification framework is insightful for identifying collaborative campaigns!
23.10.2025 10:59 β π 4 π 0 π¬ 0 π 0I donβt have enough data to speak confidently on that. In my own observations I havenβt seen much SNMP exploitation, though Iβve come across a few cases of suspected tunnelling traffic.
15.10.2025 14:38 β π 1 π 0 π¬ 1 π 0
Great investigation from Trend Micro with the contributions from Joey Chen! Threat actor are actively targeting the SNMP protocol on routers for exploitation.
www.trendmicro.com/en_us/resear...
Quite a bit of CN APT activity in europe in the past week
strikeready.com/blog/cn-apt-...
As always, if you're interested in tuning your skills, download the samples here github.com/StrikeReady-...
There's was a mad dash on SOS tickets over the weekend.
SOS is two weeks away, if you've been putting off getting a ticket... your time is now.
stateofstatecraft.com/register
text that reads: In Italy, investigative journalist Gianluigi Nuzzi was tracked days after publishing a dramatic exposΓ© of corruption in the Vatican, as police closed in on his source. In California, Anne Wojcicki, founder of DNA startup 23andMe and then married to Googleβs Sergey Brin, was tracked more than a thousand times as she moved across Silicon Valley. And in South Africa, associates of Rwandan opposition leader Patrick Karegeya were tracked before his assassination in a Johannesburg hotel room.
Another major surveillance provider exposed: First Wap
Its product was used to track some very high-profile figures
www.lighthousereports.com/investigatio...
πΎ Had a great time at the DC4131 Padawan CTF with the Swiss @defcon.bsky.social community! Back to CTFs after a while teamed up with J & M and knocked out a few challenges. Go, pwnrpuffgirls girl power! πͺ Big thanks to the organizing team. Looking forward to the next one! #CTF
15.09.2025 11:55 β π 11 π 1 π¬ 0 π 0
Caught a PokΓ©mon at @defcon.bsky.social π Big fan of @lauriewired.bsky.social. It was so interesting to discuss about reverse engineering with her. Please can we all have a card like this?
09.08.2025 17:17 β π 18 π 1 π¬ 0 π 0
At @defcon.bsky.social today. Come find me!
08.08.2025 19:41 β π 2 π 0 π¬ 0 π 0
Heading to Hacker Summer Camp next week? π΅If youβre curious about the journeys behind the hacks, the challenges and the stories that shaped us, come join our panel: "Hacking the Status Quoβ. With Valentina Palmiotti (Chompie), Natalie Silvanovich, and Vandana Verma. #BHUSA #blackhatusa
31.07.2025 15:30 β π 0 π 0 π¬ 0 π 0The SOS conference is officially THREE months away! On October 28, we gather to discuss the latest developments in nation-state operations with leading experts!
β° CFP Ends September 1st!
π§ Early Bird Tickets almost sold out!
π΅οΈ Come talk espionage, sabotage, ORBATs, and more!
stateofstatecraft.com
Excited to see another threat intel focused conference taking place in Europe, and itβs organized by threat analyst in the field! The CFP is opened until Sept 1st. Looking forward to see your amazing research!
#What_is_SOS #StateOfStatecraft
www.stateofstatecraft.com
Had a great time on the @malspace.bsky.social podcast with Julien talking about my PIVOTcon presentation from tracking compartmentalized attacks to thoughts on attribution. Fun convo (and I loved the theme song at the end!). πΆ Thanks for having me!
malspace.com/episodes/mul...
I'm excited to return to Black Hat USA this year and have the opportunity to give away one briefings pass to the conference. If you're a student or someone who could use a little support to attend, I'd love to hear from you. DM me if you're interested!
#BHUSA
Looking forward to my week at @botconf.infosec.exchange.ap.brid.gy ! Please come say hi if you are around! #Botconf2025
20.05.2025 10:38 β π 1 π 0 π¬ 0 π 0
Talks from the OffensiveCon 2025 security conference, which took place last week, are now available on YouTube
www.youtube.com/playlist?lis...
Huge thanks to @vertexproject.bsky.social for updating Synapse to support the new "relationship" context.
Weβre excited to see this research foster collaboration and push real change across the threat intelligence community. (3/3)
In blog 2, we dive into the challenges of investigating compartmentalized campaigns. We share our approach to identifying them and propose an extended Diamond Model with a new "relationship" layer to close the analytical gaps. (2/3)
blog.talosintelligence.com/compartmenta...
π‘ New blogs out: Compartmentalized attacks are no longer limited to financially motivated actors, state-sponsored groups are adopting them too. We propose a new taxonomy for initial access groups to reflect broader motivations and affiliations. (1/3)
13.05.2025 13:02 β π 6 π 3 π¬ 1 π 0
@greg-l.bsky.social drops knowledge on TA406 (Konni) as North Korea shows new interest in Ukraine, likely to keep tabs on the progress of the war and Russia's ability to keep pace on the battlefield www.proofpoint.com/us/blog/thre...
13.05.2025 09:53 β π 15 π 13 π¬ 1 π 1
Had an amazing time speaking at @pivotcon.bsky.social last week! Grateful for the chance to share insights and connect with the brilliant minds. PIVOTcon remains my favorite threat intel event in Europe. Huge thanks to the organizers for creating this community and the memorable experience.
12.05.2025 14:16 β π 8 π 2 π¬ 0 π 0
A lot of you have been asking, YES! HITCON 2025 CFP is open! The conference will be host on August 15 - August 16. Submit your talk before June 8th. Looking forward to your submissions! #HITCON #HITCON2025
CFP: cfp2025.hitcon.org/en/
Come work with us! We are looking for a creative and self-motivated communications professional to join our team this summer in the role of Digital Communications Specialist. This is a FT, hybrid position based at @uoft.bsky.social in downtown Toronto.
Learn more: citizenlab.ca/2025/05/job-...
BREAKING: jury awards massive $167 million in punitive damages against spyware company NSO Group.
Precedent-setting win against notorious #Pegasus spyware maker.
Very consequential for victims to see this.
Congratulations to #WhatsApp on sticking this case through since 2019. Some thoughts 1/
We just published our investigation into a Cactus ransomware campaign, uncovering TOYMAKER, an IAB group using a custom backdoor LAGTOY. Itβs still challenging to identify compartmentalized attacks. Weβll share our approach and solutions at @pivotcon.bsky.social in 2 weeks! #toymaker
24.04.2025 13:26 β π 8 π 4 π¬ 0 π 0
New blog from TeamT5 warns a China-nexus APT is exploiting a vulnerability in #Ivanti Connect Secure VPN appliances to target victims in EMEA and the US. Today Shadowserver's CVE-2025-22457 tracker shows 4,098 unpatched instances remain, mostly in Asia and the US.
pse.is/7esf4n
