@j91321.bsky.social
EDR R&D team lead at ESET. Opinions are my own. @j91321@infosec.exchange
LUCASARTS PRESENTS
Columbo in:
SCUMM of the Earth
#pixelart
Photo of a dark room with a collection of fluorescent rocks in neon colors (blue, green, red, purple and yellow) at the National Museum in Prague.
Saw some cool glowing rocks last week.
My brain: These must be delicious.
Omg, the solution to CIA's Kryptos being discovered by someone becoming a subject matter expert, going on location, and finding the plaintext sitting in a vault several miles away is the absolute *perfect* ending to Kryptos. You couldn't write it. Just absolutely A+ www.nytimes.com/2025/10/16/s...
17.10.2025 00:49 — 👍 969 🔁 242 💬 27 📌 23I know this stuff isn't surprising anymore but I really can't stress enough how much everybody involved with CISA and cyber tried to keep the field nonpolitical and nonpartisan before this administration.
15.10.2025 16:24 — 👍 247 🔁 76 💬 5 📌 1![Comic. [Giant balloon reminiscent of a hot air balloon but wavy and laying on the ground with “bloop” “bloop” sound effects. Two people are in a basket attached to one end of the balloon.] [caption] Hot water balloon rides turn out to be significantly less romantic than the air kind.](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:cz73r7iyiqn26upot4jtjdhk/bafkreiekfxpa7ftvzd2xpsuyjv5czmrpb5ihpmvnhj3ug5gadsrbbybx6m@jpeg)
Comic. [Giant balloon reminiscent of a hot air balloon but wavy and laying on the ground with “bloop” “bloop” sound effects. Two people are in a basket attached to one end of the balloon.] [caption] Hot water balloon rides turn out to be significantly less romantic than the air kind.
Hot Water Balloon
xkcd.com/3153/
Telegram founder and general a-hole Pavel Durov, who's IM network hosts hundreds of groups where info-ops coordinate their activity and pay for content, is annoyed that democracies are fighting back against the damage he, personally, has helped usher in in many autocratic regimes
12.10.2025 09:48 — 👍 101 🔁 25 💬 8 📌 5
10.10.2025 16:47 — 👍 1 🔁 0 💬 0 📌 0
The Oracle zero-day... kek
labs.watchtowr.com/well-well-we...
Our researchers have noticed today that NASA FIRMS, one of the main free and available open source sites for monitoring fires around the world has a new notice on it stating that NASA is no longer updating the site due to a lack in federal funding. firms.modaps.eosdis.nasa.gov/map/
02.10.2025 17:09 — 👍 283 🔁 156 💬 5 📌 12PR: October is cybersecurity awareness month! Let's start...
Me: No, nope, don't care, la la la can't hear you *𝘧𝘪𝘯𝘨𝘦𝘳𝘴 𝘪𝘯 𝘮𝘺 𝘦𝘢𝘳𝘴*
There's probably more, last year he did a workshop for Red team village about satellite hacking. Kind of fits the MO, pick an obscure topic and pretend you're an expert. He also has the highest number of GIAC certs obtained in shortest time I've seen. github.com/poppopjmp/RT...
30.09.2025 19:11 — 👍 3 🔁 0 💬 0 📌 0
Yeah, VXUG posted about it some time ago, but it was Defcon. Both talks from the same guy. Both AI slop, same goes for his forked projects on GitHub.
30.09.2025 18:30 — 👍 7 🔁 0 💬 0 📌 0I haven't found exploitation of Fortra's GoAnywhere MFT CVE-2025-10035 in EDR telemetry yet. Which means it is probably still rare and folks have some time to patch. Wonder how long it will stay that way. The previously exploited vulns appeared fairly quickly.
27.09.2025 18:26 — 👍 2 🔁 1 💬 1 📌 0Cisco patched 3 zero-days today...
CVE-2025-20352: sec.cloudapps.cisco.com/security/cen...
And these two used together:
-CVE-2025-20333: sec.cloudapps.cisco.com/security/cen...
-CVE-2025-20362: sec.cloudapps.cisco.com/security/cen...
Why TF are @npr.org @pbsnews.org and @wgcunews.bsky.social letting an AI cybersecurity *write an article* about a breach and make shit up?
24.09.2025 13:04 — 👍 17 🔁 7 💬 3 📌 2
#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. www.welivesecurity.com/en/eset-rese...
1/3
Three major EDR vendors have pulled out of evaluations for the MITRE ATT&CK framework
Microsoft: techcommunity.microsoft.com/blog/microso...
SentinelOne: www.sentinelone.com/blog/sentine...
Palo Alto Networks: www.paloaltonetworks.com/blog/securit...
🆕 𝐄𝐃𝐑-𝐭𝐞𝐥𝐞𝐦𝐞𝐭𝐫𝐲 𝐏𝐫𝐨𝐣𝐞𝐜𝐭 𝐔𝐩𝐝𝐚𝐭𝐞 - 𝐖𝐢𝐧𝐝𝐨𝐰𝐬
The Windows table just got an update with 3 new sub-categories:
➡️ VSS Deletion
➡️ Win32 API Telemetry
➡️ JA3/JA3s
Coverage isn’t uniform, and some are pending response from the vendors. That’s fine. I’d rather show the uncertainty than pretend otherwise.
Ah yes, Raťafák Plachta, brings back memories. I mean horrors. The department that was responsible for kids shows in Slovak Television has a lot to answer for.
14.09.2025 06:16 — 👍 1 🔁 0 💬 0 📌 0
HybridPetya installs a malicious EFI application to the EFI System Partition, which then encrypts the Master File Table file, an essential metadata file with information about all files on the NTFS-formatted partition. 2/8
12.09.2025 09:02 — 👍 3 🔁 2 💬 1 📌 0
A large group of employees gather inside a Jaguar Land Rover plant for a new model reveal. A covered vehicle is positioned at the floor center surrounded by people in white shirts and black trousers. A stage with a speaker and a large screen displaying the Jaguar and Land Rover logos is set up at the front. Staff line both the ground floor and the balcony above, watching the presentation in the bright atrium with large glass panels in the back showing the factory.
Funnily Google reminded me that I was at the JLR plant in Nitra today 6 years ago. They were just revealing a new model.
10.09.2025 11:57 — 👍 1 🔁 0 💬 0 📌 0This one EDR killer crashes the whole host when EDR is present. Task failed successfully I guess?
09.09.2025 14:45 — 👍 0 🔁 0 💬 0 📌 0Looks like everybody finally figured out the same thing I posted about almost two weeks ago.
08.09.2025 18:23 — 👍 0 🔁 0 💬 0 📌 0
-NoisyBear APT turns out to be a phishing test
-Qantas cuts executive pay by 15% after breach
-First AI-driven ransomware was just an academic project
-Nepal blocks 26 social media sites
-New GhostAction supply chain attack
Newsletter: news.risky.biz/risky-bullet...
Podcast: risky.biz/RBNEWS475/
RuneScape lobby screenshot. You last logged in 4617 days ago.
Looks like my RuneScape account still exists after *checks notes* 12 years.
07.09.2025 12:34 — 👍 0 🔁 0 💬 0 📌 0
The workshop he had on satellite hacking in Red Team Village last year also fits the pattern of choosing an obscure topic few people have a good understanding of. Too bad the Github repo on that one is empty github.com/poppopjmp/RT...
29.08.2025 07:27 — 👍 0 🔁 0 💬 0 📌 0
My coworkers are starting to COMPLETELY rely on ChatGPT for anything that requires troubleshooting And the results are as predictable as you think. On the easier stuff, sure, here's a quick fix. On anything that takes even the slightest bit of troubleshooting, "Hey LegOz, here's what ChatGPT says we should change!"...and it's something completely unrelated, plain wrong, or just made-up slop.
Oof, the sycophancy problem in LLM's + triggering on any irrelevant details you feed them, recently led a P2 problem call down the wrong pathing for hours.
The chatbot is never going to TELL you to step back and ask if this entire inquiry is irrelevant to larger goal.
This is your moat. It's mine.
It turns out if you social engineer someone to install a malicious browser extension, your browser can do Bad Things. The Passkey & FIDO specs explicitly say browser/endpoint compromise is not in their threat model.
28.08.2025 16:05 — 👍 19 🔁 6 💬 1 📌 0
