Jean-Marc Albert

🚀 One of my colleagues at InfoGuard pointed me to a cool project collating malicious browser extensions, so I wrote a Velociraptor artifact to hunt with the data. 🔗 github.com/mgreen27/Detec… 🔗 extsentry.github.io ExtSentry has some good browser extension investigation info, so it’s worth a bookmark too. #dfir

Block Tor usage entirely by enforcing deny rules against active Tor nodes using tor-archive.github.io feed And implement SIEM/EDR detections for: - internal hosts connecting to known Tor nodes on the associated ports - successful account logins from Tor exit nodes

@phillmoore @mthcht2 Thank you guys for the project and the contribution!

@mthcht2 pull request done!

Start detecting and blocking malicious browser extensions extsentry.github.io

🎉 Hundreds of new malicious browser extensions added to extsentry.github.io !

The CertGraveyard was created in 2025, but never received a proper introduction. We track abused code-signing certificates. When I created the site, we had 600 entries and now we have 2,250. See the blogpost below for a full overview. 1/3

🎉 We’ve released capa v9.4 with 26 new rules and various performance improvements. Additionally, the standalone tool now supports Ghidra as a feature extraction backend. Check out the release for more details 👉 github.com/mandiant/capa/…

💠VSXSentry💠 vsxsentry.github.io VS Code Extensions threat intel feeds for multiple platforms, VSIX analyzer, scripts & policy generator, remediation and forensic traces guide

🎉Learning Modules are live on Threat Hunting Labs. Finish an investigation track, unlock a structured breakdown of the real attack chain you just worked. Phase-by-phase, with evidence mapping, real artifacts, and knowledge checks. Six modules live now across all 15 of our labs! Also big updates in Enterprise tiers: team credit budgets, per-member allocation, weekly team brief for managers, and methodology tagging on all investigation questions. 👉 threathuntinglabs.com/threat-hunting

🚨 Latest MoltThreats reports for AI agents promptintel.novahunting.ai/molt

Google Threat Intelligence Group is tracking an active supply chain attack 🔎 North Korea-nexus actor UNC1069 compromised the "axios" NPM package (v1.14.1 & 0.30.4), deploying the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux. Learn more: bit.ly/3NZR3Zv

TOR Node Archive Dataset (you can download it) + online tool (search by IPs/CIDR with filter by activity time range) + stats (Top Autonomous Systems, Top /24 Subnets, Top /16 Ranges, number of active/inactive IPs) tor-archive.github.io Creator @mthcht2

📢 Recently, I explored how Toast Notifications (these app notifications from Elon Musk below) can be weaponized for social engineering. ✅ToastNotify is released to help practitioners simulate the technique and identify detection opportunities. ✅ If you want to understand the behavior end‑to‑end, you can dive into the article and grab the tool below. ⤵️ 🔗 ipurple.team/2026/03/25/toa… 🔗 github.com/netbiosX/Toast…

🧅 TOR archive feed: tor-archive.github.io Every IP that has ever been a TOR node! Searchable with full timeline, exit/guard/middle role, country, ASN, updated hourly since 2024.

🚨‼️ BREAKING: PyPI package telnyx has been compromised by TeamPCP in yet another supply chain attack. The malware executes immediately upon importing telnyx. It drops a valid WAV audio file and runs an executable embedded within the frames.

During our research, it’s become apparent that EDRs need to do a better job of collecting telemetry from macOS endpoints. Head over to the edr-telemetry.com/macos to checkout the results yourselves. While you’re there, checkout the scores as well to see how they compare. Out of the ~43 total points, the average is 16… and that’s with one EDR bringing up the average 🙂

📢🍏 macOS is now part of the EDR Telemetry Project. After three months of focused work, we’re excited to share a new framework and generator for endpoint visibility on macOS! Huge thank you to everyone who contributed and helped shape this release. Looking forward to what comes next. Read more: edr-telemetry.com/blog/macOS-EDR…

new services added to lolfsaas zendesk: #Zendesk" target="_blank" rel="nofollow noopener">lolfsaas.github.io/#Zendesk milanote: #Milanote" target="_blank" rel="nofollow noopener">lolfsaas.github.io/#Milanote

LOLFSaaS - Living off Free SaaS lolfsaas.github.io

Two of the top GitHub Actions community requests are now live 1. Timezone support in crons schedule: - cron '30 5 * * 1-5' timezone: "America/New_York" 2. Use environments without auto-deployments environment: name: staging deployment: false

Abusing Windows toast notifications for fun and user manipulation brmk.me/2026/03/18/toa…