Danny Quist

Malware analysis in 2025

Every Ghidra release feels like a victory this year. Thank the team @ryanmkurtz and give them love github.com/NationalSecuri…

@vxunderground ignore the haters, thanks for what you do

What the fuck happened When I first made vx-underground in 2019 I was treated by the Information Security community like I was the devil reincarnated. I was treated so badly, it was unreal. I had friends suggest I stop because I would be perceived as a criminal. There were people who said that I should be shot in the head. Now in 2025 suddenly everyone and their Grandmother thinks malware is cool and badass. There is even a Malware Village at DEFCON. The entire reason I use the satanic imagery is because, historically, malware development was considered the worst of the worst. Hackers originally were seen as criminals, but even the hackers saw malware guys as criminals. Hence, a lot of old school (80, 90s) malware research groups used satanic imagery. We were the disenfranchised of the disenfranchised. Now it's ... accepted?

PolySwarm Crowdsourced Threat Analysis review, thanks Diyar Saadi malfavwin32.medium.com/polyswarm-malw…

@PolySwarm Great to work with Kyle S. and the team again. Excitement: 10/10

We’re excited to welcome two new members to the #PolySwarm team! Danny Quist (@openmalware) joins as CTO, and Kyle S. as Director of Product. Together, they’ll help bring powerful new features and technologies to the PolySwarm marketplace. Stay tuned for more details. $NCT

Shameful Headline: "AI is going to solve NP hard problems" area of marketing. The 3SAT problem is the canary in the coal mine. If you haven't seen it, we are in no danger. arxiv.org/pdf/2504.03930

@nocturnalbellax @fr0gger_ This has all happened before, and it will happen again

🤓 Threat Actor Naming is getting easier! Well… that is my hope! Microsoft and CrowdStrike announced a collaboration to cross-ref their threat actor naming conventions. This means we finally have an official correlation between multiple names used across the industry for the same threat actors! 🤯 I think it is a good step forward, and I hope it will help thousands of analysts around the world. To make it easier to explore, I did a small late-night project. I pulled the taxonomies together and built a knowledge graph that lets you navigate through threat actor ID, identify relationships, and get more context on specific groups or actors. I also connected it to ORKL, so for each threat actor you can get related threat reports directly. You can try the map on my website and of course the code is available too. 🤗 Let me know what you think! 👇

Thanks SANS and @rj_chap for the invite, interesting topics

Before CVE there was Bugtraq and like today a bunch of hoarders on private lists. Gobbles reliably annoyed all of them and just posted the 0day. Bring back Gobbles github.com/thinkitdata/GO…

⁉️ Miss the stream with Danny Quist (@openmalware)? You can check it out here 👇 youtube.com/watch?v=MfU1yh… Danny discusses the early challenges with collecting and sharing large malware corpuses 😈

Stay out of the kernel, kids!

"TempleOS is part of the public domain, and I wanted to take a look at it to come to an understanding of how it works to honor Terry’s struggle." Good on you, Mr. Starke.

TempleOS kernel, bootloader, and boot sector (the non-source parts Terry didn't publish) reverse engineering by Nicholas Starke starkeblog.com/bootsector/tem…

Lizard People Conspiracy Theories is what the twitter algorithm decided to lead with after a months long hiatus.

Part 2: blu3eye.gitbook.io/malware-insigh…

Nice work reversing Nobellium from @BlueEye46572843 part1 blu3eye.gitbook.io/malware-insigh…

@jstrosch Next time would go like this

Considering your current job role/expertise (i.e. reverse engineering, malware analysis, etc) - if you had to learn it all over again, what would you do differently to make learning more efficient? What did you do that worked really well?

Nice overview of technical Photo Forensics. I especially like the tracking of multiple different types of editing, and rough timeframes as well as number of people involved. Find joy with the nonsense hackerfactor.com/blog/index.php…