Bea Venzon 👾

97 posts

Bea Venzon 👾

@0x0bea

CTI + RE @CrowdStrike // 🐈🐈🐈‍⬛ // Find me on https://t.co/HiZ5P2nZ27

Vancouver, British Columbia Katılım Şubat 2022

131 Takip Edilen116 Takipçiler

Bea Venzon 👾@0x0bea·25 Mar

@c3rb3ru5d3d53c From binlex.util import maybe something spicy? 🌶️🔥

English

106

ςεяβεяμs - мαℓωαяε яεsεαяςнεя & мαℓωαяε gεиεтιςιѕт@c3rb3ru5d3d53c·25 Mar

Very tasty :)

ςεяβεяμs - мαℓωαяε яεsεαяςнεя & мαℓωαяε gεиεтιςιѕт tweet media

English

1.9K

Bea Venzon 👾 retweetledi

adam_cyber@Adam_Cyber·12 Mar

I’m excited to announce the inaugural CrowdStrike Day Zero 2026 Threat Research Summit, an invite-only event for researchers, defenders, and cost-imposing warriors on the front lines of cyber conflict. Day Zero will showcase cutting-edge technical work, advanced research into adversaries and technology, and foster the kind of discussion that challenges assumptions and sharpens ideas. CrowdStrike researchers are already submitting their ideas. The Call for Papers (CFP) is open, and these sessions will be closed-door, with strict information-sharing protocols in place. Evening kickoff: Aug 30th | Day Zero 2026 Summit: Aug 31st *Ahead of Fal.Con Vegas | 📍Mandalay Bay, Las Vegas Register for updates and submit your paper. crowdstrike.com/en-us/events/d…

English

3.1K

Bea Venzon 👾 retweetledi

PIVOTcon@pivot_con·10 Mar

📣#PIVOTcon26 Agenda is here 🤟 We are thrilled to announce the lineup for this year's speaker lineup. 2⃣days and 19 talks from leading #ThreatResearch experts. The agenda link is in the first comment👇, and the talks and speakers are in the thread.🧵 #CTI #ThreatResearch 1/15

English

3.1K

Bea Venzon 👾@0x0bea·11 Ağu

@cyb3rjerry DC33 energy was unreal 😎🔥 So happy to finally meet you IRL @cyb3rjerry!

English

Tony/Humpty@cyb3rjerry·11 Ağu

1/2 DC33 is official offer and god was it a good year. Had the chance to meet @JershMagersh, @0x0bea and a bunch of others ❤️ If you have a chance to attend a workshop given by @d4rksystem and @rpargman I URGE you to do it. They are FANTASTIC SPEAKERS 🔥🔥🔥

English

1.1K

Bea Venzon 👾@0x0bea·9 Ağu

@Turb0Yoda @LambdaMamba @MalwareVillage @defcon Where is here, my friend

English

K@Turb0Yoda·9 Ağu

@0x0bea @LambdaMamba @MalwareVillage @defcon Here

English

Lena@LambdaMamba·8 Ağu

Me and @0x0bea and @MalwareVillage team are at @DEFCON 33 🤩 #MalwareVillage

English

2.4K

Bea Venzon 👾@0x0bea·9 Ağu

@Turb0Yoda @LambdaMamba @MalwareVillage @defcon Kkkkkk where are youuu

English

K@Turb0Yoda·9 Ağu

@LambdaMamba @0x0bea @MalwareVillage @defcon Beeeaaaaa

Bea Venzon 👾 retweetledi

Hex-Rays SA@HexRaysSA·31 Tem

New to #malware analysis? Then you’ll definitely want to check out this deep dive into Babuk #ransomware using #IDAPro—the perfect starting point for beginners looking to sharpen their #reverseengineering skills: eu1.hubs.ly/H0m4TxH0

English

301

19.7K

Bea Venzon 👾 retweetledi

cabal@cabalcx·1 Ağu

our #defcon 2025 party site and badge sales are live, along with an OSINT challenge: windowsvista.club

English

2.2K

Bea Venzon 👾@0x0bea·25 May

@marqufabi @Botconf @sud0suw Thank you, and likewise!! Really enjoyed your talk as well 😄

English

Fabian Marquardt@marqufabi·24 May

@0x0bea @Botconf @sud0suw Thanks for your great presentation! Looking forward to meeting you again next year 👍😀

English

100

Bea Venzon 👾@0x0bea·24 May

Thank you @Botconf for the warm welcome and for giving @sud0suw and I the opportunity to share our research on WIZARD SPIDER’s crypters! We had a great time connecting with everyone, hearing amazing ideas, and catching up with both new and familiar faces. Until next time!

English

646

Bea Venzon 👾 retweetledi

RE//verse@REverseConf·24 May

Don’t miss Cindy Xiao’s talk on Reconstructing Rust Types from RE//verse 2025 if you’re dealing with Rust in your day to day. It’s one worth adding to your watchlist: youtu.be/SGLX7g2a-gw?fe…

YouTube

English

5.6K

Bea Venzon 👾 retweetledi

Who said what?@g0njxa·22 May

After the announcement of seizure of some of the Lumma Stealer panel domains, new ones were opened shortly in the following hours. Please remember that the whole activity has not ceased👀 /yuriy-andropov.com @ViriBack

Who said what?@g0njxa

First thoughts about #Lumma Stealer "disruption" (?): There's no need in calling big names on something that (from what I've read and tested) has not happened in the magnitude I'm watching on the media At the moment, Lumma still works, still has working C2s and *apparently* no final major impact has been done to their malware operations despite the big media impact going on. Is true that I saw some malware operations chats in the past hours/days claiming to have issues with the stealer and this is being resolved in a matter of hours like normal issues that previously happened. Here's is proof of a non-crypted build working on a fresh non-seized domain (see photo 1) Detonation: app.any.run/tasks/fb014a66… And more proof on log registers from threat actors using Lumma (meaning the infostealer still is infecting machines) (see photo 2) The efforts in this partial "disruption" operation seems to be focused on the seizure of already known C2 servers (gathered by malware intelligence services), being this domains active in use or not. That's why there's already new domains working, or previous domains that went unnoticed, and this not means the Lumma Stealer infrastructure has been disrupted! Would this events start a "war of attrition" where newly found C2 domains will be quickly seized? We will see, and I don't think is a good idea. This is a questionable approach to Lumma due to the nature of this infostealer, whose C2 servers (that act as a proxy to deliver log from victim computer to a panel) are changed and rotated in a daily basis. And talking about the panels (something that could be more interesting to takedown), seems like the disruption and seizure of the already known panels has been committed partially (see photo 3) and of course this represents the seizure of a domain involved in a malware campaign by a customer, not the whole administration of Lumma Stealer. As said before, efforts to disrupt malware operations are always appreciated and I want to imagine the big work on behalf the operations, but I think events like today ones and claiming things that I don't believe they are true news just harm the reputation of the big companies and LE agencies that everyday tries to keep the world safer. Less drawings, more actions. As said before, I'm commenting the situation after the initial reports. I'll wait for further movements and statements, keeping a close eye. I can't know what is going to happen in the next days.

English

12.2K

Bea Venzon 👾 retweetledi

adam_cyber@Adam_Cyber·22 May

Proud to share that @CrowdStrike partnered with the @TheJusticeDept to disrupt the operators behind the prolific DanaBot malware. This operation is another win for public-private collaboration! crowdstrike.com/en-us/blog/cro…

English

3.8K

Bea Venzon 👾 retweetledi

RE//verse@REverseConf·22 Oca

Code reuse: a blessing & a curse in reverse engineering. Max Kersten (@Libranalysis ) dives into automation, attribution pitfalls, and lessons learned from the AcidRain & AcidPour wipers. Learn how to streamline analysis & avoid missteps. re-verse.sessionize.com/session/754398 #REverse2025 #ReverseEngineering #Malware

English

552

Bea Venzon 👾 retweetledi

RE//verse@REverseConf·21 Oca

Struggling to reverse Rust binaries? Cindy Xiao @cxiao__ breaks down the Rust type system and shares practical techniques to reconstruct Rust structures. Learn how to tackle Rust malware & analyze binaries like a pro. #REverse2025 #ReverseEngineering #Rust #Malware

English

4.8K

Bea Venzon 👾 retweetledi

DEATHCon@DEATHCon2025·14 Oca

DEATHCon 2025 dates announced: November 8-9 online and in even more in-person locations around the world!

English

8.5K

Bea Venzon 👾 retweetledi

Fred HK@fr3dhk·13 Oca

Indtroducing: What is this stealer? A new repository that allows for you to identify Stealer malware by the system information text file format commonly included in stealer malware exfiltration. We encourage everyone to check it out and contribute! github.com/MalBeacon/what…

English

144

466

38.3K

Bea Venzon 👾 retweetledi

Squiblydoo@SquiblydooBlog·11 Ara

700MB signed Lumma uploaded to MalwareBazaar. (Too big for VirusTotal). To my amusement, someone had already used my debloat tool, deflated it to 12MB, uploaded it to VT 6 days ago. Thanks for everyone that shares my tool, I hope even more people will use it. :) 🔗 in comment

English

109

7.5K

Keşfet

@c3rb3ru5d3d53c @cyb3rjerry @JershMagersh @d4rksystem @rpargman @Turb0Yoda @LambdaMamba @MalwareVillage