Drew

2.4K posts

Drew banner
Drew

Drew

@bugfireIO

malware detection and analysis, hunting and gathering, threat research. Views are my own. https://t.co/efJDIXnaLi

United States Katılım Ağustos 2012
594 Takip Edilen257 Takipçiler
Drew retweetledi
Josh Stroschein | The Cyber Yeti
Josh Stroschein | The Cyber Yeti@jstrosch·
The latest episode of Behind the Binary is here! Debugger architect Xusheng Li (@vector35 ) breaks down why Time Travel Debugging (TTD) is the future of debugging—from solving the "granularity problem" in malware analysis to catching hardware-level microcode bugs. 🎧 podcasts.apple.com/us/podcast/ep2…
English
0
6
17
1K
Drew retweetledi
Virus Bulletin
Virus Bulletin@virusbtn·
Microsoft reports an evolving macOS infostealer campaign using ClickFix-style instructions hidden in blog posts and user-driven platforms. Posing as system utility fixes, the commands load stealers such as Macsync, Shub Stealer and AMOS. microsoft.com/en-us/security…
Virus Bulletin tweet media
English
0
7
16
1.2K
смех
смех@0x6D6172636F·
404 trout not found
смех tweet media
English
2
0
9
321
Jake Knowlton
Jake Knowlton@j2k3k·
I either eat zero cereal for extended periods or an entire box at one time. there is no in-between
English
4
1
42
1.5K
Aura
Aura@SecurityAura·
Users about to be #ClickFix with a *94ms median time.
Windows Latest@WindowsLatest

Microsoft confirms Windows Run dialog is getting a modern look on Windows 11! - Modern design: A refreshed look that matches Fluent Design and Windows 11, with dark mode support. - Faster than before: Perf was top-of-mind when rewriting Run, and with a **94ms median time-to-show time it’s faster than ever before. - Quick user directory access: You can now type ~\ to jump to your user directory, then keep navigating just like you would from the command line. The modern Run dialog is slowly rolling out in current Insider builds of Windows as an opt-in feature, ensuring we are collecting your feedback. To enable the new Run dialog, you’ll need to: - Be on Windows Insider Experimental Channel. - Enable to Settings -> System -> Advanced and toggle on the new experience with the “Run Dialog” option at the top of the screen.

English
3
3
61
9.6K
Drew
Drew@bugfireIO·
@kuzushi @S0ufi4n3 @HackingLZ I think t he majority of people are in the same boat as you. It’s not necessarily a bad thing, but it’s definitely been a time suck for a while now just trying to keep up.
English
0
0
1
22
kuzushi
kuzushi@kuzushi·
What I mean is, if I wanted to just do I can do that faster than I have in the past and move on. Instead I am recycling my time and I spent _lots_ of it focused on doing dev work I've always wanted to but just didn't before. Some of it is prompting, but I spend lots of time researching and looking at validation approaches.
English
1
0
2
48
kuzushi
kuzushi@kuzushi·
People say that AI doesn't actually make you more productive. meanwhile, I have a custom-built discovery agent running tests against sites in one tab, a custom harness for testing my PhD thesis in another, and a third tab reverse-engineering binaries for me to review...
English
2
1
6
1.1K
Drew retweetledi
Anuj Soni
Anuj Soni@asoni·
I trust AI to plan vacations, but analyzing malware and producing a final report? Not so much. If you’re looking for a way to start using AI to support parts of your workflow, watch this: youtu.be/4ok4e0Jvy_4
YouTube video
YouTube
Anuj Soni tweet media
English
1
4
11
865
Drew
Drew@bugfireIO·
@infosectimmy You all do great work and it’s always a good listen.
English
1
0
1
13
Tim Kromphardt
Tim Kromphardt@infosectimmy·
This episode was a ton of fun! It was a great way to celebrate!! I hope everyone enjoys it!
Threat Insight@threatinsight

Our award-winning threat research podcast series, Discarded, is celebrating 100 episodes this week! 🎉 Stream now for a trip down memory lane, a few laughs, and a look ahead to what's next in cybersecurity. Cheers to 100 episodes! 🍾 #146302?utm_source=twitter&utm_medium=social_organic" target="_blank" rel="nofollow noopener">proofpoint.com/us/podcasts/di…

English
1
0
1
19
Drew retweetledi
Ryan Naraine
Ryan Naraine@ryanaraine·
Episode 95: Vigilant Labs director Mark Dowd joins the show to shed light on the state of offensive research, the economics of the exploit market, and why "Mark Dowd in a box" isn't quite the threat the AI hype machine suggests. He talks through the daily stresses of running an offensive shop, how AI is reshaping vulnerability discovery, exploit development, and the pricing of full exploit chains. Plus, thoughts on Lockdown Mode and Apple's MIE, whether mitigations actually work or just push attackers toward less access, the rise of HarmonyOS and the Balkanization of device security, persistence, baseband attacks, GrapheneOS, and Samsung Knox. We discuss customer vetting and OpSec fears, policymakers who've never written an exploit, and the strange afterlife of The Art of Software Security Assessment, the 20-year-old book now possibly training data for the very tools coming for his job. @mdowd @juanandres_gs @craiu @wearetlpblack YouTube youtu.be/NEDlOKHG8nY?si…
YouTube video
YouTube
Ryan Naraine@ryanaraine

Sunday listening 👇🏽 podcasts.apple.com/us/podcast/thr…

English
1
8
30
8.5K
Drew retweetledi
Karsten Hahn
Karsten Hahn@struppigel·
New Video: Build your own LLM dynamic analysis lab 🦔🎥 ➡️ AI debugs and unpacks with x64dbg ➡️ AI can access powershell terminal youtube.com/watch?v=QrWzRg…
YouTube video
YouTube
English
0
32
95
7.6K
Huntress
Huntress@HuntressLabs·
The Huntress SOC is observing the use of Nightmare-Eclipse's BlueHammer, RedSun, and UnDefend exploitation techniques. Investigation by: @wbmmfq, @Curity4201, + @_JohnHammond 🧵👇
Huntress tweet media
English
11
138
690
139.7K
Drew
Drew@bugfireIO·
@Abnormal This is a great writeup, Are there any sample or example emails that are accessible anywhere? That would really help a lot. Thanks!
English
0
0
0
11
Abnormal AI
Abnormal AI@Abnormal·
Abnormal Threat Intelligence uncovered a credential theft campaign targeting executives by name. Unlike typical phishing, this attack hijacks real Microsoft auth flows, turning one login into persistent access inside trusted systems—effectively enabling attackers to evade detection and survive remediation. We also identified VENOM, a new phishing-as-a-service platform with a licensing model—suggesting broader risk. We’re actively tracking and helping organizations stop these attacks.
English
1
0
2
133
Drew
Drew@bugfireIO·
@Abnormal great blog on VENOM phishing! Are there any example email samples available anywhere?
English
0
0
0
22
Drew
Drew@bugfireIO·
@HaifeiLi This is a great conclusion to your efforts and nice to see Adobe jumping on it quickly.
English
1
0
2
188
Haifei Li
Haifei Li@HaifeiLi·
I know it’s weekend, but.. it always happens in weekend. Patch now!
EXPMON@EXPMON_

Adobe has confirmed our findings and has issued an emergency security update for all Adobe Reader (and other affected products) users. helpx.adobe.com/security/produ… The underlying exploited zero-day vulnerability has been rated Critical (CVSS 9.6) and is tracked as CVE-2026-34621. It appears that Adobe has determined the bug can lead to arbitrary code execution — not just an information leak. This aligns with our findings and those of other security researchers over the last few days. EXPMON would like to thank Adobe for releasing this emergency security update quickly to help protect users. UPDATE NOW! #expmon #zeroday #0day #pdf #adobereader #CVE-2026-34621

English
3
4
28
7.6K
Drew retweetledi
EXPMON
EXPMON@EXPMON_·
Adobe has confirmed our findings and has issued an emergency security update for all Adobe Reader (and other affected products) users. helpx.adobe.com/security/produ… The underlying exploited zero-day vulnerability has been rated Critical (CVSS 9.6) and is tracked as CVE-2026-34621. It appears that Adobe has determined the bug can lead to arbitrary code execution — not just an information leak. This aligns with our findings and those of other security researchers over the last few days. EXPMON would like to thank Adobe for releasing this emergency security update quickly to help protect users. UPDATE NOW! #expmon #zeroday #0day #pdf #adobereader #CVE-2026-34621
English
6
76
192
41.3K
Drew
Drew@bugfireIO·
@HaifeiLi Appreciate the hard work on this one
English
0
0
3
2.1K
Haifei Li
Haifei Li@HaifeiLi·
Fun fact about the Adobe Reader 0day: actually, it's the "AdobeCollabSync.exe" ("C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe") process who communicates to the attacker-controller server, not the "Acrobat.exe". Therefore, if you're hunting the threat with your e.g EDR telemetry, you may want to look at that "AdobeCollabSync.exe" process too. #threatintel
English
4
51
265
40.9K

Keşfet

@vector35 @0x6D6172636F @j2k3k @SecurityAura @kuzushi @S0ufi4n3 @HackingLZ @infosectimmy