Requiem

We are releasing details on BRICKSTORM malware activity, a China-based threat hitting US tech to potentially target downstream customers and hunt for data on vulnerabilities in products. This actor is stealthy, and we've provided a tool to hunt for them. cloud.google.com/blog/topics/th…

This article by Nicolas Stefanski at Synacktiv provides a high quality technical overview of our hardened_malloc project used in GrapheneOS: synacktiv.com/en/publication… It has great coverage of the memory layout, memory tagging integration, slab quarantines and allocation approach.

The latest version of YARA-X allows you to parse #chrome extension files and review their metadata like homepage URL, Permissions, Signature and more ! 🤩 #Yara #DFIR #CTI

Will be there 🫡

New episode alert! Ep 161: MG In this episode we talk with @_MG_, the brilliant (and notorious) hacker and hardware engineer behind the OMG Cable. A seemingly ordinary USB cable with extraordinary offensive capabilities. darknetdiaries.com/episode/161

“Mandiant was here the first five minutes of the conflict and we will be here in the last minute of the conflict,” said @JumpforJoyce 💪🫡 therecord.media/kyiv-cyber-con…

.@_MG_ 🫡 #OMGcable #zeroday ep.4 o.mg.lol

Malware Trends: Yearly 2024 📊 We have crunched the data for 2024 public UnpacMe submissions and we have some interesting stats to share… blog.unpac.me/2025/02/20/mal…

🎥 RECORDED TALK #BlackAlps24 🎥 ⚡⚡⚡ GCP CL-WHY: The Hacker's and the Hero's Guide to the CLI ⚡⚡⚡ by Shannon McHale (@_shannon_mchale), Senior Red Team Consultant at @Google youtu.be/nr4G1ekjrqY #conference #cybersecurity #switzerland

The Windows Registry Adventure #5: The regf file format googleprojectzero.blogspot.com/2024/12/the-wi…

Once inside, it’s almost impossible to remove intruders without some downtime. They probably know the networks better than legit sysadmins and no one wants to break anything. They’re inside and here to stay.

Today is the 40th anniversary of the #Bhopal Gas Tragedy, the worst industrial accident, which occurred on December 2nd and 3rd, 1984. A reminder of the devastating consequences of negligence and safety failures in industrial settings. amnesty.org/en/latest/news… #BhopalGasTragedy

ESET researchers analyse Bootkitty, a UEFI bootkit designed for Linux systems. Bootkitty contains many artifacts suggesting it is more likely a proof of concept than the work of an active threat actor.

NSO Group Spies on People on Behalf of Governments schneier.com/blog/archives/…

.@Volexity has developed a new #opensource tool, “HWP Extract”, a lightweight Python library & CLI for interacting with Hangul Word Processor files. It also supports object extraction from password-protected HWP files. Download here: github.com/volexity/hwp-e…   #dfir #threatintel

Some personal news: I will be joining @Meta's security team (focusing on WhatsApp) starting next week. This is a big life change, I'm also moving to London permanently. I took this opportunity to reflect on the state of threat intel: blog.kwiatkowski.fr/threat-intel-t… LMK if it resonates!

🔍 Struggling to track RMMs? Meet LOLRMM — your one-stop solution for detecting & managing RMMs! 🚨💻 ⚔️ lolrmm.io 🔥 ✨ Benefits of LOLRMM: • 🗂️ Single source for ALL RMMs • ⚡ Optimized for speed across SIEMs (KQL, Splunk, etc.) • 🚫 No more duplicates — clear, concise results • 🔄 Streamlined artifact grouping for easy detection! 👨‍💻 Say goodbye to noisy queries and fragmented hunts! 🚀 @Antonlovesdnb and @BertJanCyber tuned up some KQL here 🔗 x.com/BertJanCyber/s… ⚔️ It ends with us!

MemProcFS now supports console text recovery! Recover text from Cmd and Powershell to Find Evil with MemProcFS super fast memory forensics! github.com/ufrisk/MemProc…

[FR] Merci pour vos retours concernant ma conférence sur les supply chains ☺️ Si vous voulez aborder un sujet en particulier n'hésitez pas à venir me parler ! 🖖 @_barbhack_

Investigations sur 𝑘𝑖𝑙𝑙𝑠𝑤𝑖𝑡𝑐ℎ𝑠 cachés @_barbhack_ par @Requiem_fr sur divers matériels, où même boîtier éteint interface réseau reste active... changements avant la livraison de câbles USB indétectables... cas 𝑆𝑜𝑙𝑎𝑟𝑤𝑖𝑛𝑑𝑠 compromis par🇷🇺 remédiation: 19M$, 3CX