Sam Hanson

It’s been a busy last few weeks! Check out our analysis on PIPEDREAM - the 7th malware family to target industrial control systems. It was a fun (at times crazy) project to work on! dragos.com/blog/industry-…

@SANSICS Come hang on Thursday at 1pm! I’ll be talking about (and slightly making fun of) opportunistic hacktivists

📢 You can't afford to miss this webcast! Learn the methods cybercriminals use to exploit vulnerable systems with KurtLar_SCADA, complete with case studies and an in-dept malware analysis w/ @__samhanson__ . 🚨 RSVP: buff.ly/43bwcrh

🌐 Join host @__samhanson__ as he dissects the tactics behind KurtLar_SCADA—a tool that scans for exposed VNC servers to exploit. Hear real-world cases, victim notifications, & the role of partnerships w/ OT-CERT & CISA. 👉 Register: buff.ly/43bwcrh

🚨 KurtLar_SCADA is just 1 of many tools that exploit misconfigurations & weak practices. Learn: → How attackers exploit ICS vulnerabilities → The role of Telegram in cybercrime marketplaces → Tips to secure your infrastructure Register: buff.ly/43bwcrh

🔍Today @RecordedFuture published our report on a Russian influence operation we track as "Operation Undercut" and attribute to the Social Design Agency, the sanctioned Moscow company behind Doppelgänger. So far, like the SDA's other projects, the network's impact and audience is minimal.🧵(1/x) recordedfuture.com/research/opera…

Russian spies—likely Russia's GRU intelligence agency—used a new trick to hack a victim in Washington, DC: They remotely infected another network in a building across the street, hijacked a laptop there, then breached the target organization via its Wifi. wired.com/story/russia-g…

*downselection of activity not to scale

and it’s not even close

OUT TODAY: @OpenAI's update on disrupting deceptive uses of AI. Featuring case studies of cyber operations, covert influence ops and deceptive networks that we disrupted from around the world: openai.com/global-affairs…

On the hack of the Trump campaign, I’m taking this seriously & have it on good authority it’s the real deal. You should too. I tend to not comment much these days for various reasons personal & professional, but this is important, I have a bit of relevant insight & experience, & there’s more coming & we need to be prepared for down the road. You might not like the victim here, but the adversary gives zero Fs who you like or don’t like. They have their own objectives and guess what, you’re the target. Take this seriously. But also keep in mind that you’re part of the playbook, they want you to either amplify it or doubt it. Take a beat, touch grass as the kids say, & just vote. American voters decide American elections. Let’s keep it that way.

In January, Russia-linked hackers used a new form of malware to sabotage monitoring equipment in a heating utility in Lviv, Ukraine, turning off heat and hot water to 600 buildings for close to 48 hours in the midst of freezing winter temperatures. wired.com/story/russia-u…

Get an in-depth technical analysis and strategic overview on the Fuxnet ICS-specific malware from Dragos WorldView Threat Intelligence. Equip yourself with knowledge to safeguard your OT systems from adversaries. Download Now! hubs.la/Q02DKzC10 #DragosIntel #ICSsecurity

Repeatedly reminded that the greatest issue facing OT/ICS protocol security isn't confidentiality (demanding encryption) but INTEGRITY (demanding checksums and similar) given realities and impact scenarios... Yet we're going to continue to hear about encryption.

The normalization of calling elections "rigged" just because your preferred candidate or yourself (as a candidate) didn't win is one of the most disturbing developments in American politics over the last 10-20 years. Regardless of what party or ideology you support.

At 10 am ET on Feb 6, watch livestream testimony by Dragos CEO @RobertMLee about cyber threats to water and wastewater systems and what we as a nation must do to protect water. hubs.la/Q02jSBM10 #cybersecurity #otsecurity #icssecurity #criticalinfrastructureprotection

I see that SUPER SCARY NETFLOW DATA is in the news again For Ron Wyden's office:

@chompie1337 @qkaiser It’s my current project. It fckn sucks and I’m with you. I’ve made some progress over last couple weeks but wow. Going from Cython codebase to CPython codebase to actually looking at the sample is brutal.

@qkaiser probably the most stuck I’ve ever felt tbh

anyone have any tips or tools to reverse CYTHON compiled binaries?

@chompie1337 IDK if your binary is ELF or EXE, but if it’s an elf file and you want a high level understanding, I found this command to be very useful in understanding what strings/func names got preserved from the original py script: readelf -s sample | grep “ __pyx”

@chompie1337 My current project — been RE-ing a cython binary for a month now. Couple of things that might be useful. Are there any doc strings in the module? If so, run a python interpreter instance and import the module then run help(module_name) to access it. Also viewable in IDA

Come work with us at Dragos, send to anyone you think might be interested! careers.dragos.com/jobs/2028?lang…