Brian Baskin

TIL, if you forget $60 cash back at a Walmart self checkout, it will just patiently keep it there for anyone to take. It won't retract it. Kudos to the two people after me at that station who ignored it, but not to the third that took it.

I don't know how anything works anymore

@bugfireIO @sublime_sec Each sample has the victim's address embedded, so we're not able to directly share any unfortunately.

@sublime_sec Great report! Are any of these KrakVM html samples available?

🚨 Threat actors are now using JavaScript virtual machines to hide phishing payloads inside HTML attachments. Sublime Threat Intelligence and Research (STIR) observed FlowerStorm operators adopting KrakVM just weeks after its release. The campaign included: • VM-based obfuscation • Credential harvesting • Real-time MFA interception A key takeaway: advanced obfuscation is becoming easier to operationalize. Our latest research breaks down the attack chain and what defenders should watch for next. sublime.security/blog/flowersto… #Cybersecurity #Phishing

This type of decoding is always fun to me. I gave a presentation 14 years ago (OMG!) at @novahackers on deobfuscating and reading encoded Java opcodes: #1" target="_blank" rel="nofollow noopener">slideshare.net/slideshow/java…

It wasn't until I started searching variables for code reuse on Github did I realize it was a brand new open source project released just a few weeks prior: github.com/krakes-dev/Kra… Lesson to learn: New open source tools will be found and immediately put into use by threat actors

Teammate raised this as an interesting campaign ITW Full in-memory VM written in JavaScript (e.g. ADD, SUB, MOV instructions as functions). Zero hits on internet, VT hits were just a few weeks old. What I thought was a clever VM attack was just a brand new open-source project

Years ago I transferred all my passwords from LastPass to 1Password Apparently along the way Excel got involved

The rot has spread so deep, the very foundations have now started falling.

𝗦𝗺𝗮𝗹𝗹 𝗺𝗮𝗰𝗢𝗦 𝗶𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗼𝗻 𝗹𝗲𝘀𝘀𝗼𝗻 𝗳𝗿𝗼𝗺 𝗮 𝗳𝗮𝗸𝗲 𝗛𝗼𝗺𝗲𝗯𝗿𝗲𝘄 𝗶𝗻𝘀𝘁𝗮𝗹𝗹𝗲𝗿 𝗶𝗻𝘃𝗲𝘀𝘁𝗶𝗴𝗮𝘁𝗶𝗼𝗻: The pasted command used echo to hold a Base64 payload, then decoded and executed it through zsh. 𝗣𝗮𝘁𝘁𝗲𝗿𝗻: 𝚎𝚌𝚑𝚘 '<𝚋𝚊𝚜𝚎𝟼𝟺>' | 𝚋𝚊𝚜𝚎𝟼𝟺 -𝙳 | 𝚣𝚜𝚑 At first glance, this seems easy to hunt. But the payload lives in the echo portion. If your EDR or system-derived telemetry does not preserve that command text, you may only see the later stages: Base64 decoding and shell execution. "𝚎𝚌𝚑𝚘" will not appear as its own process because it is handled as a shell builtin. That makes the day and night difference during IR! What you will see instead is: • event1: 𝚋𝚊𝚜𝚎𝟼𝟺 -𝙳 • event2: 𝚣𝚜𝚑 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻/𝗵𝘂𝗻𝘁𝗶𝗻𝗴 𝘁𝗮𝗸𝗲𝗮𝘄𝗮𝘆: Look for standalone base64 -d execution with no other command-line arguments, followed by shell execution in zsh, bash, or sh, and subsequent network activity.

@herrcore @X @nikitabier Thank you. Even after the appeal, they are claiming that it violated the rule so I had to delete the post to get my account back.

When I die, please cover my casket in my sticker collection that I bought but could never commit to applying on things

A rare outing to see Bring me the Horizon (@bmthofficial) and Motionless in While (@MIWband) live last night with my youngest. Two of my fav bands. Tempted to drive up to Philly just to see Ankor (@ankormusic) but that's a bit too much for one week

Google Chrome silently installs a 4 GB AI model on your device. > No consent dialog. No opt-out UI. Re-installs itself if the user removes it manually. That is the true definition of malware.

Microsoft Edge loads all your saved passwords into memory in cleartext — even when you’re not using them.

so you’re telling me fighters in the desert need to move in strange ways to avoid the ire of an inescapable predator?

This also sums up how I feel about Passkeys.

The State of AI Me: How do I do X? ChatGPT: You want to do X? This is why X is good This is what you should look for This is what you shouldn't do These are current trends and why it's sometimes done ... here's how to do X BUT here's how to do X better! Here's an essay summary

On April 16, 2026, a threat actor used stolen VPN creds to pivot into a Huntress partner Windows workstation and dropped a SYSTEM-level backdoor using the Komari agent - a 4.3k-star, MIT-licensed, Go-based project on GitHub. 👇🧵