Drew

@andrewsmhay @HackingDave That’s milk in my family

@HackingDave When I was a kid, my mother handed me a meatball and said "Try this and let me know if you think the meat has gone bad." I've never forgiven her for it.

I love how my wife hands me food and asks “try this and let me know if I would like this” 😂😂

@craiu Loved hearing the stories about Sergey Mineev. Sounds like he was an amazing person and inspirational to so many. Thank you for sharing.

A 2.5hr opus, for your weekend earholes. We remember GReAT teammate Sergey Mineev, the legendary malware hunter behind discoveries like Equation Group and Project Sauron (Remsec), including stories about his methods and why he was the best to ever do it. Plus, another in-the-wild iOS exploit kit discovery and a long overdue conversation about Apple's responsibility to hundreds of millions of users on older iOS versions... securityconversations.com/episode/the-gr…

Anna gave me the space to do a full walkthrough of the Threat Hunting Labs platform on her channel. Check it out below 👇 Thank you @RussianPanda9xx ❤️ 🙏

@0x747863 @REMnux Good feedback, thanks. Definitely an improved workflow incorporating it.

@bugfireIO @REMnux Unpacking wasn't successful, but config extraction and Python script creation were very good. I think more experienced analysts/researchers can get more value of AI because they know where and for what to look for, allowing them to create better prompts and evaluate the results

IcedID Config extraction: Writeup for a challenge part of Zero2Auto malware analysis course. txc.gitbook.io/documentation/… Also tried out the @REMnux MCP server to check out, how AI can support my analysis approaches and learning overall

@0x6D6172636F That’s crazy. I’m not a fan of really young kids pushing themselves like that in general.

Holy shit I just saw an 11yo finish a 100k

@0x6D6172636F Condolences, that stuff is a pain

Wasn't expecting to see NESHTA today 👀

@d4rksystem @CyberRacheal :wq!

@CyberRacheal :wq

Chmod 700. Add yours

@struppigel Yes, this story got way too much play for what it is. If you still need to get a custom loader installed somehow to extract it then you could have just sent the payload to begin with.

I don't quite understand why this is a CVE if standard unarchivers fail to unpack these ZIPs. If you corrupt or encrypt any file and need to deploy a custom loader to extract it you have same result. ¯\_(ツ)_/¯ x.com/BleepinCompute…

@blackorbird Saw that and wondered if there’s a detection mechanism

ZIP format confusion technique that evades 98% of antivirus engines. Malformed ZIP archive that evades antivirus detection by declaring Method=0 (stored) while containing DEFLATE-compressed payload. CVE-2026-0866 github.com/bombadil-syste…

@cyb3rops 100% agree. Can use an LLM in your local repo to enforce as well.

Enforcing rule metadata standards has always been fundamental for a good detection engineering practice You can use "metadata validation" in the YARA language server for this and here's a style guide that serves as an inspiration for the meta data value selection github.com/Neo23x0/YARA-S…

@0x6D6172636F Yeah, the participation medal is a more reasonable option in this case

@bugfireIO Yeah its completely all good. Sometimes its just crazy hot out. Sometimes you don't feel well. A dnf every once in a while just means you put yourself out there. I understand wanting to collect the medal as well. It may be a big travel event. The 18 mi "finish" is weird lol.

lol just give everyone a medal at that point

@LikelyMalware How’d it turn out?

From my phone BTW

I just didn’t felt like paying on a 20$ app I need for a project so I JUST ASKED #CLAUDE TO DEVELOP MY OWN. Insane.🤯🤯🤯

@HackingLZ Excellent assumption

Now that codex security dropped I assume there are no more security issues in openclaw?

@0x6D6172636F Touch water

I teamed up with Ryan Dowd to investigate a fake OpenClaw installer hosted on GitHub. This was also picked up by Bing's AI and recommended as the correct way to install OpenClaw on Windows. huntress.com/blog/openclaw-…

🎓 I’ve been a virtual learning advocate for decades—from my YouTube channel to developing online PhD programs. But my philosophy was really shaped by a "far from optimal" in-person training experience early in my career. ❌ No lab guides ❌ Just a printout of the slide deck ❌ Deciphering my own hasty, and incomplete, notes for weeks afterward 🗝️ Simply put, I couldn't use the material after I got home. Training has changed. The days of "gatekeeping" material are over. My approach is simple - I want our time spent together learning to have a long shelf life. That's why much of the material I develop (or help deliver) uses: ✅ Detailed lab guides ✅ Source code ✅ Annotated IDBs The real value isn't the PDF; it’s the discussion and real-time problem-solving we do together. Join me virtually next month at @_ringzer0 for a week of virtual learning! ringzer0.training/countermeasure…

New blog: Using LLMs the right way for malware analysis 💡Tips for building an autonomous AI analysis lab on a 12 yo laptop and getting stuff done faster without loss of accuracy. blog.gdatasoftware.com/2026/03/38381-…

@d4rksystem YES!

This is the primary issue with LLM-based reversing I see at the moment. To someone without much RE experience, these AI generated RE reports look like magic. To someone with more experience, the tiny flaws in the diamond begin to show.