@bbaskin @sublime_sec Thanks, Brian, understand. If there's any chance of providing a sanitized version later it would be outstanding! BTW - very good webinar you had earlier this week. Nice work over there!
English
Drew
2.4K posts
Drew
@bugfireIO
malware detection and analysis, hunting and gathering, threat research. Views are my own. https://t.co/efJDIXnaLi
United States Katılım Ağustos 2012
595 Takip Edilen256 Takipçiler
@bugfireIO @sublime_sec Each sample has the victim's address embedded, so we're not able to directly share any unfortunately.
English
🚨 Threat actors are now using JavaScript virtual machines to hide phishing payloads inside HTML attachments.
Sublime Threat Intelligence and Research (STIR) observed FlowerStorm operators adopting KrakVM just weeks after its release.
The campaign included:
• VM-based obfuscation
• Credential harvesting
• Real-time MFA interception
A key takeaway: advanced obfuscation is becoming easier to operationalize.
Our latest research breaks down the attack chain and what defenders should watch for next.
sublime.security/blog/flowersto…
#Cybersecurity #Phishing
English
Drew retweetledi
🤔 Can you truly dismantle what you don't know how to build...?
In my upcoming @BlackHatEvents 2-day training, we’re using modern LLVM pipelines to write the same obfuscation passes used by nation-states.
Once you see the "why" behind the transform, the "how" of the reversal becomes more apparent. Learn how compilers work effectively so you can too 😉
⏳ Early bird pricing ends May 22. Join me in Vegas:
🔗 #syntactical-supremacy-defeating-and-designing-nation-state-obfuscation-50977" target="_blank" rel="nofollow noopener">blackhat.com/us-26/training…
English
@HackingDave @Binary_Defense I’m very impressed with the buildout and ingenuity here. With FP % declining, I’m curious what the false negatives in general are looking like now as well.
English
NightBeacon is changing the game for us @Binary_Defense - we have this technology so dialed into every aspect of what we do. Our MTTD and MTTR has drastically been reduces to seconds and minutes, not multiple minutes or hours. Truly revolutionary technology that I've been building over the past year, and that is fully integrated into how we do work everyday at Binary Defense.
We had a new customer onboarded and up and running in 7 minutes. SEVEN minutes. Full agentic workflow, full AI enrichment based on our own training models - 87.43% reduction in false positives in 7 minutes.
Interested in what we are doing? Even if you don't need our MDR services, NightBeacon can be integrated into your existing technology, tooling, MDR, MSSP - doesn't matter for us - we just want to help. Not marketing fluff, real things that are working today that changes everything we do.
Reach out to us anytime.
#BinaryDefense
binarydefense.com/company/contac…
English
This is an excellent and comprehensive deep dive into EDRs and how they work 👇
DbgMan ^_^@0XDbgMan
Hi, a new blog (It’ll be the last) 0xdbgman.github.io/posts/edr-inte…
English
@cyb3rops Yep, start AI project, enable MCP integrations - execs “this can do all the threat hunting now”. no plan = no problem right?
English
I think many executives currently look at AI-generated software and think:
"Wow. It's already 90% there."
What they often underestimate is that the remaining 10% is not 10% of the work.
A senior developer reviewing a 5,000-line AI-generated pull request often has to spend hours just understanding the architectural choices, hidden assumptions and how all the pieces fit together.
At that point you're no longer "adding a few fixes".
You're reverse-engineering a codebase that appeared out of nowhere in five minutes.
And many senior developers absolutely hate that kind of work.
Most don't want to become full-time reviewers of machine-generated spaghetti while spending their days writing specifications and documentation for an AI instead of building software themselves.
AI is extremely good at creating the impression that we're "almost there".
But "almost there" can still hide enormous amounts of engineering, maintenance and human responsibility underneath.
Florian Roth ⚡️@cyb3rops
Many C-level execs seem to believe this Many senior devs who have seen AI say "good catch" 500 times probably don’t The gap between those two views might become expensive
English
Drew retweetledi
The latest episode of Behind the Binary is here! Debugger architect Xusheng Li (@vector35 ) breaks down why Time Travel Debugging (TTD) is the future of debugging—from solving the "granularity problem" in malware analysis to catching hardware-level microcode bugs.
🎧 podcasts.apple.com/us/podcast/ep2…
English
Drew retweetledi
Microsoft reports an evolving macOS infostealer campaign using ClickFix-style instructions hidden in blog posts and user-driven platforms. Posing as system utility fixes, the commands load stealers such as Macsync, Shub Stealer and AMOS. microsoft.com/en-us/security…
English
Things I am thinking about changing since the last time I gave this talk...
- More discussion of WinAPI + API sequences
- Debugging & unpacking in a debugger
- Brief nods to golang/rust/delphi
- Heavy focus on workflow development
смех@0x6D6172636F
looking like ya boi is going to be a last minute presenter at Bsides Nashville again
English
I either eat zero cereal for extended periods or an entire box at one time. there is no in-between
English
Users about to be #ClickFix with a *94ms median time.
Windows Latest@WindowsLatest
Microsoft confirms Windows Run dialog is getting a modern look on Windows 11! - Modern design: A refreshed look that matches Fluent Design and Windows 11, with dark mode support. - Faster than before: Perf was top-of-mind when rewriting Run, and with a **94ms median time-to-show time it’s faster than ever before. - Quick user directory access: You can now type ~\ to jump to your user directory, then keep navigating just like you would from the command line. The modern Run dialog is slowly rolling out in current Insider builds of Windows as an opt-in feature, ensuring we are collecting your feedback. To enable the new Run dialog, you’ll need to: - Be on Windows Insider Experimental Channel. - Enable to Settings -> System -> Advanced and toggle on the new experience with the “Run Dialog” option at the top of the screen.
English
@kuzushi @S0ufi4n3 @HackingLZ I think t he majority of people are in the same boat as you. It’s not necessarily a bad thing, but it’s definitely been a time suck for a while now just trying to keep up.
English
What I mean is, if I wanted to just do I can do that faster than I have in the past and move on. Instead I am recycling my time and I spent _lots_ of it focused on doing dev work I've always wanted to but just didn't before. Some of it is prompting, but I spend lots of time researching and looking at validation approaches.
English
People say that AI doesn't actually make you more productive. meanwhile, I have a custom-built discovery agent running tests against sites in one tab, a custom harness for testing my PhD thesis in another, and a third tab reverse-engineering binaries for me to review...
English
Drew retweetledi
I trust AI to plan vacations, but analyzing malware and producing a final report? Not so much.
If you’re looking for a way to start using AI to support parts of your workflow, watch this: youtu.be/4ok4e0Jvy_4
YouTube
English
This episode was a ton of fun! It was a great way to celebrate!! I hope everyone enjoys it!
Threat Insight@threatinsight
Our award-winning threat research podcast series, Discarded, is celebrating 100 episodes this week! 🎉 Stream now for a trip down memory lane, a few laughs, and a look ahead to what's next in cybersecurity. Cheers to 100 episodes! 🍾 #146302?utm_source=twitter&utm_medium=social_organic" target="_blank" rel="nofollow noopener">proofpoint.com/us/podcasts/di…
English
Drew retweetledi
Episode 95: Vigilant Labs director Mark Dowd joins the show to shed light on the state of offensive research, the economics of the exploit market, and why "Mark Dowd in a box" isn't quite the threat the AI hype machine suggests.
He talks through the daily stresses of running an offensive shop, how AI is reshaping vulnerability discovery, exploit development, and the pricing of full exploit chains.
Plus, thoughts on Lockdown Mode and Apple's MIE, whether mitigations actually work or just push attackers toward less access, the rise of HarmonyOS and the Balkanization of device security, persistence, baseband attacks, GrapheneOS, and Samsung Knox.
We discuss customer vetting and OpSec fears, policymakers who've never written an exploit, and the strange afterlife of The Art of Software Security Assessment, the 20-year-old book now possibly training data for the very tools coming for his job.
@mdowd @juanandres_gs @craiu @wearetlpblack
YouTube youtu.be/NEDlOKHG8nY?si…
YouTube
Ryan Naraine@ryanaraine
Sunday listening 👇🏽 podcasts.apple.com/us/podcast/thr…
English
Drew retweetledi
New Video: Build your own LLM dynamic analysis lab 🦔🎥
➡️ AI debugs and unpacks with x64dbg
➡️ AI can access powershell terminal
youtube.com/watch?v=QrWzRg…
YouTube
English
@HuntressLabs @wbmmfq @Curity4201 @_JohnHammond What is the initial access vector you're seeing on getting these deployed?
English
The Huntress SOC is observing the use of Nightmare-Eclipse's BlueHammer, RedSun, and UnDefend exploitation techniques.
Investigation by: @wbmmfq, @Curity4201, + @_JohnHammond 🧵👇
English
Abnormal Threat Intelligence uncovered a credential theft campaign targeting executives by name.
Unlike typical phishing, this attack hijacks real Microsoft auth flows, turning one login into persistent access inside trusted systems—effectively enabling attackers to evade detection and survive remediation.
We also identified VENOM, a new phishing-as-a-service platform with a licensing model—suggesting broader risk.
We’re actively tracking and helping organizations stop these attacks.
English