Vangelis tix Stykas

@n_o_t_h_a_n_k_s People should listen to @n_o_t_h_a_n_k_s . Because @n_o_t_h_a_n_k_s knows... EVERY TIME

patch tuesday exploit tuesday lunchtime

Hey everyone, just a reminder that our @MalwareVillage CFP for @defcon 34 is open until midnight on the 31st May! We've got some absolutely fantastic talks already lined up, and we want to see YOURS! Time to think about submitting! Closes in Newfoundland Daylight Time (UTC-02:30).

@Ouinex can you PRETTY PLEASE check your emails and stop marking my emails as SPAM ?

@zachxbt @SttyK You have to TRY to find anything which is not english in all their communications.

@SttyK It’s interesting to me people in a managerial role would communicate in English

1/ Recently an unnamed source shared data exfiltrated from an internal North Korean payment server containing 390 accounts, chat logs, crypto transactions. I spent long hours going through all of it, none of which has ever been publicly released. It revealed an intricate ~$1M/month scheme of fraudulent identities, forged legal documents, and crypto-to-fiat conversion. Enjoy the findings!

If "informational" is the response to preventing a catastrophic compromise, don’t be surprised when the next one isn’t reported or just gets dropped on Twitter. Yeap I know remember why bug bounty is a joke...

@Sagaxyz__ I've send an email to both CEO and CTO. Is there a security email ?

@evstykas please dm.

"kids as a service" wardriving fleet was not on my 2026 bingo card. Children don't know. the parents don't know. the WiFi owners don't know. but the server knows...

@TurvSec I’ve spent (not wasted) thousands of hours on td and hero Defense and still play it from time t time. Especially X hero Defense

@evstykas Struggle to remember the names but this i do remember!

Anyone else play Tower Defence? God I miss those days.

@Gi7w0rm You did not answer though ...

An apparently Chinese Mobile Game heavily marketed in Europe casually asking me if I am a Government employee during a "What do you think about our game" survey...

@Gi7w0rm Oh…

To a specific threatactor out there: Don't attempt to rely on technology you do not understand yourself. I will annoy you now 😈

@L0Psec @malwrhunterteam Any C2s ? Asking for a friend...

More of these stealers shared by @malwrhunterteam :) XOR, system(), popen(), etc. Low detections on VT. Can be time consuming to decode. Both delivered via DMG and named Application\.app, which is weird. Also potentially interesting entitlements.

@TurvSec @hetmehtaa

@hetmehtaa There's some good ways to make money in infosec: ✅YouTube ad revenue ✅Infosec Twitter X revenue ✅Freelance Consulting ✅Building tools for donations ✅Paid speaking at cons/podcasts/whatever

What are the ways people make money in cybersecurity? Apart from bug bounty and courses.

This could’ve been a spreadsheet but i vibecoded a whole web app instead disclosures.kumio.ai 3 of them are solar clouds...

So I guess . "From url to APT wipe in less than 10 minutes!". YEAY ME!

3 minutes and a chatgpted script later we are as good as new! All deleted and clean!

APT you say ? Lets see what we can do in 10 or less minutes to an APT! Ready ? SET ! GO!