APK-47

The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at github.com/mandiant/flare…. Launched with: - Malware Analysis Crash Course - Go Reversing Reference - Intro to TTD

⚠️ Our team at Google is releasing more details on the recent NPM #axios supply chain attack. Notably, we now attribute this activity to #UNC1069, a financially motivated North Korean 🇰🇵 nexus threat actor active since at least 2018.

This is going to be a big one.

New blog post: Building a Pipeline for Agentic Malware Analysis Agentic RE + malware analysis with custom skills, MCP tooling, and persistent case state to automate intial triage Link: synthesis.to/2026/03/18/age… Github: github.com/mrphrazer/agen…

🧵 I just reverse-engineered the binaries inside Claude Code's Firecracker MicroVM and found something wild: Anthropic is building their own PaaS platform called "Antspace" (Ants + Space). It's a full deployment pipeline — hidden in plain sight inside the environment-runner binary. Here's what I found 👇

Anthropic just announced Claude Certified Architect exam. Aren't you glad I started my Claude certification course last week? I just knew it my bones, that I had to make one, and now I can just align mine to this.

Iran-linked Handala Hack (aka Void Manticore, COBALT MYSTIQUE) is a reported vector for an increase in wiper attacks. This Insights blog details proactive recommendations for security teams, from identity management to enhancing security controls. bit.ly/4rrBVlu

Has anyone seen any work with APK analysis using AI? Seen a lot of focus on PEs and other binaries - did I miss something someone is working on? If not, I might have to dive into this space whole heartedly #infosec #android

Today I’m launching Threat Hunting Labs. Over the years I’ve analyzed many real-world intrusions. One thing became obvious: most training platforms don’t resemble how investigations actually happen. So I built something different. Threat Hunting Labs focuses on investigation-driven learning using real telemetry and structured investigative paths. If you want to get better at investigating breaches, you should practice investigating breaches. More details here: threathuntinglabs.com/blog/introduci…

Introducing the new /crawl endpoint - one API call and an entire site crawled. No scripts. No browser management. Just the content in HTML, Markdown, or JSON.

@HackingLZ Should I use cellebrite, axiom, or encase - nah let me spend countless hours troubleshooting something instead of actually getting to the DFIR part

@HackingLZ Or, hear me out - just go buy a license for something that is far better than whatever this is, and supported. I’ve never really understood this project - go use something that’s not generally admissible because of how it’s designed??

🤣

Why do we need tools like ATT&CK explorer and stuff anymore? I mean honestly #infosec

and definitely don't impersonate these named pipes: "cowork-vm-service", "cowork-daemon-console" OR these bins: chrome-native-host.exe, cowork-svc.exe OR this user id: "cowork-vm" -- that would be just awful

@HackingLZ the next time you're doing an engagement, definitely don't grab these files: C:\Users\Username\AppData\Local\Claude\Logs\*, C:\ProgramData\Claude\Logs\*, C:\Users\Username\AppData\Roaming\Claude\logs\* #ai #infosec

🧵 We recently had an incident that involved a MuddyWater hands-on attacker who couldn't spell "administrators" Full timeline breakdown below. 1/

we hijacked perplexity comet by sending a weaponized calendar invite then used it to takeover victim's 1p account and exfil their local files call it pleasefix. like clickfix, but instead of social eng'ing a human you just ask their ai real nicely incredible work by @StAJect0r

Automates threat intelligence analysis and monitoring github.com/thalesgroup-ce…

Microsoft Defender researchers observed attackers using yet another evasion approach to the ClickFix technique: Asking targets to run a command that executes a custom DNS lookup and parses the `Name:` response to receive the next-stage payload for execution.

@HackingLZ This is pretty bold coming from the company who has the most limited AI capabilities of any of the top contenders. Microsoft AI is actually disproving his point

Microsoft already has this issue of people disliking them because of Windows being a mess, AI, and other things perhaps better framing around "tasks" vs "jobs" or find a way to make more positive statements. x.com/FT/status/2021…