Paul Melson

16.9K posts

Paul Melson

@pmelson

Author/Operator of @ScumBots. Blue Team by day, Blue Team by night. Opinions, typos, and bad grammar do not represent my employer. He/Him

✋👈 Katılım Şubat 2008

1.4K Takip Edilen14.3K Takipçiler

Sabitlenmiş Tweet

Paul Melson@pmelson·9 Kas

Rather than continue to bang my head against the increasing frequency of nonsense errors and timeouts coming from Twitter’s APIs, I’ve decided just to move ScumBots. You can now follow it here on infosec.exchange: @ScumBots" target="_blank" rel="nofollow noopener">infosec.exchange/@ScumBots

English

8.9K

Paul Melson@pmelson·31 Ara

@skocherhan Related:

English

260

ܛܔܔܔܛܔܛܔܛ@skocherhan·30 Ara

eyadcrypto[.]linkpc[.]net eyadcrypto[.]gotdns[.]ch 157[.]254[.]165[.]172 AS399486 VIRTUO 🇺🇸

TomU | I'm still here... til the end 🕊️🇨🇭@c_APT_ure

@smica83 @abuse_ch @skocherhan #Xworm eyadking.linkpc[.net:7000

English

1.3K

Paul Melson@pmelson·19 Eki

@ImposeCost Yes, now that it’s too cold for cargo shorts.

English

275

Andrew Thompson@ImposeCost·18 Eki

I guess cargo pants are back in?

English

3.1K

Paul Melson retweetledi

SLEUTHCON@SLEUTHCON·17 Eki

Check out his full talk here youtube.com/watch?v=9FvBwg…

YouTube

English

924

Paul Melson retweetledi

SLEUTHCON@SLEUTHCON·17 Eki

Paul Melson joined us this year as our keynote speaker to talk about the history of crimeware and its evolution through the years. In his keynote he also gives some good advice to those who are in the field and creating their professional network. Check out what he had to say!

English

1.2K

Paul Melson retweetledi

TomU | I'm still here... til the end 🕊️🇨🇭@c_APT_ure·9 Eki

#MalwareChallenge New way to embed b64-enc EXE in image @Cryptolaemus1 @executemalware @HazMalware @James_inthe_box @JAMESWT_MHT @JRoosen @lazyactivist192 @luc4m @malwrhunterteam @MsftSecIntel @JohnLaTwC @neonprimetime @ps66uk @Racco42 @utsuk_ladki @l3m0ntr33 @H_Miser @pmelson

TomU | I'm still here... til the end 🕊️🇨🇭@c_APT_ure

#MalwareChallenge Looks like Base64 markers changed from <<BASE64_START>> / <<BASE64_END>> to 'BaseStart-(.*?)-BaseEnd' for b64-encoded payloads embedded in images 5879d31ba880a8bf0825ed666ce82913b53830be8ab8f20ea22702f4202ff789 #RemcosRAT

English

1.8K

Paul Melson@pmelson·27 Eyl

@ryanlrussell @vxunderground @abuse_ch @mal_share Candidly, I wish they wouldn’t. It would make it a lot easier for them to kick malicious payloads off their site.

English

ryanlrussell@ryanlrussell·23 Eyl

@pmelson @vxunderground @abuse_ch @mal_share Since I’m specifically trying to share the example, VT isn’t suitable. I did end up using GitHub, turns out they explicitly allow it. See my last couple tweets for an example of what I’m talking about if you’re curious.

English

ryanlrussell@ryanlrussell·21 Eyl

What do people do for hosting malware analysis work product, such as a deobfuscated sample? I DO see some on GitHub, but that seems like a bad long-term solution? Are the sample hosting sites cool with me posting a bundle of analysis work? @vxunderground @abuse_ch ?

English

2.2K

Paul Melson@pmelson·1 Eyl

@0xtomflow follow back for DM? it’s about your testing on webhook[.]site this weekend

English

Paul Melson retweetledi

NexusFuzzy 💩@NexusFuzzy·18 Haz

I found a what I think novel approach which allowed me to list some of the content of #Lumma #Infostealer Command & Control servers with the help of left behind .DS_Store files. Blog, tool and Lumma files can be found here nexusfuzzy.medium.com/lumma-stealer-…

English

125

14.9K

Paul Melson@pmelson·9 Haz

@klrgrz @ImposeCost

QME

Andy Piazza@klrgrz·7 Haz

@ImposeCost What’s coming back first tho? Ankle or no-show socks?

English

234

Andrew Thompson@ImposeCost·7 Haz

Man I know I need to get some higher socks to be hip, but how much longer until ankle socks and lower are back? Can't be that long...

English

2.1K

Paul Melson@pmelson·7 Haz

@klrgrz @SLEUTHCON ‘Sleuthy and The Grizz’

English

161

Andy Piazza@klrgrz·7 Haz

Highlight of today was the multiple people that approached me at @SLEUTHCON to ask if I was the guy in @pmelson last slide. Absolutely YES, that’s my dumb face and I’m honored to be recognized in association with THE Known Hottie Paul Melson

English

1.4K

Paul Melson retweetledi

Tom@human_decoded·6 Haz

@SLEUTHCON off to a great start. My lesson learned from @pmelson is: make friends, they probably know something you don’t, and the Intel space is all about not not knowing things #sharingIsScaring #CTI

English

634

Paul Melson retweetledi

Andrew Thompson@ImposeCost·6 Haz

We're kicked off at #SLEUTHCON with @pmelson discussing the importance of networking in cyber, not for packet routing or job hunting, but disruption opportunities by pooling our collective access. I agree. Collectively, we're actually more powerful than state actors in many ways.

English

Paul Melson retweetledi

💻 Sherrod DeGrippo@sherrod_im·14 Nis

Get ready for this year's Sleuthcon by listening to the episode of THE Microsoft Threat Intelligence podcast all about ScumBots with Paul Melson! thecyberwire.com/podcasts/micro…

SLEUTHCON@SLEUTHCON

We are excited to announce our 2025 SLEUTHCON keynote speaker: @pmelson, VP of Cybersecurity at Capital One and author/operator of @ScumBots With over two decades of experience defending networks and disrupting adversaries, Paul brings unmatched insight into the economics of cybercrime. His talk, A Brief History of Crime[ware], traces the evolution of monetized malware and explores how we can stop attackers by targeting what they care about most: profit. 📍 June 6 | Arlington, VA + Virtual 🎟️ Early bird pricing ends soon 🗓️ CFP closes April 18 ⚠️ This event will sell out REGISTER TODAY: sleuthcon.com/registration

English

8.3K

Paul Melson retweetledi

SLEUTHCON@SLEUTHCON·14 Nis

English

13.4K

Paul Melson@pmelson·3 Nis

@jamieantisocial There was a time 8-9yrs ago when this gap was closing, but with the rise of ransomware / extortion, persistence is of low importance to crimeware actors and scale is more important than targeting, so the gap has widened by a lot.

English

186

J⩜⃝mie Williams@jamieantisocial·3 Nis

when will cybercrime exceed nation-state threat actors regarding being "advanced" && "persistent"?

English

2.1K

Paul Melson@pmelson·16 Oca

@AndyDormire @ImposeCost @sherrod_im You’ve been holding onto this for 33mos?

English

261

Andy Dormire@AndyDormire·16 Oca

@ImposeCost @sherrod_im Sherrod once publicly shamed me on X (via quote tweet) because I expressed how I felt about OpSec preventing us from fully discussing our jobs. Not the person I'd care to respect on their opinion about this topic.

English

2.1K

Paul Melson@pmelson·11 Ara

@ItsReallyNick 1btl of 20yr and all of the Larue they will sell me

English

217

Nick Carr@ItsReallyNick·11 Ara

POV: what are you buying at these prices (in NJ?)

English

11.6K

Paul Melson@pmelson·28 Kas

Today I am thankful for all of the folks working a shift and watching the wires to keep us safe. I see you and I appreciate you.

English

Paul Melson retweetledi

Michael Schwartz@schwartzonsec·23 Kas

@censysio Censys has many open positions open right now across the company: sales, marketing, product, engineering, and research. Come join the team building the next generation of Internet scanning technology, the Internet Intelligence Platform. censys.com/careers/

English

2.9K

Keşfet

@skocherhan @ImposeCost @Cryptolaemus1 @executemalware @HazMalware @James_inthe_box @JAMESWT_MHT @JRoosen