Thomas Fischer

Introducing Threat Hunting Labs. A training platform focused on realistic intrusion investigations. Start from an alert, analyze real telemetry, and work through structured investigation paths. Built for threat hunters, incident responders, and detection engineers. More details: threathuntinglabs.com/blog/introduci…

⚠️️️ 𝗡𝗲𝘄 𝗦𝘁𝗮𝗴𝗲𝗿 𝗟𝗲𝗮𝗱𝗶𝗻𝗴 𝘁𝗼 𝗥𝗔𝗧 𝗗𝗲𝗽𝗹𝗼𝘆𝗺𝗲𝗻𝘁: 𝗗𝗲𝘁𝗲𝗰𝘁 𝗜𝘁 𝗘𝗮𝗿𝗹𝘆 We caught #RUTSSTAGER, a malware that stores a DLL in the Windows registry in hexadecimal form, hiding the payload and delaying detection. In the observed chain, the stager delivered #OrcusRAT, followed by a supporting binary that maintains persistence, uses PowerShell for system checks, and restarts the RAT process. ✅ In the #ANYRUN Sandbox, behavioral analysis and file system monitoring exposed the full execution chain. Process synchronization events revealed coordination between the stager and its payload, helping confirm multi-stage malware activity early. 👾 See the analysis session and collect #IOCs to speed up detection and response: app.any.run/tasks/b357aa61… 🔍 Pivot from indicators and subscribe to Query Updates to proactively track evolving attacks: intelligence.any.run/analysis/looku… 👨‍💻 Learn how #ANYRUN Sandbox helps SOCs detect complex threats and contain incidents faster: any.run/features/?utm_… #ExploreWithANYRUN

📄 Need a handy reference for your forensic investigations? Our #SIFT Cheat Sheet is designed for #DFIR analysts with essential tools and techniques on the SANS #Linux SIFT Workstation Download your copy: buff.ly/PM3AKjT

💡 A Practical Look at AWS Threat Hunting hunt.io/glossary/aws-t… AWS environments generate massive telemetry. The challenge isn’t collecting logs, it’s turning one suspicious signal into context. This is our practical workflow: 1) Start with VPC Flow Logs, GuardDuty, or CloudTrail. 2) Enrich the IP/domain using our platform. 3) Pivot to related domains, certs, hashes, C2s. 4) Map the campaign, not just the alert. 5) Feed findings back into detection. Effective AWS threat hunting starts with a signal and expands from there. #AWS #ThreatHunting #CyberSecurity

We analyzed a DPRK-linked Contagious Interview intrusion where fake job lures abused npm install for C2 using trusted packages. A modular toolset (OtterCookie, InvisibleFerret, Tsunami) enabled cross-platform access and data theft targeting wallets, creds, and docs.

Seeing identity attack paths is one thing. Eliminating them safely is another. @ChannelInsider breaks down BloodHound Scentry and how it helps teams operationalize Identity APM faster. ⤵️ ghst.ly/3OioUg2

New advisory was just published! 🚨 Three new post auth vulnerabilities have been found in ISPConfig. These vulnerabilities allow attackers who have either Reseller or Client accounts to escalate to root level access.

Very neat open source city map poster generator (found via HN) github.com/originalankur/… — here's St. Louis, MO

🎉 Happy New Year from BSides London! 🎉 Be inspired. Inspire others. Get involved. Take the step. Make it happen. #Security #BSides #London #BSidesLDN2026

''Malware development part 1 - basics'' #infosec #pentest #redteam #blueteam 0xpat.github.io/Malware_develo…

The Art of Pivoting - Techniques for Intelligence Analysts to Discover New Relationships in a Complex World This book explores how intelligence and cyber-security analysts can uncover hidden links between threat actor infrastructure and ongoing investigations by pivoting on both classic and unconventional indicators — many of which are often overlooked. The material is grounded in empirical, field-tested strategies used in cyber-security, digital forensics, cyber threat intelligence, and intelligence analysis more broadly. Our goal is to provide analysts with a practical toolkit of analytical methods, supported by real-world examples, to enhance investigative workflows without locking them into a single mindset, strict model, or overly rigid technical strategy. Instead, the book encourages creative exploration, data-driven reasoning, and the use of diverse data points — from traditional IOCs to subtle metadata traces — as part of a flexible and repeatable analytical process. #threathunting github.com/blackorbird/AP…

TokenFlare is now public 🔥 Serverless AiTM phishing for Entra ID - deploys in <60 seconds on Cloudflare's free tier. Dropped it at @BSidesLondon last Saturday. The room's reaction told me we cooked. blog: labs.jumpsec.com/tokenflare-ser… repo: github.com/JumpsecLabs/To… Demo 👇

🚨Alert🚨:CVE-2025-68613(CVSS 10.0): A Critical Remote Code Execution (RCE) Vulnerability in n8n. 📊905.9K Services are found on the hunter.how yearly. 🔗Hunter Link:hunter.how/list?searchVal… 👇Query HUNTER : product.name="N8n" 📰Refer:securityonline.info/n8n-under-fire… github.com/n8n-io/n8n/sec… #hunterhow #infosec #infosecurity #OSINT #Vulnerability

Wow, Wow, Wow, Wow, Wow, Wow, Wow, Wow, Wow! Thank you to everyone who made a donation at #BSidesLDN2025 on Saturday, all donations have now been paid to @CR_UK and the total is currently £8128. If you still wish to donate, you can! Visit: justgiving.com/page/bsideslon… #FuckCancer

The OFFICIAL Proton VPN CLI is now available on: ✅ Arch (btw) ✅ Debian ✅ Ubuntu ✅ Fedora Next, we're adding features to let you specify P2P, TOR, and Secure Core for your connection, and the ability to see all countries/cities. Here's a quick demo and how to install it 👇

''MacOS Infection Vector: Using AppleScripts to bypass Gatekeeper'' #infosec #pentest #redteam #blueteam pberba.github.io/security/2025/…

Love letter ❤️ from a threat actor 🕵️exploiting React2Shell vulnerability (CVE-2025-55182) to spread #Mirai malware ⤵️ fuckoffurlhaus 😂 Payload URLs 🌐: urlhaus.abuse.ch/host/45.153.34… Mirai botnet C2s 📡: marvisxoxo .st (ISTanCo 🇷🇸) 45.156.87 .231:23789 (AS51396 PFCLOUD 🇩🇪) Malware sample 📄: bazaar.abuse.ch/sample/9a84057…

There have been many posts asking about whether the #BSidesLDN2025 talks were recorded. Yes they were! They will be available on our YouTube channel youtube.com/channel/UCXXNO… Please subscribe, we only upload once a year, and you’ll be notified when the videos are available!

Huge congratulations to @RussianPanda9xx on winning SANS Difference Makers 2025 – Practitioner of the Year (Cyber Defense) 🎉

#Sharenting 👶📱Et si on réfléchissait avant de publier ? En France, 53 % des parents ont déjà partagé des photos ou vidéos de leurs enfants en ligne. 📺Du 11 au 17 décembre 2025, découvrez notre vidéo de sensibilisation diffusée sur les antennes de @Francetele.