PDFs have been a constant struggle and I’ve found that this helps. Might be a little biased tho
Proofpoint threat researchers have designed an open-source tool—named PDF Object Hashing—to track and detect the unique characteristics of PDFs used by threat actors... similar to a digital fingerprint.
We use this tool internally to help track multiple threat actors with high confidence.
We use this tool internally to help track multiple threat actors with high confidence.
October 23, 2025 at 6:19 PM
PDFs have been a constant struggle and I’ve found that this helps. Might be a little biased tho
I’ll be presenting at #GrrCON this year about some weird pdf detection ideas I’ve been messing with. Swing by and tell me your file format
September 30, 2025 at 1:40 PM
I’ll be presenting at #GrrCON this year about some weird pdf detection ideas I’ve been messing with. Swing by and tell me your file format
People love people who use ms paint.
June 13, 2025 at 8:34 PM
People love people who use ms paint.
Reposted by Kyle Eaton
Idk about y’all but I don’t plan on giving RU ops a free pass into our customer networks just because some ding dong says they aren’t a threat
If anything I might just wanna burn them with more prejudice out of spite for both regimes
If anything I might just wanna burn them with more prejudice out of spite for both regimes
March 1, 2025 at 2:29 PM
Idk about y’all but I don’t plan on giving RU ops a free pass into our customer networks just because some ding dong says they aren’t a threat
If anything I might just wanna burn them with more prejudice out of spite for both regimes
If anything I might just wanna burn them with more prejudice out of spite for both regimes
Check this episode out to hear about image lures and how we can detect them
New episode of DISCARDED featuring my favorite MS Painter Kyle Eaton 👨🎨
Apple: podcasts.apple.com/us/podcast/d...
Spotify: open.spotify.com/episode/5asG...
Web: www.buzzsprout.com/2445401/epis...
Apple: podcasts.apple.com/us/podcast/d...
Spotify: open.spotify.com/episode/5asG...
Web: www.buzzsprout.com/2445401/epis...
Hiding in Plain Sight: How Defenders Get Creative with Image Detection
Podcast Episode · DISCARDED: Tales From the Threat Research Trenches · 02/25/2025 · 46m
podcasts.apple.com
February 25, 2025 at 5:57 PM
Check this episode out to hear about image lures and how we can detect them
February 10, 2025 at 6:57 PM
departmentofdefence[.]link 🧐
January 30, 2025 at 1:37 PM
departmentofdefence[.]link 🧐
Yara rule to match concatenated zip files. I like this one (biased) because of how we are able to avoid matching nested zip files.
More info: x.com/threatinsigh...
#yara github.com/EmergingThre...
More info: x.com/threatinsigh...
#yara github.com/EmergingThre...
threatresearch/yara/zip_file.yara at master · EmergingThreats/threatresearch
I wanted to call this repo "Nuclear Football Codes". I was outvoted.. - EmergingThreats/threatresearch
github.com
November 19, 2024 at 9:09 PM
Yara rule to match concatenated zip files. I like this one (biased) because of how we are able to avoid matching nested zip files.
More info: x.com/threatinsigh...
#yara github.com/EmergingThre...
More info: x.com/threatinsigh...
#yara github.com/EmergingThre...