Christoffer S.
@cstromblad.com
Father, husband, Swedish and cyber. Oh man, all the things cyber but mostly threat Intelligence. Dabble with Python. In the cyber field as a professional since 2001 […]
🌉 bridged from ⁂ https://swecyb.com/@nopatience, follow @ap.brid.gy to interact
🌉 bridged from ⁂ https://swecyb.com/@nopatience, follow @ap.brid.gy to interact
Anyone running @GrapheneOS, Android Auto?
Its no longer working for me in my Audi.
Stopped a while ago, since a recent update I'm assuming.
#androidauto #grapheneos
Its no longer working for me in my Audi.
Stopped a while ago, since a recent update I'm assuming.
#androidauto #grapheneos
November 11, 2025 at 4:55 PM
Anyone running @GrapheneOS, Android Auto?
Its no longer working for me in my Audi.
Stopped a while ago, since a recent update I'm assuming.
#androidauto #grapheneos
Its no longer working for me in my Audi.
Stopped a while ago, since a recent update I'm assuming.
#androidauto #grapheneos
Sometimes doing things right, and the right thing... isn't enough.
Today I was made painfully aware of this fact.
Today I was made painfully aware of this fact.
November 11, 2025 at 1:00 PM
Sometimes doing things right, and the right thing... isn't enough.
Today I was made painfully aware of this fact.
Today I was made painfully aware of this fact.
I've never quite before seen so many bugbounty hackers / cybersecurity professionals excited about AI. Not because of AI per se, but because it will generate so much new income.
We have almost quite literally taken everything we've learnt, thrown it out the window, and reintroduced injection […]
We have almost quite literally taken everything we've learnt, thrown it out the window, and reintroduced injection […]
Original post on swecyb.com
swecyb.com
November 10, 2025 at 1:04 PM
I've never quite before seen so many bugbounty hackers / cybersecurity professionals excited about AI. Not because of AI per se, but because it will generate so much new income.
We have almost quite literally taken everything we've learnt, thrown it out the window, and reintroduced injection […]
We have almost quite literally taken everything we've learnt, thrown it out the window, and reintroduced injection […]
November 10, 2025 at 11:27 AM
November 8, 2025 at 8:54 AM
Microsoft has published research about predicting and classifying topics discussed with Ai-bots with 100% precision WITH encryption.
I must say this was pretty cool research […]
I must say this was pretty cool research […]
Original post on swecyb.com
swecyb.com
November 7, 2025 at 8:26 PM
Microsoft has published research about predicting and classifying topics discussed with Ai-bots with 100% precision WITH encryption.
I must say this was pretty cool research […]
I must say this was pretty cool research […]
@GossiTheDog Thought you'd appreciate this marvelous piece of meta cyberslop.
https://www.linkedin.com/pulse/autonomous-ai-attacks-i-warned-just-went-live-mike-may-ashtc/
https://www.linkedin.com/pulse/autonomous-ai-attacks-i-warned-just-went-live-mike-may-ashtc/
The Autonomous AI Attacks I Warned About Just Went Live
Remember when I told you AI would start attacking on its own? That any teenager with an internet connection could soon unleash an AI that thinks, adapts, and attacks without human intervention? Our whitepaper "Emerging Threats to Artificial Intelligence Systems and Gaps in Current Security Measures"
www.linkedin.com
November 7, 2025 at 9:44 AM
@GossiTheDog Thought you'd appreciate this marvelous piece of meta cyberslop.
https://www.linkedin.com/pulse/autonomous-ai-attacks-i-warned-just-went-live-mike-may-ashtc/
https://www.linkedin.com/pulse/autonomous-ai-attacks-i-warned-just-went-live-mike-may-ashtc/
I've realized that I get ... disoriented (?) when reading toot threads. Each toot starting with the replied to username is not really useful.
I think when a Posted toot is rendered replied to usernames could simply by pushed to the bottom of the toot, or somehow hidden away.
Anyone else got […]
I think when a Posted toot is rendered replied to usernames could simply by pushed to the bottom of the toot, or somehow hidden away.
Anyone else got […]
Original post on swecyb.com
swecyb.com
November 6, 2025 at 7:52 PM
I've realized that I get ... disoriented (?) when reading toot threads. Each toot starting with the replied to username is not really useful.
I think when a Posted toot is rendered replied to usernames could simply by pushed to the bottom of the toot, or somehow hidden away.
Anyone else got […]
I think when a Posted toot is rendered replied to usernames could simply by pushed to the bottom of the toot, or somehow hidden away.
Anyone else got […]
Reposted by Christoffer S.
Meta, Meta, Meta. So Meta. This Reuters report is 🔥
"Meta is earning a fortune on a deluge of fraudulent ads, documents show"
"Meta projected 10% of its 2024 revenue would come from ads for scams and banned goods, documents seen by Reuters show. And the social media giant internally estimates […]
"Meta is earning a fortune on a deluge of fraudulent ads, documents show"
"Meta projected 10% of its 2024 revenue would come from ads for scams and banned goods, documents seen by Reuters show. And the social media giant internally estimates […]
Original post on infosec.exchange
infosec.exchange
November 6, 2025 at 6:38 PM
Meta, Meta, Meta. So Meta. This Reuters report is 🔥
"Meta is earning a fortune on a deluge of fraudulent ads, documents show"
"Meta projected 10% of its 2024 revenue would come from ads for scams and banned goods, documents seen by Reuters show. And the social media giant internally estimates […]
"Meta is earning a fortune on a deluge of fraudulent ads, documents show"
"Meta projected 10% of its 2024 revenue would come from ads for scams and banned goods, documents seen by Reuters show. And the social media giant internally estimates […]
Reposted by Christoffer S.
We’ve launched At The Edge, a weekly brief for GreyNoise customers highlighting shifts in attacker behavior seen across the Global Observation Grid (GOG).
Human-led analysis that turns internet noise into insight defenders can act on.
#threatintel #greynoise
Human-led analysis that turns internet noise into insight defenders can act on.
#threatintel #greynoise
November 6, 2025 at 3:02 PM
We’ve launched At The Edge, a weekly brief for GreyNoise customers highlighting shifts in attacker behavior seen across the Global Observation Grid (GOG).
Human-led analysis that turns internet noise into insight defenders can act on.
#threatintel #greynoise
Human-led analysis that turns internet noise into insight defenders can act on.
#threatintel #greynoise
According to Akido.dev there's an ongoing attack (again) on Open VSX.
The attack leverages non-printable Unicode characters to conceal malicious payloads within legitimate Open VSX extensions, making detection challenging through visual inspection […]
The attack leverages non-printable Unicode characters to conceal malicious payloads within legitimate Open VSX extensions, making detection challenging through visual inspection […]
Original post on swecyb.com
swecyb.com
November 6, 2025 at 4:07 PM
According to Akido.dev there's an ongoing attack (again) on Open VSX.
The attack leverages non-printable Unicode characters to conceal malicious payloads within legitimate Open VSX extensions, making detection challenging through visual inspection […]
The attack leverages non-printable Unicode characters to conceal malicious payloads within legitimate Open VSX extensions, making detection challenging through visual inspection […]
Huntress has published an article about Gootloader with an absolutely ridiculous amount of IoCs to hunt for, beyond an already excellent technical deep dive.
https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation
Raising the bar?
#threatintel #cybersecurity
https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation
Raising the bar?
#threatintel #cybersecurity
Gootloader | Threat Detection Overview | Huntress
Gootloader returns with new obfuscation techniques, including custom WOFF2 fonts and updated persistence mechanisms, while continuing its partnership with Vanilla Tempest for ransomware deployment. Dive in and discover what Huntress is seeing.
www.huntress.com
November 5, 2025 at 5:52 PM
Huntress has published an article about Gootloader with an absolutely ridiculous amount of IoCs to hunt for, beyond an already excellent technical deep dive.
https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation
Raising the bar?
#threatintel #cybersecurity
https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation
Raising the bar?
#threatintel #cybersecurity
Reposted by Christoffer S.
GreyNoise has observed a surge in PHP exploitation activity since late summer — now peaking as attackers deploy cryptominers at scale.
Full analysis → https://www.greynoise.io/blog/php-cryptomining-campaign
#greynoise #php #threatintel
Full analysis → https://www.greynoise.io/blog/php-cryptomining-campaign
#greynoise #php #threatintel
PHP Cryptomining Campaign: October/November 2025
From Aug–Oct 2025, GreyNoise observed a surge in exploitation attempts against PHP and PHP-based frameworks as attackers deployed cryptominers—driven by rising Bitcoin prices and higher mining payoffs.
www.greynoise.io
November 4, 2025 at 4:37 PM
GreyNoise has observed a surge in PHP exploitation activity since late summer — now peaking as attackers deploy cryptominers at scale.
Full analysis → https://www.greynoise.io/blog/php-cryptomining-campaign
#greynoise #php #threatintel
Full analysis → https://www.greynoise.io/blog/php-cryptomining-campaign
#greynoise #php #threatintel
Quick question to the blue teamers out there:
What's your take on MITRE ATT&CK Tactics and Techniques? Do you find them useful? If yes, how and in what capacity do you use them? (To the extent that you can and want to share...)
If you could have tactics and techniques extracted from publicly […]
What's your take on MITRE ATT&CK Tactics and Techniques? Do you find them useful? If yes, how and in what capacity do you use them? (To the extent that you can and want to share...)
If you could have tactics and techniques extracted from publicly […]
Original post on swecyb.com
swecyb.com
November 4, 2025 at 4:20 PM
Quick question to the blue teamers out there:
What's your take on MITRE ATT&CK Tactics and Techniques? Do you find them useful? If yes, how and in what capacity do you use them? (To the extent that you can and want to share...)
If you could have tactics and techniques extracted from publicly […]
What's your take on MITRE ATT&CK Tactics and Techniques? Do you find them useful? If yes, how and in what capacity do you use them? (To the extent that you can and want to share...)
If you could have tactics and techniques extracted from publicly […]
Reposted by Christoffer S.
It's my fediversary! Three years ago today I said goodbye to several hundred thousand followers at the nazi bar and joined this community. No regrets! Thanks for making me want to stick around :)
November 4, 2025 at 12:25 PM
It's my fediversary! Three years ago today I said goodbye to several hundred thousand followers at the nazi bar and joined this community. No regrets! Thanks for making me want to stick around :)
Using OpenAI API as a covert command and control channel. Sure, why not?
https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/
#threatintel #cybersecurity
https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/
#threatintel #cybersecurity
www.microsoft.com
November 4, 2025 at 6:59 AM
Using OpenAI API as a covert command and control channel. Sure, why not?
https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/
#threatintel #cybersecurity
https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/
#threatintel #cybersecurity
Let's pretend 80% of ransomware is enabled by AI, let's. Oh... cyber bloodhound Beaumont has sniffed us out and discovered our claim... fuck fuck... retract, backup...
Too late. There are screenshots. You failed.
@GossiTheDog […]
Too late. There are screenshots. You failed.
@GossiTheDog […]
Original post on swecyb.com
swecyb.com
November 3, 2025 at 8:30 PM
Let's pretend 80% of ransomware is enabled by AI, let's. Oh... cyber bloodhound Beaumont has sniffed us out and discovered our claim... fuck fuck... retract, backup...
Too late. There are screenshots. You failed.
@GossiTheDog […]
Too late. There are screenshots. You failed.
@GossiTheDog […]
Reposted by Christoffer S.
As we're getting closer to enabling "multiplayer" mode in our sensor fleet, we added some eye candy.
This is "all of GreyNoise production", but folks who will be hosting their own sensors (we call them "GridPoints" internally) will get a tailored view of their deployments as well.
This is "all of GreyNoise production", but folks who will be hosting their own sensors (we call them "GridPoints" internally) will get a tailored view of their deployments as well.
November 3, 2025 at 5:53 PM
As we're getting closer to enabling "multiplayer" mode in our sensor fleet, we added some eye candy.
This is "all of GreyNoise production", but folks who will be hosting their own sensors (we call them "GridPoints" internally) will get a tailored view of their deployments as well.
This is "all of GreyNoise production", but folks who will be hosting their own sensors (we call them "GridPoints" internally) will get a tailored view of their deployments as well.
I like this Cyber Threat Intelligence Maturity Model:
https://img1.wsimg.com/blobby/go/9aad51ed-ae49-4d8d-ba52-3af7e504ddf1/downloads/2accb54e-ec3a-49e4-bfa4-1d7abbafbe8a/CTI-CMM%20book%20Version%201.2%20web%20amended.pdf?ver=1757523856600
#threatintel #cybersecurity
https://img1.wsimg.com/blobby/go/9aad51ed-ae49-4d8d-ba52-3af7e504ddf1/downloads/2accb54e-ec3a-49e4-bfa4-1d7abbafbe8a/CTI-CMM%20book%20Version%201.2%20web%20amended.pdf?ver=1757523856600
#threatintel #cybersecurity
November 3, 2025 at 2:16 PM
I like this Cyber Threat Intelligence Maturity Model:
https://img1.wsimg.com/blobby/go/9aad51ed-ae49-4d8d-ba52-3af7e504ddf1/downloads/2accb54e-ec3a-49e4-bfa4-1d7abbafbe8a/CTI-CMM%20book%20Version%201.2%20web%20amended.pdf?ver=1757523856600
#threatintel #cybersecurity
https://img1.wsimg.com/blobby/go/9aad51ed-ae49-4d8d-ba52-3af7e504ddf1/downloads/2accb54e-ec3a-49e4-bfa4-1d7abbafbe8a/CTI-CMM%20book%20Version%201.2%20web%20amended.pdf?ver=1757523856600
#threatintel #cybersecurity
November 2, 2025 at 6:24 PM
Today I became a paying member of 404 Media. It's quite simple really. I keep running into articles that I enjoy, and also want to read.
And then I realized, $10... that's really quite nothing. And I can get full RSS feeds. Love it. so yeah... I'm now supporting my first independent […]
And then I realized, $10... that's really quite nothing. And I can get full RSS feeds. Love it. so yeah... I'm now supporting my first independent […]
Original post on swecyb.com
swecyb.com
November 2, 2025 at 12:52 PM
Today I became a paying member of 404 Media. It's quite simple really. I keep running into articles that I enjoy, and also want to read.
And then I realized, $10... that's really quite nothing. And I can get full RSS feeds. Love it. so yeah... I'm now supporting my first independent […]
And then I realized, $10... that's really quite nothing. And I can get full RSS feeds. Love it. so yeah... I'm now supporting my first independent […]
This is a great article about depending on AI for doing... your job.
I've tried to maintain a balance, because I too do fear becoming dependent on something I don't control.
I don't believe in all out rejection, but at the same time we need to encourage responsible development of open source […]
I've tried to maintain a balance, because I too do fear becoming dependent on something I don't control.
I don't believe in all out rejection, but at the same time we need to encourage responsible development of open source […]
Original post on swecyb.com
swecyb.com
November 2, 2025 at 10:35 AM
This is a great article about depending on AI for doing... your job.
I've tried to maintain a balance, because I too do fear becoming dependent on something I don't control.
I don't believe in all out rejection, but at the same time we need to encourage responsible development of open source […]
I've tried to maintain a balance, because I too do fear becoming dependent on something I don't control.
I don't believe in all out rejection, but at the same time we need to encourage responsible development of open source […]
Steganography is used pretty extensively in malware and attacks these days. But I have yet to see my own method used.
About 3 years ago I coded my own version of a PNG steganographic implementation injecting a custom PNG chunk into the regular PNG chain of chunks.
It was a simple yet effective […]
About 3 years ago I coded my own version of a PNG steganographic implementation injecting a custom PNG chunk into the regular PNG chain of chunks.
It was a simple yet effective […]
Original post on swecyb.com
swecyb.com
November 1, 2025 at 9:18 PM
Steganography is used pretty extensively in malware and attacks these days. But I have yet to see my own method used.
About 3 years ago I coded my own version of a PNG steganographic implementation injecting a custom PNG chunk into the regular PNG chain of chunks.
It was a simple yet effective […]
About 3 years ago I coded my own version of a PNG steganographic implementation injecting a custom PNG chunk into the regular PNG chain of chunks.
It was a simple yet effective […]