kurt baumgartner
@kurtisj.bsky.social
independent cybersecurity researcher.
I have many leather-bound books and my apartment smells of rich mahogany. thanks for all the xor
I have many leather-bound books and my apartment smells of rich mahogany. thanks for all the xor
Reposted by kurt baumgartner
Let me show you the difference between a $40 hoodie and a ~$100 hoodie. 🧵
November 12, 2025 at 10:54 PM
Let me show you the difference between a $40 hoodie and a ~$100 hoodie. 🧵
Reposted by kurt baumgartner
Squeeeee 🥳 I'll be teaching my Advanced Linux Malware Reverse Engineering class at RE//verse conference in 2026!! MORE Linux APT insides and peculiarities😍🥰🤩Pls share if you can🙃
shop.binary.ninja/products/re-...
shop.binary.ninja/products/re-...
RE//verse 2026 Training - Advanced Linux Malware Reverse Engineering with Marion Marschalek
This fast-paced 3-day training explores Linux internals and Linux binary analysis techniques, before jumping right in with common Linux malware. Work through advanced samples, Linux software protectio...
shop.binary.ninja
November 12, 2025 at 6:59 PM
Squeeeee 🥳 I'll be teaching my Advanced Linux Malware Reverse Engineering class at RE//verse conference in 2026!! MORE Linux APT insides and peculiarities😍🥰🤩Pls share if you can🙃
shop.binary.ninja/products/re-...
shop.binary.ninja/products/re-...
The spyware is delivered through malformed DNG image files exploiting CVE-2025-21042...
The exploit chain possibly involved zero-click delivery using maliciously crafted images, similar to recent exploit chains seen on iOS and Samsung Galaxy.
unit42.paloaltonetworks.com/landfall-is-...
The exploit chain possibly involved zero-click delivery using maliciously crafted images, similar to recent exploit chains seen on iOS and Samsung Galaxy.
unit42.paloaltonetworks.com/landfall-is-...
LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
Commercial-grade LANDFALL spyware exploits CVE-2025-21042 in Samsung Android’s image processing library. The spyware was embedded in malicious DNG files.
unit42.paloaltonetworks.com
November 7, 2025 at 3:00 PM
The spyware is delivered through malformed DNG image files exploiting CVE-2025-21042...
The exploit chain possibly involved zero-click delivery using maliciously crafted images, similar to recent exploit chains seen on iOS and Samsung Galaxy.
unit42.paloaltonetworks.com/landfall-is-...
The exploit chain possibly involved zero-click delivery using maliciously crafted images, similar to recent exploit chains seen on iOS and Samsung Galaxy.
unit42.paloaltonetworks.com/landfall-is-...
Reposted by kurt baumgartner
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
Crossed wires: a case study of Iranian espionage and attribution | Proofpoint US
Proofpoint would like to thank Josh Miller for his initial research on UNK_SmudgedSerpent and contribution to this report. Key findings Between June and August 2025,
www.proofpoint.com
November 5, 2025 at 1:37 PM
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
Reposted by kurt baumgartner
November 3, 2025 at 5:56 PM
another jabberzeus roundup!
krebsonsecurity.com/2025/11/alle...
krebsonsecurity.com/2025/11/alle...
Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. Custody
A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States...
krebsonsecurity.com
November 3, 2025 at 6:34 PM
another jabberzeus roundup!
krebsonsecurity.com/2025/11/alle...
krebsonsecurity.com/2025/11/alle...
Reposted by kurt baumgartner
If you’ve been laid off from a cyber threat intel position, and you want a ticket to CYBERWARCON, please reach out.
October 23, 2025 at 1:27 PM
If you’ve been laid off from a cyber threat intel position, and you want a ticket to CYBERWARCON, please reach out.
Reposted by kurt baumgartner
After our initial #PolarEdge #botnet write-up, we’re happy to announce the second part: “Defrosting PolarEdge’s Backdoor,” a full technical deep-dive into its TLS-based implant.
blog.sekoia.io/polaredge-ba...
blog.sekoia.io/polaredge-ba...
October 14, 2025 at 1:35 PM
After our initial #PolarEdge #botnet write-up, we’re happy to announce the second part: “Defrosting PolarEdge’s Backdoor,” a full technical deep-dive into its TLS-based implant.
blog.sekoia.io/polaredge-ba...
blog.sekoia.io/polaredge-ba...
Reposted by kurt baumgartner
Reposted by kurt baumgartner
2025-10-01 (Wed) I've posted #malware samples and a #pcap of the post-infection traffic from an infection by possible #Rhadamanthys malware at www.malware-traffic-analysis.net/2025/10/01/i...
This is from a file disguised as a cracked version of software, and I usually see #LummaStealer from this.
This is from a file disguised as a cracked version of software, and I usually see #LummaStealer from this.
October 6, 2025 at 6:52 PM
2025-10-01 (Wed) I've posted #malware samples and a #pcap of the post-infection traffic from an infection by possible #Rhadamanthys malware at www.malware-traffic-analysis.net/2025/10/01/i...
This is from a file disguised as a cracked version of software, and I usually see #LummaStealer from this.
This is from a file disguised as a cracked version of software, and I usually see #LummaStealer from this.
Reposted by kurt baumgartner
2025-10-02 (Thursday): #pcap and some images from an Android malware infection at www.malware-traffic-analysis.net/2025/10/02/i...
October 7, 2025 at 2:59 AM
2025-10-02 (Thursday): #pcap and some images from an Android malware infection at www.malware-traffic-analysis.net/2025/10/02/i...
Reposted by kurt baumgartner
Two things:
YARA-X 1.8.0 is out with some nice features if you use the various bindings and a bug fix involving an edge case in PE signatures. Congrats to all involved!
To be more useful I wrote a small PR to display filenames in console.log() output when using yr scan.
github.com/VirusTotal/y...
YARA-X 1.8.0 is out with some nice features if you use the various bindings and a bug fix involving an edge case in PE signatures. Congrats to all involved!
To be more useful I wrote a small PR to display filenames in console.log() output when using yr scan.
github.com/VirusTotal/y...
Release v1.8.0 · VirusTotal/yara-x
Implement block scanning API for Rust and C (#459, 185c2ee).
Implement Golang and C APIs for setting global variables of type array and structure (#449).
Add iterator for Rules object in Python (#4...
github.com
October 6, 2025 at 8:13 PM
Two things:
YARA-X 1.8.0 is out with some nice features if you use the various bindings and a bug fix involving an edge case in PE signatures. Congrats to all involved!
To be more useful I wrote a small PR to display filenames in console.log() output when using yr scan.
github.com/VirusTotal/y...
YARA-X 1.8.0 is out with some nice features if you use the various bindings and a bug fix involving an edge case in PE signatures. Congrats to all involved!
To be more useful I wrote a small PR to display filenames in console.log() output when using yr scan.
github.com/VirusTotal/y...
"the awesome thing about cisco equipment is that they run forever", sending me uptime...
sec.cloudapps.cisco.com/security/cen...
sec.cloudapps.cisco.com/security/cen...
Cisco Event Response: Continued Attacks Against Cisco Firewalls
sec.cloudapps.cisco.com
September 26, 2025 at 7:33 PM
"the awesome thing about cisco equipment is that they run forever", sending me uptime...
sec.cloudapps.cisco.com/security/cen...
sec.cloudapps.cisco.com/security/cen...
Reposted by kurt baumgartner
New: 404 Media is suing ICE. We have filed a lawsuit demanding ICE release its $2 million contract with Paragon, a company that makes powerful spyware to break into phones and read encrypted messages. This is expensive for a small outlet but this info is important
www.404media.co/were-suing-i...
www.404media.co/were-suing-i...
We’re Suing ICE for Its $2 Million Spyware Contract
404 Media has filed a lawsuit against ICE for access to its contract with Paragon, a company that sells powerful spyware for breaking into phones and accessing encrypted messaging apps.
www.404media.co
September 22, 2025 at 4:26 PM
New: 404 Media is suing ICE. We have filed a lawsuit demanding ICE release its $2 million contract with Paragon, a company that makes powerful spyware to break into phones and read encrypted messages. This is expensive for a small outlet but this info is important
www.404media.co/were-suing-i...
www.404media.co/were-suing-i...
Reposted by kurt baumgartner
A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster www.wired.com/story/jlr-ja...
A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster
The UK-based automaker has been forced to stop vehicle production as a result of the attack—costing JLR tens of millions of dollars and forcing its parts suppliers to lay off workers.
www.wired.com
September 22, 2025 at 11:09 PM
A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster www.wired.com/story/jlr-ja...
Jubair is charged with computer fraud conspiracy, two counts of computer fraud, wire fraud conspiracy, two counts of wire fraud, and money laundering conspiracy. If convicted, he faces a maximum penalty of 95 years in prison
www.justice.gov/opa/pr/unite...
www.justice.gov/opa/pr/unite...
United Kingdom National Charged in Connection with Multiple Cyber Attacks, Including on Critical Infrastructure
A complaint filed in the District of New Jersey was unsealed today charging Thalha Jubair, a United Kingdom national, with conspiracies to commit computer fraud, wire fraud, and money laundering, in r...
www.justice.gov
September 19, 2025 at 12:26 PM
Jubair is charged with computer fraud conspiracy, two counts of computer fraud, wire fraud conspiracy, two counts of wire fraud, and money laundering conspiracy. If convicted, he faces a maximum penalty of 95 years in prison
www.justice.gov/opa/pr/unite...
www.justice.gov/opa/pr/unite...
Reposted by kurt baumgartner
Congress Plays Keep-Away With Child’s School Lunch
Congress Plays Keep-Away With Child’s School Lunch
WASHINGTON—After entering a school cafeteria in D.C. and wrenching a brown paper bag from the hands of a small child, U.S. senators and representatives taunted a 7-year-old student and played keep-awa...
theonion.com
September 8, 2025 at 4:00 PM
Congress Plays Keep-Away With Child’s School Lunch
Reposted by kurt baumgartner
Rudy Giuliani Awarded Presidential Medal Of Incest
Rudy Giuliani Awarded Presidential Medal Of Incest
WASHINGTON—Lauded as a generational advocate for sexual contact between relatives, former New York City mayor and man who married his cousin Rudy Giuliani was awarded the Presidential Medal of Incest ...
theonion.com
September 7, 2025 at 4:00 PM
Rudy Giuliani Awarded Presidential Medal Of Incest
"about a billion downloads prior"
September 8, 2025 at 5:06 PM
"about a billion downloads prior"
Fahrenheit 45
Slightly diminish a book
20 Feet Under the Sea.
20 Feet Under the Sea.
Slightly diminish a book
The Hitchhiker’s Guide to the Solar System
The Hitchhiker’s Guide to the Solar System
September 8, 2025 at 5:47 AM
Fahrenheit 45
Eaton Corp employee convicted for deploying malicious code
www.justice.gov/usao-ndoh/pr...
www.justice.gov/usao-ndoh/pr...
Chinese National Sentenced to Prison for Deploying Destructive Computer Code on Ohio-based Company’s Global Network
A Chinese national who inflicted severe damage to the computer network systems of a global corporation where he was formerly employed has been sentenced to prison.
www.justice.gov
September 2, 2025 at 6:38 PM
Eaton Corp employee convicted for deploying malicious code
www.justice.gov/usao-ndoh/pr...
www.justice.gov/usao-ndoh/pr...
Reposted by kurt baumgartner
CYBERWARCON is coming!!! Registration and CFP are now open for this year's #CYBERWARCON! This year's keynote speaker will be @dmitri.silverado.org!!
We are back in Arlington, VA this year on November 19th.
www.cyberwarcon.com
We are back in Arlington, VA this year on November 19th.
www.cyberwarcon.com
CYBERWARCON
www.cyberwarcon.com
August 28, 2025 at 5:35 PM
CYBERWARCON is coming!!! Registration and CFP are now open for this year's #CYBERWARCON! This year's keynote speaker will be @dmitri.silverado.org!!
We are back in Arlington, VA this year on November 19th.
www.cyberwarcon.com
We are back in Arlington, VA this year on November 19th.
www.cyberwarcon.com
Reposted by kurt baumgartner
this anthropic report goes into great depth in its reporting, and is not avoiding tough discussion of claude misuse...
including, heh, "vibe hacking"
www-cdn.anthropic.com/b2a76c6f6992...
including, heh, "vibe hacking"
www-cdn.anthropic.com/b2a76c6f6992...
www-cdn.anthropic.com
August 27, 2025 at 7:02 PM
this anthropic report goes into great depth in its reporting, and is not avoiding tough discussion of claude misuse...
including, heh, "vibe hacking"
www-cdn.anthropic.com/b2a76c6f6992...
including, heh, "vibe hacking"
www-cdn.anthropic.com/b2a76c6f6992...
Reposted by kurt baumgartner
A 20-year-old Florida man at the center of a prolific cybercrime group known as “Scattered Spider” was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims.
Noah Michael Urban of Palm Coast, Fla […]
[Original post on infosec.exchange]
Noah Michael Urban of Palm Coast, Fla […]
[Original post on infosec.exchange]
August 21, 2025 at 2:48 AM
A 20-year-old Florida man at the center of a prolific cybercrime group known as “Scattered Spider” was sentenced to 10 years in federal prison today, and ordered to pay roughly $13 million in restitution to victims.
Noah Michael Urban of Palm Coast, Fla […]
[Original post on infosec.exchange]
Noah Michael Urban of Palm Coast, Fla […]
[Original post on infosec.exchange]