Silas Cutler
@silascutler.bsky.social
You may know me from your server logs.
#Malware, Hacks, Internet Scanning, #CTI
#Malware, Hacks, Internet Scanning, #CTI
Reposted by Silas Cutler
How do you track DDoS infrastructure when C2 servers rarely last a day?
@vtx-savage.bsky.social and @silascutler.bsky.social are breaking down real-world DDoSia hunting using the Synapse-Censys Power-Up in our next webinar.
vertex.link/events/censy...
@vtx-savage.bsky.social and @silascutler.bsky.social are breaking down real-world DDoSia hunting using the Synapse-Censys Power-Up in our next webinar.
vertex.link/events/censy...
January 21, 2026 at 3:30 PM
How do you track DDoS infrastructure when C2 servers rarely last a day?
@vtx-savage.bsky.social and @silascutler.bsky.social are breaking down real-world DDoSia hunting using the Synapse-Censys Power-Up in our next webinar.
vertex.link/events/censy...
@vtx-savage.bsky.social and @silascutler.bsky.social are breaking down real-world DDoSia hunting using the Synapse-Censys Power-Up in our next webinar.
vertex.link/events/censy...
Join me next week at the @SANSInstitute #CTISummit in Arlington, VA where I'll be presenting on an operation against the infostealer #Rhadamanthys from early in its development.
Register @ https://www.sans.org/u/1CtB
Register @ https://www.sans.org/u/1CtB
January 20, 2026 at 8:00 PM
Join me next week at the @SANSInstitute #CTISummit in Arlington, VA where I'll be presenting on an operation against the infostealer #Rhadamanthys from early in its development.
Register @ https://www.sans.org/u/1CtB
Register @ https://www.sans.org/u/1CtB
Reposted by Silas Cutler
We're hosting a webinar with @censys.bsky.social! Attackers can rotate infrastructure faster than threat hunters can keep up. Learn how defenders can pivot from indicators to infrastructure-centric intelligence.
@vtx-savage.bsky.social + @silascutler.bsky.social
vertex.link/events/censy...
@vtx-savage.bsky.social + @silascutler.bsky.social
vertex.link/events/censy...
January 8, 2026 at 7:04 PM
We're hosting a webinar with @censys.bsky.social! Attackers can rotate infrastructure faster than threat hunters can keep up. Learn how defenders can pivot from indicators to infrastructure-centric intelligence.
@vtx-savage.bsky.social + @silascutler.bsky.social
vertex.link/events/censy...
@vtx-savage.bsky.social + @silascutler.bsky.social
vertex.link/events/censy...
Come see me talk at the @SANSInstitute #CTISummit in Arlington, VA about the infostealer #Rhadamanthys during its early development.
https://www.sans.org/u/1CtB
https://www.sans.org/u/1CtB
January 6, 2026 at 4:00 PM
Come see me talk at the @SANSInstitute #CTISummit in Arlington, VA about the infostealer #Rhadamanthys during its early development.
https://www.sans.org/u/1CtB
https://www.sans.org/u/1CtB
Reposted by Silas Cutler
Critical MongoDB Uninitialized Memory Disclosure Vulnerability [CVE-2025-14847] #MongoBleed
From Censys scanning, we're seeing around 87,000 possibly vulnerable hosts
https://censys.com/advisory/cve-2025-14847
From Censys scanning, we're seeing around 87,000 possibly vulnerable hosts
https://censys.com/advisory/cve-2025-14847
December 29, 2025 at 6:32 PM
Critical MongoDB Uninitialized Memory Disclosure Vulnerability [CVE-2025-14847] #MongoBleed
From Censys scanning, we're seeing around 87,000 possibly vulnerable hosts
https://censys.com/advisory/cve-2025-14847
From Censys scanning, we're seeing around 87,000 possibly vulnerable hosts
https://censys.com/advisory/cve-2025-14847
Reposted by Silas Cutler
ColdFusion++ Christmas Campaign: Catching a Coordinated Callback Calamity
https://www.labs.greynoise.io/grimoire/2025-12-26-coldfusion/
https://www.labs.greynoise.io/grimoire/2025-12-26-coldfusion/
December 26, 2025 at 3:51 PM
ColdFusion++ Christmas Campaign: Catching a Coordinated Callback Calamity
https://www.labs.greynoise.io/grimoire/2025-12-26-coldfusion/
https://www.labs.greynoise.io/grimoire/2025-12-26-coldfusion/
Some unusual #CobaltStrike activity we observed at Censys before the holiday. At the start of December, we saw a spike in CobaltStrike in AS138415 followed by a matching spike two days after on AS133199.
Report: https://censys.com/blog/recap-of-a-suspicious-surge-in-cobalt-strike
Report: https://censys.com/blog/recap-of-a-suspicious-surge-in-cobalt-strike
December 23, 2025 at 7:15 PM
Some unusual #CobaltStrike activity we observed at Censys before the holiday. At the start of December, we saw a spike in CobaltStrike in AS138415 followed by a matching spike two days after on AS133199.
Report: https://censys.com/blog/recap-of-a-suspicious-surge-in-cobalt-strike
Report: https://censys.com/blog/recap-of-a-suspicious-surge-in-cobalt-strike
I'm speaking at the @SANSInstitute #CTISummit on an operation against #Rhadamanthys years before #OperationEndgame.
https://www.sans.org/u/1CtB
https://www.sans.org/u/1CtB
December 23, 2025 at 7:00 PM
I'm speaking at the @SANSInstitute #CTISummit on an operation against #Rhadamanthys years before #OperationEndgame.
https://www.sans.org/u/1CtB
https://www.sans.org/u/1CtB
Reposted by Silas Cutler
Scoop: The lone employee behind CISA's Pre-Ransomware Notification Initiative resigned on Friday rather than take a forced reassignment to FEMA.
CISA says PRNI will continue, but sources said David Stern's loss will be a major setback for it.
My story: www.cybersecuritydive.com/news/cisa-ra...
CISA says PRNI will continue, but sources said David Stern's loss will be a major setback for it.
My story: www.cybersecuritydive.com/news/cisa-ra...
December 23, 2025 at 3:50 PM
Scoop: The lone employee behind CISA's Pre-Ransomware Notification Initiative resigned on Friday rather than take a forced reassignment to FEMA.
CISA says PRNI will continue, but sources said David Stern's loss will be a major setback for it.
My story: www.cybersecuritydive.com/news/cisa-ra...
CISA says PRNI will continue, but sources said David Stern's loss will be a major setback for it.
My story: www.cybersecuritydive.com/news/cisa-ra...
Reposted by Silas Cutler
I’m old enough to remember when CBS News would never have surrendered to a demagogic president or any other politician. Remember Edward R. Murrow?
December 22, 2025 at 6:01 PM
I’m old enough to remember when CBS News would never have surrendered to a demagogic president or any other politician. Remember Edward R. Murrow?
For anyone looking to optimize their news feeds, I've been using Miniflux (https://miniflux.app/) as an RSS reader for the past few years.
Recently I found it also works well for tracking newly released mechanical keyboards.
Recently I found it also works well for tracking newly released mechanical keyboards.
December 19, 2025 at 6:54 PM
For anyone looking to optimize their news feeds, I've been using Miniflux (https://miniflux.app/) as an RSS reader for the past few years.
Recently I found it also works well for tracking newly released mechanical keyboards.
Recently I found it also works well for tracking newly released mechanical keyboards.
Reposted by Silas Cutler
#DistillingCyber podcast is back with a special episode featuring Stacy O'Mara & Leonard Bailey.
Tune in to explore whether offensive cyber operations should be used to counter cyber threats — if so, who should be authorized to carry them out? www.centerforcybersecuritypolicy.org/insights-and...
Tune in to explore whether offensive cyber operations should be used to counter cyber threats — if so, who should be authorized to carry them out? www.centerforcybersecuritypolicy.org/insights-and...
December 19, 2025 at 5:22 PM
#DistillingCyber podcast is back with a special episode featuring Stacy O'Mara & Leonard Bailey.
Tune in to explore whether offensive cyber operations should be used to counter cyber threats — if so, who should be authorized to carry them out? www.centerforcybersecuritypolicy.org/insights-and...
Tune in to explore whether offensive cyber operations should be used to counter cyber threats — if so, who should be authorized to carry them out? www.centerforcybersecuritypolicy.org/insights-and...
https://unpromptedcon.org/
Con: 3-4 March 2026
CFP closes 28 January 2026, Submit at https://sessionize.com/unprompted-the-ai-security-practitio/
Con: 3-4 March 2026
CFP closes 28 January 2026, Submit at https://sessionize.com/unprompted-the-ai-security-practitio/
December 19, 2025 at 3:04 PM
https://unpromptedcon.org/
Con: 3-4 March 2026
CFP closes 28 January 2026, Submit at https://sessionize.com/unprompted-the-ai-security-practitio/
Con: 3-4 March 2026
CFP closes 28 January 2026, Submit at https://sessionize.com/unprompted-the-ai-security-practitio/
NoName057(16) are still active despite last week's DOJ indictment. We looked into how their DDoSia platform works:
https://censys.com/blog/ddosia-infrastructure
https://censys.com/blog/ddosia-infrastructure
December 16, 2025 at 3:00 PM
NoName057(16) are still active despite last week's DOJ indictment. We looked into how their DDoSia platform works:
https://censys.com/blog/ddosia-infrastructure
https://censys.com/blog/ddosia-infrastructure
I'm sorry if I'm behind on replying to email. I'm at this point for reference
December 3, 2025 at 1:27 AM
I'm sorry if I'm behind on replying to email. I'm at this point for reference
Reposted by Silas Cutler
New threat, Kazu ransomware. @ecrime.ch has new information on this threat actor. Kazu has claimed ~35 mostly public sector victims across Latin America, the Middle East, and Asia. 👀 cc @gate15.bsky.social @ransomwaresommelier.com @silascutler.bsky.social #cybersecurity #ransomware
New claim on the shame-site for #ransomware / #datatheft group #Kazu.
Organization: Department of Agricultural Extension
Location: #Thailand
Industry: #GovernmentAdministration
Staff: 10,001+ employees
Learn more: https://ecrime.ch/
Organization: Department of Agricultural Extension
Location: #Thailand
Industry: #GovernmentAdministration
Staff: 10,001+ employees
Learn more: https://ecrime.ch/
November 12, 2025 at 11:38 AM
New threat, Kazu ransomware. @ecrime.ch has new information on this threat actor. Kazu has claimed ~35 mostly public sector victims across Latin America, the Middle East, and Asia. 👀 cc @gate15.bsky.social @ransomwaresommelier.com @silascutler.bsky.social #cybersecurity #ransomware
Part 2 of @DomainTools research is out: Inside the Great Firewall Part 2: Technical Infrastructure
https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/
https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/
November 6, 2025 at 8:25 PM
Part 2 of @DomainTools research is out: Inside the Great Firewall Part 2: Technical Infrastructure
https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/
https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/
Reposted by Silas Cutler
Interested in Jump The Wall? Applications close Nov 7 🔥
www.districtcon.org/jtw
www.districtcon.org/jtw
October 31, 2025 at 7:52 PM
Interested in Jump The Wall? Applications close Nov 7 🔥
www.districtcon.org/jtw
www.districtcon.org/jtw
New from @DomainTools: Inside the Great Firewall Part 1: The Dump
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
October 30, 2025 at 7:30 PM
New from @DomainTools: Inside the Great Firewall Part 1: The Dump
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
Really cool story about the developer of ZeroAccess -
The ZeroAccess Developer and His Windows Kernel-Mode Debugger.
https://r136a1.dev/2025/10/28/zeroaccess-developer-and-his-kernelmode-debugger/
https://www.youtube.com/@alexshort1643
The ZeroAccess Developer and His Windows Kernel-Mode Debugger.
https://r136a1.dev/2025/10/28/zeroaccess-developer-and-his-kernelmode-debugger/
https://www.youtube.com/@alexshort1643
October 30, 2025 at 6:00 PM
Really cool story about the developer of ZeroAccess -
The ZeroAccess Developer and His Windows Kernel-Mode Debugger.
https://r136a1.dev/2025/10/28/zeroaccess-developer-and-his-kernelmode-debugger/
https://www.youtube.com/@alexshort1643
The ZeroAccess Developer and His Windows Kernel-Mode Debugger.
https://r136a1.dev/2025/10/28/zeroaccess-developer-and-his-kernelmode-debugger/
https://www.youtube.com/@alexshort1643
Reposted by Silas Cutler
It's getting close to being done - #BinYars a #YARA-X #BinaryNinja plugin! Still testing, but plan on open sourcing it for all to use.
Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 github.com/1337-42/Simp...
Video: Part 1 of 2
Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 github.com/1337-42/Simp...
Video: Part 1 of 2
October 24, 2025 at 8:22 AM
It's getting close to being done - #BinYars a #YARA-X #BinaryNinja plugin! Still testing, but plan on open sourcing it for all to use.
Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 github.com/1337-42/Simp...
Video: Part 1 of 2
Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 github.com/1337-42/Simp...
Video: Part 1 of 2
Reposted by Silas Cutler
It did not. The reporter took the date on my original email about the planned malware release and assumed that the graphic was begun at the same time.
I sketched out a rough version of that with the PAO in like 15 minutes of brainstorming on a whiteboard. She then sent it to the graphic contractor.
I sketched out a rough version of that with the PAO in like 15 minutes of brainstorming on a whiteboard. She then sent it to the graphic contractor.
In 2020, U.S. Cyber Command wanted to create a 'meme' to mock Russian hacking attempts. Now, bear in mind that information warfare is part of their brief, and this is well within their skill set.
It took them 22 days to come up with *this*
It took them 22 days to come up with *this*
October 24, 2025 at 4:12 PM
It did not. The reporter took the date on my original email about the planned malware release and assumed that the graphic was begun at the same time.
I sketched out a rough version of that with the PAO in like 15 minutes of brainstorming on a whiteboard. She then sent it to the graphic contractor.
I sketched out a rough version of that with the PAO in like 15 minutes of brainstorming on a whiteboard. She then sent it to the graphic contractor.
New drop from the Three Buddy Problem: Apple’s iOS forensics freeze, WhatsApp zero-click, China outs NSA
https://securityconversations.com/episode/apples-ios-forensics-freeze-whatsapp-zero-click-china-outs-nsa/
https://securityconversations.com/episode/apples-ios-forensics-freeze-whatsapp-zero-click-china-outs-nsa/
October 24, 2025 at 7:41 PM
New drop from the Three Buddy Problem: Apple’s iOS forensics freeze, WhatsApp zero-click, China outs NSA
https://securityconversations.com/episode/apples-ios-forensics-freeze-whatsapp-zero-click-china-outs-nsa/
https://securityconversations.com/episode/apples-ios-forensics-freeze-whatsapp-zero-click-china-outs-nsa/