Silas Cutler
@silascutler.bsky.social
You may know me from your server logs.
#Malware, Hacks, Internet Scanning, #CTI
#Malware, Hacks, Internet Scanning, #CTI
Part 2 of @DomainTools research is out: Inside the Great Firewall Part 2: Technical Infrastructure
https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/
https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/
November 6, 2025 at 8:25 PM
Part 2 of @DomainTools research is out: Inside the Great Firewall Part 2: Technical Infrastructure
https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/
https://dti.domaintools.com/inside-the-great-firewall-part-2-technical-infrastructure/
Reposted by Silas Cutler
Interested in Jump The Wall? Applications close Nov 7 🔥
www.districtcon.org/jtw
www.districtcon.org/jtw
October 31, 2025 at 7:52 PM
Interested in Jump The Wall? Applications close Nov 7 🔥
www.districtcon.org/jtw
www.districtcon.org/jtw
New from @DomainTools: Inside the Great Firewall Part 1: The Dump
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
October 30, 2025 at 7:30 PM
New from @DomainTools: Inside the Great Firewall Part 1: The Dump
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/
Really cool story about the developer of ZeroAccess -
The ZeroAccess Developer and His Windows Kernel-Mode Debugger.
https://r136a1.dev/2025/10/28/zeroaccess-developer-and-his-kernelmode-debugger/
https://www.youtube.com/@alexshort1643
The ZeroAccess Developer and His Windows Kernel-Mode Debugger.
https://r136a1.dev/2025/10/28/zeroaccess-developer-and-his-kernelmode-debugger/
https://www.youtube.com/@alexshort1643
October 30, 2025 at 6:00 PM
Really cool story about the developer of ZeroAccess -
The ZeroAccess Developer and His Windows Kernel-Mode Debugger.
https://r136a1.dev/2025/10/28/zeroaccess-developer-and-his-kernelmode-debugger/
https://www.youtube.com/@alexshort1643
The ZeroAccess Developer and His Windows Kernel-Mode Debugger.
https://r136a1.dev/2025/10/28/zeroaccess-developer-and-his-kernelmode-debugger/
https://www.youtube.com/@alexshort1643
Reposted by Silas Cutler
It's getting close to being done - #BinYars a #YARA-X #BinaryNinja plugin! Still testing, but plan on open sourcing it for all to use.
Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 github.com/1337-42/Simp...
Video: Part 1 of 2
Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 github.com/1337-42/Simp...
Video: Part 1 of 2
October 24, 2025 at 8:22 AM
It's getting close to being done - #BinYars a #YARA-X #BinaryNinja plugin! Still testing, but plan on open sourcing it for all to use.
Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 github.com/1337-42/Simp...
Video: Part 1 of 2
Shout out to Remco Sprooten for making this tool (also shown in the video) for quickly drafting Yara rules 💪 github.com/1337-42/Simp...
Video: Part 1 of 2
Reposted by Silas Cutler
It did not. The reporter took the date on my original email about the planned malware release and assumed that the graphic was begun at the same time.
I sketched out a rough version of that with the PAO in like 15 minutes of brainstorming on a whiteboard. She then sent it to the graphic contractor.
I sketched out a rough version of that with the PAO in like 15 minutes of brainstorming on a whiteboard. She then sent it to the graphic contractor.
In 2020, U.S. Cyber Command wanted to create a 'meme' to mock Russian hacking attempts. Now, bear in mind that information warfare is part of their brief, and this is well within their skill set.
It took them 22 days to come up with *this*
It took them 22 days to come up with *this*
October 24, 2025 at 4:12 PM
It did not. The reporter took the date on my original email about the planned malware release and assumed that the graphic was begun at the same time.
I sketched out a rough version of that with the PAO in like 15 minutes of brainstorming on a whiteboard. She then sent it to the graphic contractor.
I sketched out a rough version of that with the PAO in like 15 minutes of brainstorming on a whiteboard. She then sent it to the graphic contractor.
New drop from the Three Buddy Problem: Apple’s iOS forensics freeze, WhatsApp zero-click, China outs NSA
https://securityconversations.com/episode/apples-ios-forensics-freeze-whatsapp-zero-click-china-outs-nsa/
https://securityconversations.com/episode/apples-ios-forensics-freeze-whatsapp-zero-click-china-outs-nsa/
October 24, 2025 at 7:41 PM
New drop from the Three Buddy Problem: Apple’s iOS forensics freeze, WhatsApp zero-click, China outs NSA
https://securityconversations.com/episode/apples-ios-forensics-freeze-whatsapp-zero-click-china-outs-nsa/
https://securityconversations.com/episode/apples-ios-forensics-freeze-whatsapp-zero-click-china-outs-nsa/
Unpacking the Oracle EBS Debacle: Industries, Geography, and MOVEit Comparisons #Cl0p
https://censys.com/blog/unpacking-the-oracle-ebs-debacle-industries-geography-and-moveit-comparisons
https://censys.com/blog/unpacking-the-oracle-ebs-debacle-industries-geography-and-moveit-comparisons
October 24, 2025 at 3:00 PM
Unpacking the Oracle EBS Debacle: Industries, Geography, and MOVEit Comparisons #Cl0p
https://censys.com/blog/unpacking-the-oracle-ebs-debacle-industries-geography-and-moveit-comparisons
https://censys.com/blog/unpacking-the-oracle-ebs-debacle-industries-geography-and-moveit-comparisons
Threat Intel: Lessons from the BlackBasta Ransomware Attack on C... https://blog.bushidotoken.net/2025/10/lessons-from-blackbasta-ransomware.html?spref=tw
October 23, 2025 at 3:00 PM
Threat Intel: Lessons from the BlackBasta Ransomware Attack on C... https://blog.bushidotoken.net/2025/10/lessons-from-blackbasta-ransomware.html?spref=tw
VTPRACTITIONERS{SEQRITE}: Tracking UNG0002, Silent Lynx and DragonClone
https://blog.virustotal.com/2025/10/virustotal-success-stories-seqrite.html
https://blog.virustotal.com/2025/10/virustotal-success-stories-seqrite.html
October 22, 2025 at 1:39 PM
VTPRACTITIONERS{SEQRITE}: Tracking UNG0002, Silent Lynx and DragonClone
https://blog.virustotal.com/2025/10/virustotal-success-stories-seqrite.html
https://blog.virustotal.com/2025/10/virustotal-success-stories-seqrite.html
I really like the categorization of incidents in @NCSC 's Annual review.
https://www.ncsc.gov.uk/files/ncsc-annual-review-2025.pdf
The framework was created in 2018, full breakdown is available at: https://www.ncsc.gov.uk/information/categorising-uk-cyber-incidents
https://www.ncsc.gov.uk/files/ncsc-annual-review-2025.pdf
The framework was created in 2018, full breakdown is available at: https://www.ncsc.gov.uk/information/categorising-uk-cyber-incidents
October 15, 2025 at 4:46 PM
I really like the categorization of incidents in @NCSC 's Annual review.
https://www.ncsc.gov.uk/files/ncsc-annual-review-2025.pdf
The framework was created in 2018, full breakdown is available at: https://www.ncsc.gov.uk/information/categorising-uk-cyber-incidents
https://www.ncsc.gov.uk/files/ncsc-annual-review-2025.pdf
The framework was created in 2018, full breakdown is available at: https://www.ncsc.gov.uk/information/categorising-uk-cyber-incidents
Reposted by Silas Cutler
Pop a house full of popcorn and get ready!
We're recording our next hacker movie podcast on REAL GENIUS tomorrow, with a very special guest. You can catch up on our first two episodes on SNEAKERS and WARGAMES on our YouTube channel!
youtube.com/@DecipherSec
youtube.com/@DecipherSec
Decipher
Official channel of Decipher, the independent source for cybersecurity news, interviews, and analysis. Editors Lindsey O'Donnell-Welch and Dennis Fisher are veteran journalists with a combined 35+ yea...
youtube.com
October 14, 2025 at 3:37 PM
Pop a house full of popcorn and get ready!
Reposted by Silas Cutler
𝗧𝗵𝗲 𝗖𝗿𝗼𝘄𝗻 𝗣𝗿𝗶𝗻𝗰𝗲, 𝗡𝗲𝘇𝗵𝗮: 𝗔 𝗡𝗲𝘄 𝗧𝗼𝗼𝗹 𝗙𝗮𝘃𝗼𝗿𝗲𝗱 𝗯𝘆 𝗖𝗵𝗶𝗻𝗮-𝗡𝗲𝘅𝘂𝘀 𝗧𝗵𝗿𝗲𝗮𝘁 𝗔𝗰𝘁𝗼𝗿𝘀
https://www.huntress.com/blog/nezha-china-nexus-threat-actor-tool
https://www.huntress.com/blog/nezha-china-nexus-threat-actor-tool
October 8, 2025 at 8:47 PM
𝗧𝗵𝗲 𝗖𝗿𝗼𝘄𝗻 𝗣𝗿𝗶𝗻𝗰𝗲, 𝗡𝗲𝘇𝗵𝗮: 𝗔 𝗡𝗲𝘄 𝗧𝗼𝗼𝗹 𝗙𝗮𝘃𝗼𝗿𝗲𝗱 𝗯𝘆 𝗖𝗵𝗶𝗻𝗮-𝗡𝗲𝘅𝘂𝘀 𝗧𝗵𝗿𝗲𝗮𝘁 𝗔𝗰𝘁𝗼𝗿𝘀
https://www.huntress.com/blog/nezha-china-nexus-threat-actor-tool
https://www.huntress.com/blog/nezha-china-nexus-threat-actor-tool
Interesting #OpenDir on #QuasarRat C2 server 185.208.159[.]161:8000 . The open web directory includes source code for a backdoor + misc development artifacts.
https://platform.censys.io/hosts/185.208.159.161
https://search.censys.io/hosts/185.208.159.161
#malware #thread 🧵
https://platform.censys.io/hosts/185.208.159.161
https://search.censys.io/hosts/185.208.159.161
#malware #thread 🧵
October 7, 2025 at 1:00 PM
Interesting #OpenDir on #QuasarRat C2 server 185.208.159[.]161:8000 . The open web directory includes source code for a backdoor + misc development artifacts.
https://platform.censys.io/hosts/185.208.159.161
https://search.censys.io/hosts/185.208.159.161
#malware #thread 🧵
https://platform.censys.io/hosts/185.208.159.161
https://search.censys.io/hosts/185.208.159.161
#malware #thread 🧵
AI video is getting better every day at beating KYC
OpenAI employees are very excited about how well their new AI tool can create fake videos of people doing crimes and have definitely thought through all the implications of this
October 1, 2025 at 3:01 AM
AI video is getting better every day at beating KYC
Wild to see Htran being used all these years later. cc: @joestewart.bsky.social
https://unit42.paloaltonetworks.com/phantom-taurus/
https://unit42.paloaltonetworks.com/phantom-taurus/
September 30, 2025 at 4:00 PM
Wild to see Htran being used all these years later. cc: @joestewart.bsky.social
https://unit42.paloaltonetworks.com/phantom-taurus/
https://unit42.paloaltonetworks.com/phantom-taurus/
Disallow: /security-research? Crypto Phishing Sites' Failed Attempt to Block Investigators
https://censys.com/blog/disallow-security-research-crypto-phishing-sites-failed-attempt-to-block-investigators
https://censys.com/blog/disallow-security-research-crypto-phishing-sites-failed-attempt-to-block-investigators
September 29, 2025 at 6:10 PM
Disallow: /security-research? Crypto Phishing Sites' Failed Attempt to Block Investigators
https://censys.com/blog/disallow-security-research-crypto-phishing-sites-failed-attempt-to-block-investigators
https://censys.com/blog/disallow-security-research-crypto-phishing-sites-failed-attempt-to-block-investigators
CFP for #DistrictCon closes tomorrow https://www.districtcon.org/cfp . Speakers set be announced on 20 October 2025
September 27, 2025 at 6:00 PM
CFP for #DistrictCon closes tomorrow https://www.districtcon.org/cfp . Speakers set be announced on 20 October 2025
Updated post from GreyNoise about Cisco ASA vuln
https://www.greynoise.io/blog/scanning-surge-cisco-asa-devices
https://www.greynoise.io/blog/scanning-surge-cisco-asa-devices
September 26, 2025 at 7:31 PM
Updated post from GreyNoise about Cisco ASA vuln
https://www.greynoise.io/blog/scanning-surge-cisco-asa-devices
https://www.greynoise.io/blog/scanning-surge-cisco-asa-devices
September 21, 2025 at 4:00 PM
September 16, 2025 at 1:00 PM
Reposted by Silas Cutler
A small rant on the contemporary Zeitgeist for the weekend. Fuck 996. lucumr.pocoo.org/2025/9/4/996/
996
There is cost to your lifestyle.
lucumr.pocoo.org
September 6, 2025 at 12:48 PM
A small rant on the contemporary Zeitgeist for the weekend. Fuck 996. lucumr.pocoo.org/2025/9/4/996/
Reposted by Silas Cutler
SAVE THE DATE: the 3rd annual #CyberPolicyAwards will be held on Feb. 5 2026 at the National Press Club in DC! IST is proud to present another year of the premier gathering of the U.S. cyber community & key international partners to recognize those who have driven progress.
🏆 Register for updates:
🏆 Register for updates:
Third Annual Cyber Policy Awards
Save the Date to join IST for the Third Annual Cyber Policy Awards in February 2026.
securityandtechnology.org
September 5, 2025 at 6:02 PM
SAVE THE DATE: the 3rd annual #CyberPolicyAwards will be held on Feb. 5 2026 at the National Press Club in DC! IST is proud to present another year of the premier gathering of the U.S. cyber community & key international partners to recognize those who have driven progress.
🏆 Register for updates:
🏆 Register for updates: