Adrian Luca
@adrianluca.bsky.social
Security Test & Threat intelligence Engineer
@virusbtn.bsky.social
@virusbtn.bsky.social
Reposted by Adrian Luca
We are thrilled to officially announce that VB2026 will take place in the vibrant city of Seville, Spain, from 30 September to 2 October 2026.
More details coming soon on the venue, call for papers, sponsorship opportunities, and how to join us.
Can't wait to see you there!
More details coming soon on the venue, call for papers, sponsorship opportunities, and how to join us.
Can't wait to see you there!
October 1, 2025 at 1:41 PM
We are thrilled to officially announce that VB2026 will take place in the vibrant city of Seville, Spain, from 30 September to 2 October 2026.
More details coming soon on the venue, call for papers, sponsorship opportunities, and how to join us.
Can't wait to see you there!
More details coming soon on the venue, call for papers, sponsorship opportunities, and how to join us.
Can't wait to see you there!
Reposted by Adrian Luca
My intermediate level malware analysis course is there.
60% off for the next two weeks.
malwareanalysis-for-hedgehogs.learnworlds.com/course/inter...
60% off for the next two weeks.
malwareanalysis-for-hedgehogs.learnworlds.com/course/inter...
Malware Analysis - Intermediate Level
Signature writing, deobfuscation, dynamic API resolving, syscalls, hooking, shellcode analysis and more
malwareanalysis-for-hedgehogs.learnworlds.com
September 1, 2025 at 3:17 PM
My intermediate level malware analysis course is there.
60% off for the next two weeks.
malwareanalysis-for-hedgehogs.learnworlds.com/course/inter...
60% off for the next two weeks.
malwareanalysis-for-hedgehogs.learnworlds.com/course/inter...
Reposted by Adrian Luca
In a new Bulletin article, Dr Sarah Gordon calls for a shift not just in how AI systems are secured, but in how we design them, as well as acknowledgement of emotional simulation as a distinct attack vector. www.virusbulletin.com/virusbulleti...
August 20, 2025 at 12:57 PM
In a new Bulletin article, Dr Sarah Gordon calls for a shift not just in how AI systems are secured, but in how we design them, as well as acknowledgement of emotional simulation as a distinct attack vector. www.virusbulletin.com/virusbulleti...
Reposted by Adrian Luca
Our team @silentpush just dropped a definitive look at SocGholish (operated by TA569) and the initial access broker ecosystem they are facilitating. Big thanks to past researchers who have worked on SocGholish! We've got details about our visibility @ www.silentpush.com/blog/socghol... 🖖🏻
August 6, 2025 at 7:49 PM
Our team @silentpush just dropped a definitive look at SocGholish (operated by TA569) and the initial access broker ecosystem they are facilitating. Big thanks to past researchers who have worked on SocGholish! We've got details about our visibility @ www.silentpush.com/blog/socghol... 🖖🏻
Reposted by Adrian Luca
Compromised travel agency in Sri Lanka 🇱🇰 spreading fake Royal Air Maroc ✈️🇲🇦emails with a weaponized PDF 📄 that leads to a rogue ConnectWise ScreenConnect download 🔥
➡️ hunting.abuse.ch/hunt/6890d35...
Payload delivery URL + botnet C2 are hosted at 51.89.204 .89 (StarkRDP 🇩🇪)
➡️ hunting.abuse.ch/hunt/6890d35...
Payload delivery URL + botnet C2 are hosted at 51.89.204 .89 (StarkRDP 🇩🇪)
August 4, 2025 at 4:08 PM
Compromised travel agency in Sri Lanka 🇱🇰 spreading fake Royal Air Maroc ✈️🇲🇦emails with a weaponized PDF 📄 that leads to a rogue ConnectWise ScreenConnect download 🔥
➡️ hunting.abuse.ch/hunt/6890d35...
Payload delivery URL + botnet C2 are hosted at 51.89.204 .89 (StarkRDP 🇩🇪)
➡️ hunting.abuse.ch/hunt/6890d35...
Payload delivery URL + botnet C2 are hosted at 51.89.204 .89 (StarkRDP 🇩🇪)
Reposted by Adrian Luca
CISA has released Thorium, a malware analysis platform
www.cisa.gov/resources-to...
Also on GitHub: github.com/cisagov/thor...
www.cisa.gov/resources-to...
Also on GitHub: github.com/cisagov/thor...
July 31, 2025 at 6:11 PM
CISA has released Thorium, a malware analysis platform
www.cisa.gov/resources-to...
Also on GitHub: github.com/cisagov/thor...
www.cisa.gov/resources-to...
Also on GitHub: github.com/cisagov/thor...
Reposted by Adrian Luca
We've observed an interesting infection chain ⛓️ in the wild, starting with #LummaStealer spread through a fake gaming website and resulting in #Latrodectus and #SectopRat 🪲🔍👀
See below for more...
See below for more...
July 31, 2025 at 11:54 AM
We've observed an interesting infection chain ⛓️ in the wild, starting with #LummaStealer spread through a fake gaming website and resulting in #Latrodectus and #SectopRat 🪲🔍👀
See below for more...
See below for more...
Reposted by Adrian Luca
Leading security companies are sending their teams to #VB2025, and not without reason.
Research-first content, real-world relevance, and networking that actually helps.
📍 Berlin | 24–26 Sept
See the top 5 reasons in our blog post 👇 tinyurl.com/26n6t6ye
Research-first content, real-world relevance, and networking that actually helps.
📍 Berlin | 24–26 Sept
See the top 5 reasons in our blog post 👇 tinyurl.com/26n6t6ye
July 25, 2025 at 12:23 PM
Leading security companies are sending their teams to #VB2025, and not without reason.
Research-first content, real-world relevance, and networking that actually helps.
📍 Berlin | 24–26 Sept
See the top 5 reasons in our blog post 👇 tinyurl.com/26n6t6ye
Research-first content, real-world relevance, and networking that actually helps.
📍 Berlin | 24–26 Sept
See the top 5 reasons in our blog post 👇 tinyurl.com/26n6t6ye
Reposted by Adrian Luca
2025-07-15 (Tuesday): Some different IOCs from the #SmartApeSG #ClickFix page today.
warpdrive[.]top <-- domain used for SmartAgeSG injected script and to display ClickFix page.
sos-atlanta[.]com <-- domain from script injected into clipboard and to retrieve #NetSupportRAT malware package
warpdrive[.]top <-- domain used for SmartAgeSG injected script and to display ClickFix page.
sos-atlanta[.]com <-- domain from script injected into clipboard and to retrieve #NetSupportRAT malware package
July 15, 2025 at 7:18 PM
2025-07-15 (Tuesday): Some different IOCs from the #SmartApeSG #ClickFix page today.
warpdrive[.]top <-- domain used for SmartAgeSG injected script and to display ClickFix page.
sos-atlanta[.]com <-- domain from script injected into clipboard and to retrieve #NetSupportRAT malware package
warpdrive[.]top <-- domain used for SmartAgeSG injected script and to display ClickFix page.
sos-atlanta[.]com <-- domain from script injected into clipboard and to retrieve #NetSupportRAT malware package
Reposted by Adrian Luca
A programming fact that still amazes me is that the HTTP header which containers the referring url is called "referer", because the developer spelt "referrer" wrong and the spell checker didn't catch it, so it made it into the official standards and they just never changed it lmao
July 11, 2025 at 5:45 AM
A programming fact that still amazes me is that the HTTP header which containers the referring url is called "referer", because the developer spelt "referrer" wrong and the spell checker didn't catch it, so it made it into the official standards and they just never changed it lmao
Reposted by Adrian Luca
After years of dominance in #ESET’s top #infostealer statistics, the era of #AgentTesla has come to an end. It finished H1 2025 in fourth place, its numbers having decreased by 57%. The reason? It is no longer under active development. 1/4
July 9, 2025 at 12:12 PM
After years of dominance in #ESET’s top #infostealer statistics, the era of #AgentTesla has come to an end. It finished H1 2025 in fourth place, its numbers having decreased by 57%. The reason? It is no longer under active development. 1/4
Reposted by Adrian Luca
I'm thrilled to be speaking at #VB2025 this September in Berlin! My talk will focus on TAG-124, a widespread traffic distribution system, and its role in the cybercriminal ecosystem, with a particular emphasis on its link to ransomware operations! 👉 tinyurl.com/3hurr52m
June 16, 2025 at 7:15 AM
I'm thrilled to be speaking at #VB2025 this September in Berlin! My talk will focus on TAG-124, a widespread traffic distribution system, and its role in the cybercriminal ecosystem, with a particular emphasis on its link to ransomware operations! 👉 tinyurl.com/3hurr52m
Reposted by Adrian Luca
-CoinMarketCap hacked via animated logo
-White House rejects NSA & CyberCom nomination
-FCC probes US Cyber Trust Mark program
-Cyberattack disrupts Russian animal processing industry
-Iran hacks Albania's capital Tirana
Podcast: risky.biz/RBNEWS441/
Newsletter: news.risky.biz/risky-bullet...
-White House rejects NSA & CyberCom nomination
-FCC probes US Cyber Trust Mark program
-Cyberattack disrupts Russian animal processing industry
-Iran hacks Albania's capital Tirana
Podcast: risky.biz/RBNEWS441/
Newsletter: news.risky.biz/risky-bullet...
June 23, 2025 at 7:48 AM
-CoinMarketCap hacked via animated logo
-White House rejects NSA & CyberCom nomination
-FCC probes US Cyber Trust Mark program
-Cyberattack disrupts Russian animal processing industry
-Iran hacks Albania's capital Tirana
Podcast: risky.biz/RBNEWS441/
Newsletter: news.risky.biz/risky-bullet...
-White House rejects NSA & CyberCom nomination
-FCC probes US Cyber Trust Mark program
-Cyberattack disrupts Russian animal processing industry
-Iran hacks Albania's capital Tirana
Podcast: risky.biz/RBNEWS441/
Newsletter: news.risky.biz/risky-bullet...
Reposted by Adrian Luca
2025-06-18 (Wed): #SmartApeSG --> #ClickFix lure --> #NetSupportRAT --> #StealCv2
A #pcap of the traffic, the malware/artifacts, and some IOCs are available at www.malware-traffic-analysis.net/2025/06/18/i....
Today's the 12th anniversary of my blog, so I made this post a bit more old school.
A #pcap of the traffic, the malware/artifacts, and some IOCs are available at www.malware-traffic-analysis.net/2025/06/18/i....
Today's the 12th anniversary of my blog, so I made this post a bit more old school.
June 19, 2025 at 4:23 AM
2025-06-18 (Wed): #SmartApeSG --> #ClickFix lure --> #NetSupportRAT --> #StealCv2
A #pcap of the traffic, the malware/artifacts, and some IOCs are available at www.malware-traffic-analysis.net/2025/06/18/i....
Today's the 12th anniversary of my blog, so I made this post a bit more old school.
A #pcap of the traffic, the malware/artifacts, and some IOCs are available at www.malware-traffic-analysis.net/2025/06/18/i....
Today's the 12th anniversary of my blog, so I made this post a bit more old school.
Reposted by Adrian Luca
We published the VBSpam Q2 2025 report: All tested solutions demonstrated robust performance, achieving spam catch rates exceeding 90%, underscoring the general maturity of spam detection capabilities.
June 18, 2025 at 10:03 AM
We published the VBSpam Q2 2025 report: All tested solutions demonstrated robust performance, achieving spam catch rates exceeding 90%, underscoring the general maturity of spam detection capabilities.
Reposted by Adrian Luca
New, by me: A Dark Adtech Empire Fed by Fake CAPTCHAs
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising […]
[Original post on infosec.exchange]
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising […]
[Original post on infosec.exchange]
June 12, 2025 at 11:53 PM
New, by me: A Dark Adtech Empire Fed by Fake CAPTCHAs
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising […]
[Original post on infosec.exchange]
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising […]
[Original post on infosec.exchange]
Reposted by Adrian Luca
For those of you looking for privacy and security focused European DNA provider then you should look at the @enisa_eu@respublicae.eu supported DNS4EU service that has been recently launched.
#cybersecurity #EU #Privacy #DataSovereignty
www.joindns4.eu
#cybersecurity #EU #Privacy #DataSovereignty
www.joindns4.eu
Official site of the DNS4EU project
Join DNS4EU, an EU initiative providing secure, private, and reliable DNS services for users across Europe. Safeguard your online experience with DNS solutions that prioritise privacy, data protection...
www.joindns4.eu
June 9, 2025 at 1:15 PM
For those of you looking for privacy and security focused European DNA provider then you should look at the @enisa_eu@respublicae.eu supported DNS4EU service that has been recently launched.
#cybersecurity #EU #Privacy #DataSovereignty
www.joindns4.eu
#cybersecurity #EU #Privacy #DataSovereignty
www.joindns4.eu
Reposted by Adrian Luca
These were the last technical tests before the beginning of #botconf2025...
and we have started with a live broadcast at https://www.youtube.com/BotconfTV
and we have started with a live broadcast at https://www.youtube.com/BotconfTV
May 21, 2025 at 9:34 AM
These were the last technical tests before the beginning of #botconf2025...
and we have started with a live broadcast at https://www.youtube.com/BotconfTV
and we have started with a live broadcast at https://www.youtube.com/BotconfTV
Reposted by Adrian Luca
And hashtag#Botconf2025 is back online with the second day of our main conference. You can follow many talks live by reaching this link
https://youtube.com/playlist?list=PL8fFmUArVzKjMgBjO4EQ-O_7U8ok3C-06
https://youtube.com/playlist?list=PL8fFmUArVzKjMgBjO4EQ-O_7U8ok3C-06
May 22, 2025 at 7:14 AM
And hashtag#Botconf2025 is back online with the second day of our main conference. You can follow many talks live by reaching this link
https://youtube.com/playlist?list=PL8fFmUArVzKjMgBjO4EQ-O_7U8ok3C-06
https://youtube.com/playlist?list=PL8fFmUArVzKjMgBjO4EQ-O_7U8ok3C-06
Reposted by Adrian Luca
Inflobox researchers Jacques Portal & Renée Burton look into Hazy Hawk, an actor that hijacks abandoned cloud resources of high-profile organizations. The hijacked domains are used to host large numbers of URLs that send users to scams & malware via different TDSs. blogs.infoblox.com/threat-intel...
May 21, 2025 at 10:48 AM
Inflobox researchers Jacques Portal & Renée Burton look into Hazy Hawk, an actor that hijacks abandoned cloud resources of high-profile organizations. The hijacked domains are used to host large numbers of URLs that send users to scams & malware via different TDSs. blogs.infoblox.com/threat-intel...
Reposted by Adrian Luca
Have you ever wanted to read a 215-page report on Doppelganger, the Russian disinformation group? Now's your chance!
mpf.se/psychologica...
mpf.se/psychologica...
May 18, 2025 at 9:57 AM
Have you ever wanted to read a 215-page report on Doppelganger, the Russian disinformation group? Now's your chance!
mpf.se/psychologica...
mpf.se/psychologica...
Reposted by Adrian Luca
🚨 The wait is over — the full program of briefings for the Honeynet Project Workshop 2025 in Prague is now live! 🎉
📍 NTK, Prague
🗓 June 2–4, 2025
👉 Register today: prague2025.honeynet.org/program/
#honeynet2025 #cybersecurity #infosec #deception #cyberdeception #TI #TTPs #Malware
📍 NTK, Prague
🗓 June 2–4, 2025
👉 Register today: prague2025.honeynet.org/program/
#honeynet2025 #cybersecurity #infosec #deception #cyberdeception #TI #TTPs #Malware
May 14, 2025 at 12:59 PM
🚨 The wait is over — the full program of briefings for the Honeynet Project Workshop 2025 in Prague is now live! 🎉
📍 NTK, Prague
🗓 June 2–4, 2025
👉 Register today: prague2025.honeynet.org/program/
#honeynet2025 #cybersecurity #infosec #deception #cyberdeception #TI #TTPs #Malware
📍 NTK, Prague
🗓 June 2–4, 2025
👉 Register today: prague2025.honeynet.org/program/
#honeynet2025 #cybersecurity #infosec #deception #cyberdeception #TI #TTPs #Malware
Reposted by Adrian Luca
Join us in the heart of Berlin for #VB2025!
The JW Marriott offers premium space, top networking, and is
steps from Tiergarten & the Brandenburg Gate.
More info coming soon!
🗓️ 24–26 Sept 2025
📍JW Marriott Berlin
➡️ tinyurl.com/y95v38wz
#Cybersecurity #Berlin
The JW Marriott offers premium space, top networking, and is
steps from Tiergarten & the Brandenburg Gate.
More info coming soon!
🗓️ 24–26 Sept 2025
📍JW Marriott Berlin
➡️ tinyurl.com/y95v38wz
#Cybersecurity #Berlin
April 16, 2025 at 1:00 PM
Join us in the heart of Berlin for #VB2025!
The JW Marriott offers premium space, top networking, and is
steps from Tiergarten & the Brandenburg Gate.
More info coming soon!
🗓️ 24–26 Sept 2025
📍JW Marriott Berlin
➡️ tinyurl.com/y95v38wz
#Cybersecurity #Berlin
The JW Marriott offers premium space, top networking, and is
steps from Tiergarten & the Brandenburg Gate.
More info coming soon!
🗓️ 24–26 Sept 2025
📍JW Marriott Berlin
➡️ tinyurl.com/y95v38wz
#Cybersecurity #Berlin
Reposted by Adrian Luca
VIGINUM publie un rapport sur les activités de Storm-1516, un mode opératoire informationnel russe susceptible d’affecter le débat public francophone et européen.
Ce rapport s'appuie sur l'analyse de 77 opérations informationnelles conduites par Storm-1516 ➡️ www.sgdsn.gouv.fr/publications...
Ce rapport s'appuie sur l'analyse de 77 opérations informationnelles conduites par Storm-1516 ➡️ www.sgdsn.gouv.fr/publications...
May 7, 2025 at 8:22 AM
VIGINUM publie un rapport sur les activités de Storm-1516, un mode opératoire informationnel russe susceptible d’affecter le débat public francophone et européen.
Ce rapport s'appuie sur l'analyse de 77 opérations informationnelles conduites par Storm-1516 ➡️ www.sgdsn.gouv.fr/publications...
Ce rapport s'appuie sur l'analyse de 77 opérations informationnelles conduites par Storm-1516 ➡️ www.sgdsn.gouv.fr/publications...
Reposted by Adrian Luca
The wait is over: The VB2025 programme is here.
Three days of bold ideas, sharp minds, and real-world security insight.
👀 Tickets? Coming very soon.
🗓️ 24–26 September 2025
📍JW Marriott Hotel, Berlin
👉 www.virusbulletin.com/conference/v...
#VB2025 #Cybersecurity #Infosec #Berlin
Three days of bold ideas, sharp minds, and real-world security insight.
👀 Tickets? Coming very soon.
🗓️ 24–26 September 2025
📍JW Marriott Hotel, Berlin
👉 www.virusbulletin.com/conference/v...
#VB2025 #Cybersecurity #Infosec #Berlin
May 2, 2025 at 1:37 PM
The wait is over: The VB2025 programme is here.
Three days of bold ideas, sharp minds, and real-world security insight.
👀 Tickets? Coming very soon.
🗓️ 24–26 September 2025
📍JW Marriott Hotel, Berlin
👉 www.virusbulletin.com/conference/v...
#VB2025 #Cybersecurity #Infosec #Berlin
Three days of bold ideas, sharp minds, and real-world security insight.
👀 Tickets? Coming very soon.
🗓️ 24–26 September 2025
📍JW Marriott Hotel, Berlin
👉 www.virusbulletin.com/conference/v...
#VB2025 #Cybersecurity #Infosec #Berlin