Tony/Humpty (CJ)
@c-b.io
Lead SOC analyst | Malware enjoyer | Horrible dev
Pinned
Tony/Humpty (CJ)
@c-b.io
· Nov 30
GitHub - cyb3rjerry/xworm-source: Decompiled-ish XWorm source code (most likely uncompilable)
Decompiled-ish XWorm source code (most likely uncompilable) - cyb3rjerry/xworm-source
github.com
So I most likely botched this but here's the latest decompiled XWorm source code: github.com/cyb3rjerry/x...
Extremely grateful to have had the opportunity to not only give my first talk today but to do so alongside Josh Reynolds from @invokereversing.bsky.social
In case you missed it, you can find our slides on GitHub here github.com/CoveoSec/tal...
In case you missed it, you can find our slides on GitHub here github.com/CoveoSec/tal...
October 6, 2025 at 2:31 AM
Extremely grateful to have had the opportunity to not only give my first talk today but to do so alongside Josh Reynolds from @invokereversing.bsky.social
In case you missed it, you can find our slides on GitHub here github.com/CoveoSec/tal...
In case you missed it, you can find our slides on GitHub here github.com/CoveoSec/tal...
Reposted by Tony/Humpty (CJ)
Had a fantastic turnout for our talk at BSides Toronto about the scavenger malware today! Huge thanks to @c-b.io for co-presenting and thank you to everyone for attending!
October 5, 2025 at 9:03 PM
Had a fantastic turnout for our talk at BSides Toronto about the scavenger malware today! Huge thanks to @c-b.io for co-presenting and thank you to everyone for attending!
Reposted by Tony/Humpty (CJ)
A reminder that @c-b.io and Joshua Reynolds will be speaking at BSides Toronto this Sunday (Oct 5th) at 11:45AM about the Scavenger NPM supply chain attack. See you there!
September 29, 2025 at 7:53 PM
A reminder that @c-b.io and Joshua Reynolds will be speaking at BSides Toronto this Sunday (Oct 5th) at 11:45AM about the Scavenger NPM supply chain attack. See you there!
Reposted by Tony/Humpty (CJ)
We are excited to announce that our founder Joshua Reynolds and @c-b.io have been accepted to speak at BSides Toronto with their talk titled "When Prettier Gets Ugly: The Scavenger Supply Chain Campaign" more info here: pretalx.com/bsides-toron...
September 17, 2025 at 2:44 PM
We are excited to announce that our founder Joshua Reynolds and @c-b.io have been accepted to speak at BSides Toronto with their talk titled "When Prettier Gets Ugly: The Scavenger Supply Chain Campaign" more info here: pretalx.com/bsides-toron...
Reposted by Tony/Humpty (CJ)
We did a full technical blog on the NPM eslint-config-prettier supply chain compromise that was used to distribute the Scavenger malware with @c-b.io check it out! invokere.com/posts/2025/0...
Scavenger Malware Distributed via eslint-config-prettier NPM Package Supply Chain Compromise
Technical blog detailing the eslint-config-prettier supply chain compromise used to distribute Scavenger malware
invokere.com
July 21, 2025 at 5:17 PM
We did a full technical blog on the NPM eslint-config-prettier supply chain compromise that was used to distribute the Scavenger malware with @c-b.io check it out! invokere.com/posts/2025/0...
Hey folks! Here's my first technical deep-dive into a PE malware sample that touches on why including more information/proofs in threat intelligence reports is important.
c-b.io/2025-06-29+-...
c-b.io/2025-06-29+-...
2025-06-29 - Supper is served - Tony/Humpty's RE blog
Recommend song to listen to while reading: If you find something off with what I say, please let me know. I'll gladly amend my content and credit you for the fix. Some thanks in alphabetical order
c-b.io
June 29, 2025 at 11:18 PM
Hey folks! Here's my first technical deep-dive into a PE malware sample that touches on why including more information/proofs in threat intelligence reports is important.
c-b.io/2025-06-29+-...
c-b.io/2025-06-29+-...
Reposted by Tony/Humpty (CJ)
Reposted by Tony/Humpty (CJ)
In sum: an economically illiterate "conservative" institutes the biggest tax hike in history in an effort to revive the policies that led to the Great Depression.
Cool.
Cool.
April 2, 2025 at 11:00 PM
In sum: an economically illiterate "conservative" institutes the biggest tax hike in history in an effort to revive the policies that led to the Great Depression.
Cool.
Cool.
Another day, another stealer
c-b.io/blog/redtige...
c-b.io/blog/redtige...
Analyzing the RedTiger Malware Stealer
Analyzing the RedTiger Malware Stealer
Today we’ll dive into a fresh malware stealer dubbed RedTiger, a sample targeting personal user data, particularly Discord tokens, browser-stored credentials, an...
c-b.io
March 16, 2025 at 9:22 PM
Another day, another stealer
c-b.io/blog/redtige...
c-b.io/blog/redtige...
Hello fellow nerds, here's my latest blogpost on how BlankGrabber targets Discord by injecting malicious JS to steal credit card info
c-b.io/blog/dissect...
c-b.io/blog/dissect...
Dissecting a fresh BlankGrabber sample
Dissecting a fresh BlankGrabber sample
BlankGrabber is nothing new. It’s been documented by multiple companies such as ThreatMon, K7Security and has even had it’s source code disclosed on GitHub. So w...
c-b.io
February 16, 2025 at 6:14 AM
Hello fellow nerds, here's my latest blogpost on how BlankGrabber targets Discord by injecting malicious JS to steal credit card info
c-b.io/blog/dissect...
c-b.io/blog/dissect...
Does anyone know what's up with these brand spanking new youtube accounts posting bogus seed phrases here?
Whats the scheme?
🤔
Whats the scheme?
🤔
January 14, 2025 at 4:31 AM
Does anyone know what's up with these brand spanking new youtube accounts posting bogus seed phrases here?
Whats the scheme?
🤔
Whats the scheme?
🤔
Reposted by Tony/Humpty (CJ)
Phooooomp
do they make nerf m2 mortars?
My sister’s 7 year old got the Nerf Gatling Gun with tripod gifted from her in-laws. She’s losing it lol. Look at this thing.
December 25, 2024 at 5:59 PM
Phooooomp
Wishing everyday some resting and incident free holidays ❤️
December 25, 2024 at 5:35 PM
Wishing everyday some resting and incident free holidays ❤️
I made it to a cool starter pack, I may now die in peace 🫡
December 17, 2024 at 2:40 PM
I made it to a cool starter pack, I may now die in peace 🫡
Do I have a ESC/POS nerd here? In desperate need of help to print f*cking nv bit images on a shitty rongta printer that's supposed to emulate the EPSOM ESC/POS spec. I'll pay a beer in exchange (the price of a beer in your country)
December 7, 2024 at 7:47 AM
Do I have a ESC/POS nerd here? In desperate need of help to print f*cking nv bit images on a shitty rongta printer that's supposed to emulate the EPSOM ESC/POS spec. I'll pay a beer in exchange (the price of a beer in your country)
Absolutely insane video by @backwoodideas.bsky.social. I have no clue _why_ he would do something but he did and it turned out fucking amazing lol
TL;DR: data transmission over a tincan phone. Very Michael Reeves pilled
youtu.be/zUqPqg2jjro?...
TL;DR: data transmission over a tincan phone. Very Michael Reeves pilled
youtu.be/zUqPqg2jjro?...
This Video Was Uploaded Through a Fishing Line
YouTube video by Backwood
youtu.be
December 6, 2024 at 10:04 PM
Absolutely insane video by @backwoodideas.bsky.social. I have no clue _why_ he would do something but he did and it turned out fucking amazing lol
TL;DR: data transmission over a tincan phone. Very Michael Reeves pilled
youtu.be/zUqPqg2jjro?...
TL;DR: data transmission over a tincan phone. Very Michael Reeves pilled
youtu.be/zUqPqg2jjro?...
Reposted by Tony/Humpty (CJ)
C++23 has "first-class UB": you, the language user, can make promises and let the program enter UB if you break them.
int f(int x, int y) {
[[assume(x == 27)]];
[[assume(x == y)]];
return y + 1; // May be optimised to `return 28`.
}
int f(int x, int y) {
[[assume(x == 27)]];
[[assume(x == y)]];
return y + 1; // May be optimised to `return 28`.
}
December 5, 2024 at 11:07 PM
C++23 has "first-class UB": you, the language user, can make promises and let the program enter UB if you break them.
int f(int x, int y) {
[[assume(x == 27)]];
[[assume(x == y)]];
return y + 1; // May be optimised to `return 28`.
}
int f(int x, int y) {
[[assume(x == 27)]];
[[assume(x == y)]];
return y + 1; // May be optimised to `return 28`.
}
Part 1 of my blogpost titled "Threat hunting for shits and giggles" is out! This is my very first blogpost of the kind so I'd really appreciate feedback :) Quick shoutout to @hunt.io for their pretty cool tool
c-b.io/blog/threat_...
c-b.io/blog/threat_...
Threat hunting for shits and giggles [Part 1]
Threat hunting for shits and giggles [Part 1] I’ll start by saying this post is not endorsed by hunt.io. I just happen to be a really big fan of what they’re doing.
Some hackers suck at OpSec Not all ...
c-b.io
December 4, 2024 at 2:43 AM
Part 1 of my blogpost titled "Threat hunting for shits and giggles" is out! This is my very first blogpost of the kind so I'd really appreciate feedback :) Quick shoutout to @hunt.io for their pretty cool tool
c-b.io/blog/threat_...
c-b.io/blog/threat_...