Greg Lesnewich
@greg-l.bsky.social
oh great, now I’m on bluesky
These posts convinced me to pull the trigger on this bad boy:
November 2, 2025 at 11:21 PM
These posts convinced me to pull the trigger on this bad boy:
“You can get lost in the Sauce, but without the Sauce, you are lost”
Saw this Timothee Chamalet post elsewhere and immediately thought of @gabagool.ing @bigbadw0lf.bsky.social
Saw this Timothee Chamalet post elsewhere and immediately thought of @gabagool.ing @bigbadw0lf.bsky.social
October 16, 2025 at 9:50 PM
“You can get lost in the Sauce, but without the Sauce, you are lost”
Saw this Timothee Chamalet post elsewhere and immediately thought of @gabagool.ing @bigbadw0lf.bsky.social
Saw this Timothee Chamalet post elsewhere and immediately thought of @gabagool.ing @bigbadw0lf.bsky.social
I have immunity your honor!!
July 29, 2025 at 8:38 PM
I have immunity your honor!!
The cereal and ice cream industries innovate at a rate we technologists should be envious of
June 28, 2025 at 1:21 PM
The cereal and ice cream industries innovate at a rate we technologists should be envious of
More CVE-2024-42009 exploitation from invoice[@]b-s-r[.]eu from May 29, 2025
Same subject and payload that CERT-PL found, but sent via TOR node instead of freemail provider
cert.pl/en/posts/202...
Same subject and payload that CERT-PL found, but sent via TOR node instead of freemail provider
cert.pl/en/posts/202...
June 9, 2025 at 1:10 PM
More CVE-2024-42009 exploitation from invoice[@]b-s-r[.]eu from May 29, 2025
Same subject and payload that CERT-PL found, but sent via TOR node instead of freemail provider
cert.pl/en/posts/202...
Same subject and payload that CERT-PL found, but sent via TOR node instead of freemail provider
cert.pl/en/posts/202...
if @andrewcyberkop.bsky.social posted about the NBA
June 9, 2025 at 1:08 PM
if @andrewcyberkop.bsky.social posted about the NBA
Too busy bushwhacking behind the house sorry!
June 6, 2025 at 12:38 PM
Too busy bushwhacking behind the house sorry!
congrats! good luck writing your stories with this set up
June 2, 2025 at 2:14 PM
congrats! good luck writing your stories with this set up
Is 10:19 too egregious?
May 28, 2025 at 2:19 PM
Is 10:19 too egregious?
Is the era of the “named actor” done?
As the OG adversary sets diverge, get promoted, or move on
actors dispersing across the kill chain based on specialized skills increases (ORBs, criminal underground)
AND the CTI models maturing…
APTs ⬇️⬇️
UNCs ⬆️⬆️
As the OG adversary sets diverge, get promoted, or move on
actors dispersing across the kill chain based on specialized skills increases (ORBs, criminal underground)
AND the CTI models maturing…
APTs ⬇️⬇️
UNCs ⬆️⬆️
May 21, 2025 at 8:15 PM
Is the era of the “named actor” done?
As the OG adversary sets diverge, get promoted, or move on
actors dispersing across the kill chain based on specialized skills increases (ORBs, criminal underground)
AND the CTI models maturing…
APTs ⬇️⬇️
UNCs ⬆️⬆️
As the OG adversary sets diverge, get promoted, or move on
actors dispersing across the kill chain based on specialized skills increases (ORBs, criminal underground)
AND the CTI models maturing…
APTs ⬇️⬇️
UNCs ⬆️⬆️
bad news for u bucko
May 14, 2025 at 8:37 PM
bad news for u bucko
Traeger seasoning and smoking experiments on beef ribs and flank steak incoming
April 27, 2025 at 4:02 PM
Traeger seasoning and smoking experiments on beef ribs and flank steak incoming
they love coming off the same concentrator (which they also are using for some password spraying and maybe some exploitation?)
they'll abuse vulnerable email servers en route (that sekv domain)(
and spoof the From field to make it look like its coming from the target
they'll abuse vulnerable email servers en route (that sekv domain)(
and spoof the From field to make it look like its coming from the target
April 17, 2025 at 12:22 PM
they love coming off the same concentrator (which they also are using for some password spraying and maybe some exploitation?)
they'll abuse vulnerable email servers en route (that sekv domain)(
and spoof the From field to make it look like its coming from the target
they'll abuse vulnerable email servers en route (that sekv domain)(
and spoof the From field to make it look like its coming from the target
Saher's first blog on the scourge that is ClickFix usage in the espionage space!!
Had to sneak in the UNK_RemoteRogue RDP shenanigans as well - a thus far unattributed group we assess to be Russia-aligned, using a pretty fun set of email tactics
Had to sneak in the UNK_RemoteRogue RDP shenanigans as well - a thus far unattributed group we assess to be Russia-aligned, using a pretty fun set of email tactics
April 17, 2025 at 12:22 PM
Saher's first blog on the scourge that is ClickFix usage in the espionage space!!
Had to sneak in the UNK_RemoteRogue RDP shenanigans as well - a thus far unattributed group we assess to be Russia-aligned, using a pretty fun set of email tactics
Had to sneak in the UNK_RemoteRogue RDP shenanigans as well - a thus far unattributed group we assess to be Russia-aligned, using a pretty fun set of email tactics
tired of looking at email headers as disgusting plaintext? only want things of value to stand out?
look no further than this VSCode extension built by @jacoblatonis.me
marketplace.visualstudio.com/items?itemNa...
look no further than this VSCode extension built by @jacoblatonis.me
marketplace.visualstudio.com/items?itemNa...
March 21, 2025 at 8:02 PM
tired of looking at email headers as disgusting plaintext? only want things of value to stand out?
look no further than this VSCode extension built by @jacoblatonis.me
marketplace.visualstudio.com/items?itemNa...
look no further than this VSCode extension built by @jacoblatonis.me
marketplace.visualstudio.com/items?itemNa...
Trying to attribute DPRK cryptoheist activity?
Here’s a quick pocket attribution guide
Remember to practice your DPRK ABC(TT)s
Here’s a quick pocket attribution guide
Remember to practice your DPRK ABC(TT)s
March 16, 2025 at 5:28 PM
Trying to attribute DPRK cryptoheist activity?
Here’s a quick pocket attribution guide
Remember to practice your DPRK ABC(TT)s
Here’s a quick pocket attribution guide
Remember to practice your DPRK ABC(TT)s
When you’ve been stretching that last pair of contacts, procrastinating scheduling an eye doctor appointment, only to find not 1, not 2, but 3 more boxes in the drawer
March 15, 2025 at 3:45 AM
When you’ve been stretching that last pair of contacts, procrastinating scheduling an eye doctor appointment, only to find not 1, not 2, but 3 more boxes in the drawer
