“AI will change the average persons life”

The average person using AI:

(h/t Reid Wightman for finding this gem)

Every year at @cyberwarcon.bsky.social there’s an extraordinarily well sourced deeply detailed talk about a topic that I literally know nothing about but is extraordinarily fascinating. Congrats @bees.infosec.exchange.ap.brid.gy for producing this year’s edition.

Me watching everyone at CYBERWARCON this week

Had a great time presenting at LSU this week on hunting and analyzing Go and Python malware samples while hunting for ICS malware. For those who couldn't make it, you can catch a recording of this talk from Hou.Sec.Con last month with @sam-hans0n.bsky.social

www.youtube.com/watc...

A lot of folks have reached out about Socket’s recent report on a supply chain attack using malicious NuGet packages to target Siemens S7 protocol and other PLCs.

This is not a supply chain attack in the traditional sense.
1/6

Went to a wedding and danced. Then went to a bar and danced. I didn't care about people watching me dance and people liked that I danced.

Just dance.

See you all tomorrow at #bsidesTC at Open Book in downtown Minneapolis!

Our DEF CON33 ICS Village talk is now on YouTube!

@sam-hans0n.bsky.social and I share stories of malware we discovered while searching for ICS threats, and discuss our approach to assessing their reputation.

Don't Cry Wolf: Evidence-Based Assessment of ICS Threats

DEF CON talk now on YouTube! Check it out:

Excited to launch the BSidesTC CTF this evening! Its been a lot of fun planning and designing the challenges with @sam-hans0n.bsky.social. I hope everyone has fun with it and I look forward to seeing how people do!

The BSidesTC 2025 Capture The Flag challenge has officially launched.

Head to our website to download the zipped executable file:

bsidestc.org?page_id=145

Players will need an x86_64 Linux sandbox to start the challenge.
Organizers will be available at the conference to answer any questions.

In ICS, malware analysis can feel like archaeology. I started the week with a 13 year old sample and ended the week with @sam-hans0n.bsky.social pinging about an 18 years old sample.

So, save your old Windows ISOs and VMs, you might need them!

“What made you investigate that specific sample on VirusTotal?”

Super excited about a new tool, PyLingual, a transformed based Python decompiler. This will be super useful for malware analysis, great work to the teams involved.

pylingual.io/about

Check out their research paper here (also fun to see Dragos cited):

softsec.kaist.ac.kr/~sangkilc/pa...

Another day of “is it malware or is it a CTF challenge”

Hello Bluesky community! Figured I should do an introduction.

I’m a vuln/malware analyst at Dragos, specializing in malware analysis, vulnerability research, and (some) threat hunting.

Big fan of anything space-related, fitness, and general nerd shit.

Happy to be “off the X”… so to speak 😃

I’ve spent less than an hour on Bluesky and it already feels less toxic