William Largent
@securitywill.bsky.social
Cisco Talos Threat Research
Reposted by William Largent
From a wave of ToolShell incidents, to a rise in post-exploitation phishing and the creative misuse of legitimate tools like Velociraptor, this episode of the TTP is packed with insights from Q3: www.youtube.com/watch?v=q7yV...
October 28, 2025 at 3:31 PM
From a wave of ToolShell incidents, to a rise in post-exploitation phishing and the creative misuse of legitimate tools like Velociraptor, this episode of the TTP is packed with insights from Q3: www.youtube.com/watch?v=q7yV...
you need this in your life.
Found a page there with all finalists of all years! :D
www.comedywildlifephoto.com/gallery/fina...
www.comedywildlifephoto.com/gallery/fina...
These images are for viewing only and must not be copied :: Comedy Wildlife Photography Awards - Conservation through Competition
www.comedywildlifephoto.com
October 27, 2025 at 5:01 PM
you need this in your life.
they won't even open betting lines for DNS as the RFO on these things.
Amazon says a major DNS failure was behind a massive AWS (Amazon Web Services) outage that took down many websites and online services on Monday.
Amazon: This week’s AWS outage was caused by major DNS failure
Amazon says a major DNS failure was behind a massive AWS (Amazon Web Services) outage that took down many websites and online services on Monday.
www.bleepingcomputer.com
October 24, 2025 at 3:45 PM
they won't even open betting lines for DNS as the RFO on these things.
Reposted by William Largent
Save the date: Cisco Talos is hosting a live Reddit AMA on r/cybersecurity on October 30! Our team members will be on standby to answer your questions about our latest Incident Response Quarterly Trends Report, today’s threat landscape, and more.
October 17, 2025 at 2:00 PM
Save the date: Cisco Talos is hosting a live Reddit AMA on r/cybersecurity on October 30! Our team members will be on standby to answer your questions about our latest Incident Response Quarterly Trends Report, today’s threat landscape, and more.
Reposted by William Largent
Talos is serving up a special episode of Beers with Talos! VP Christopher Marshall (the “real Marshall,” much to Joe’s displeasure) joins Hazel, Bill, and Joe for a very real conversation about leading a large team when the world won’t stop moving: cs.co/63325AFR3x
October 16, 2025 at 4:01 PM
Talos is serving up a special episode of Beers with Talos! VP Christopher Marshall (the “real Marshall,” much to Joe’s displeasure) joins Hazel, Bill, and Joe for a very real conversation about leading a large team when the world won’t stop moving: cs.co/63325AFR3x
Reposted by William Largent
gene kelly is antifa
October 14, 2025 at 12:07 AM
gene kelly is antifa
Reposted by William Largent
If anyone needs me I will be in the museum, lying down next to the bog bodies.
October 13, 2025 at 5:58 PM
If anyone needs me I will be in the museum, lying down next to the bog bodies.
Pearls firmly clutched.
September 11, 2025 at 10:09 PM
Pearls firmly clutched.
Reposted by William Largent
Support your public library. Defend your public library. Slay the enemies of your public library.
August 19, 2025 at 11:41 PM
Support your public library. Defend your public library. Slay the enemies of your public library.
Reposted by William Largent
Ozzy Osbourne visited my magic shop. He said he'd like to buy some stink bombs. How many? All of them. I had to go through drawers finding every last one. He bought 900 of them. To sign the credit card slip I handed him a shock pen, which he thought was hilarious and bought that too. RIP
July 22, 2025 at 6:29 PM
Ozzy Osbourne visited my magic shop. He said he'd like to buy some stink bombs. How many? All of them. I had to go through drawers finding every last one. He bought 900 of them. To sign the credit card slip I handed him a shock pen, which he thought was hilarious and bought that too. RIP
This. Read this and repeat it over and over to yourself if you need to do so.
Never tell a bug reporter that their vulnerability can not be exploited. That only serves to guarantee that there will be an exploit built for your vulnerability.
Try "Thank you, we'll patch that" and see how that works out for you.
Try "Thank you, we'll patch that" and see how that works out for you.
July 22, 2025 at 8:35 PM
This. Read this and repeat it over and over to yourself if you need to do so.
Look, I'm not going to say that this is a personal attack ...
... it is. This is a personal attack.
... it is. This is a personal attack.
Nerds reaction if someone does ransomware: "whoa whoa whoa based"
Nerds reaction if someone cheats in multiplayer video games: "fuck you, you're a piece of shit"
Nerds reaction if someone cheats in multiplayer video games: "fuck you, you're a piece of shit"
July 11, 2025 at 2:44 PM
Look, I'm not going to say that this is a personal attack ...
... it is. This is a personal attack.
... it is. This is a personal attack.
Reposted by William Largent
We’re halfway through 2025, and vulnerability reporting is evolving fast. Check out the latest Threat Source newsletter as Thorsten breaks down record CVE volumes and new reporting challenges: blog.talosintelligence.com/patch-track-...
July 10, 2025 at 6:07 PM
We’re halfway through 2025, and vulnerability reporting is evolving fast. Check out the latest Threat Source newsletter as Thorsten breaks down record CVE volumes and new reporting challenges: blog.talosintelligence.com/patch-track-...
Reposted by William Largent
Threat actor deepfakes Marco Rubio's voice to approach foreign officials on Signal
www.washingtonpost.com/national-sec...
www.washingtonpost.com/national-sec...
A Marco Rubio impostor is using AI voice to call high-level officials
An imposter using AI to pose as Secretary of State Marco Rubio contacted three foreign ministers, a U.S. governor and a member of Congress, according to a State Department cable.
www.washingtonpost.com
July 8, 2025 at 11:43 AM
Threat actor deepfakes Marco Rubio's voice to approach foreign officials on Signal
www.washingtonpost.com/national-sec...
www.washingtonpost.com/national-sec...
Reposted by William Largent
Join us for a deep dive into how Cisco Talos uncovered two critical vulnerabilities in the AsIO3.sys driver powering ASUS Armory Crate: blog.talosintelligence.com/decrement-by...
June 26, 2025 at 1:45 PM
Join us for a deep dive into how Cisco Talos uncovered two critical vulnerabilities in the AsIO3.sys driver powering ASUS Armory Crate: blog.talosintelligence.com/decrement-by...
Reposted by William Largent
Cisco Talos uncovered zero-day vulnerabilities in catdoc, plus vulnerabilities in Parallel, NVIDIA, and High-Logic FontCreator 15—all now patched:
blog.talosintelligence.com/catdoc-zero-...
blog.talosintelligence.com/catdoc-zero-...
June 11, 2025 at 4:44 PM
Cisco Talos uncovered zero-day vulnerabilities in catdoc, plus vulnerabilities in Parallel, NVIDIA, and High-Logic FontCreator 15—all now patched:
blog.talosintelligence.com/catdoc-zero-...
blog.talosintelligence.com/catdoc-zero-...
Reposted by William Largent
Security researcher Michalis Antoniades has released Chronos, a kernel extension to support EDR-like capabilities on RTOS embedded systems
github.com/dest-3/Chronos
github.com/dest-3/Chronos
GitHub - dest-3/Chronos: Time-Based Detection and Response for Safety-Critical Real-Time Embedded Systems - EDR Kernel Extension for FreeRTOS
Time-Based Detection and Response for Safety-Critical Real-Time Embedded Systems - EDR Kernel Extension for FreeRTOS - dest-3/Chronos
github.com
May 1, 2025 at 3:01 PM
Security researcher Michalis Antoniades has released Chronos, a kernel extension to support EDR-like capabilities on RTOS embedded systems
github.com/dest-3/Chronos
github.com/dest-3/Chronos
Reposted by William Largent
Cisco Talos’ 2024 Year in Review is available now! With visibility into more than 886 billion security events per day, the report features our key insights. Read the full report here: http://cs.co/63320FzuMG
March 31, 2025 at 12:05 PM
Cisco Talos’ 2024 Year in Review is available now! With visibility into more than 886 billion security events per day, the report features our key insights. Read the full report here: http://cs.co/63320FzuMG
I really hate this archaic nonsense is still a part of the community - but this is a really good post from a couple of Splunk/SURGe folks.
I am so lucky to work on a team that is very diverse across the board but I am very aware that we are flying in the face of the norm.
I am so lucky to work on a team that is very diverse across the board but I am very aware that we are flying in the face of the norm.
Why We Need More Women and Intersectional Diversity in Cyber (And How to Get There)
Representation matters in cybersecurity. Here’s why—and what we can do about it.
dispatch.thorcollective.com
March 28, 2025 at 8:41 PM
I really hate this archaic nonsense is still a part of the community - but this is a really good post from a couple of Splunk/SURGe folks.
I am so lucky to work on a team that is very diverse across the board but I am very aware that we are flying in the face of the norm.
I am so lucky to work on a team that is very diverse across the board but I am very aware that we are flying in the face of the norm.
Reposted by William Largent
From threat hunting, detection building, vulnerability discoveries and incident response, Cisco Talos shows up every day to try and make the internet a safer place. Watch our full overview here: http://cs.co/633280m3rs
March 19, 2025 at 4:13 PM
From threat hunting, detection building, vulnerability discoveries and incident response, Cisco Talos shows up every day to try and make the internet a safer place. Watch our full overview here: http://cs.co/633280m3rs
"The PureCrypter malware found in this intrusion is a Windows dynamic-link library obfuscated with Eziriz’s .NET Reactor obfuscator. It has resources of encrypted binaries of legitimate DLLs, including Protobuf-net and Microsoft task scheduler DLL along with the TorNet backdoor. "
Cisco Talos discovered an ongoing malicious campaign operated by a financially motivated threat actor targeting users, predominantly in Poland and Germany. Read the blog on the new TorNet backdoor here: blog.talosintelligence.com/new-tornet-b...
January 28, 2025 at 3:45 PM
"The PureCrypter malware found in this intrusion is a Windows dynamic-link library obfuscated with Eziriz’s .NET Reactor obfuscator. It has resources of encrypted binaries of legitimate DLLs, including Protobuf-net and Microsoft task scheduler DLL along with the TorNet backdoor. "
Reposted by William Largent
Supply Chain Attack Detected in Solana's web3.js Library:
socket.dev/blog/supply-...
Solana blamed it on a phishing attack: github.com/solana-labs/...
socket.dev/blog/supply-...
Solana blamed it on a phishing attack: github.com/solana-labs/...
Supply Chain Attack Detected in Solana's web3.js Library - S...
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
socket.dev
December 4, 2024 at 9:55 PM
Supply Chain Attack Detected in Solana's web3.js Library:
socket.dev/blog/supply-...
Solana blamed it on a phishing attack: github.com/solana-labs/...
socket.dev/blog/supply-...
Solana blamed it on a phishing attack: github.com/solana-labs/...
Reposted by William Largent
<Bangs drum like Animal on a bender>
For anyone interested in detection and prevention methods against Salt Typhoon intrusions targeting communication providers, here is a comprehensive guide:
media.defense.gov/2024/Dec/03/...
media.defense.gov/2024/Dec/03/...
December 4, 2024 at 3:41 PM
<Bangs drum like Animal on a bender>