Snorre Fagerland
@snoffle.bsky.social
Dad. Husband. Threat researcher at RSAC. He/Him. Maintainer of the Virus History Project.
#infosec #cats #nature #science #art #antifascist #drawing #istandwithukraine
#infosec #cats #nature #science #art #antifascist #drawing #istandwithukraine
Don't wanna be an
September 3, 2025 at 9:24 PM
Don't wanna be an
En gang fantes det korrekturlesere i media, og en viss standard. Jeg vet jo at den tiden ikke kommer tilbake, men fader.
August 25, 2025 at 8:59 AM
En gang fantes det korrekturlesere i media, og en viss standard. Jeg vet jo at den tiden ikke kommer tilbake, men fader.
Norwegian PST points to pro Russian hackers for dam sabotage in April.
reuters.com/technology/norwa…
I have no idea where they got that idea from.
#hacking #infrastructure #russia
reuters.com/technology/norwa…
I have no idea where they got that idea from.
#hacking #infrastructure #russia
August 13, 2025 at 6:59 PM
Norwegian PST points to pro Russian hackers for dam sabotage in April.
reuters.com/technology/norwa…
I have no idea where they got that idea from.
#hacking #infrastructure #russia
reuters.com/technology/norwa…
I have no idea where they got that idea from.
#hacking #infrastructure #russia
If you are risking a diplomatic incident trying to phish *some incredibly well known and connected persons*, you should probably send your best folks. Do not send your crappiest team SMH.
July 11, 2025 at 12:17 PM
If you are risking a diplomatic incident trying to phish *some incredibly well known and connected persons*, you should probably send your best folks. Do not send your crappiest team SMH.
The hacktivist group that calls itself APT IRAN has published an "analysis" of the 2023 attack on Iranian gas stations.
Some hard data in the form of file hashes++ but their analysis is useless. Guesswork based on byte scans, apparently unaware that these are ARM platforms, not x86.
Some hard data in the form of file hashes++ but their analysis is useless. Guesswork based on byte scans, apparently unaware that these are ARM platforms, not x86.
July 7, 2025 at 8:56 AM
The hacktivist group that calls itself APT IRAN has published an "analysis" of the 2023 attack on Iranian gas stations.
Some hard data in the form of file hashes++ but their analysis is useless. Guesswork based on byte scans, apparently unaware that these are ARM platforms, not x86.
Some hard data in the form of file hashes++ but their analysis is useless. Guesswork based on byte scans, apparently unaware that these are ARM platforms, not x86.
Six hour drive to the summer house today. I wonder if the cat understa...
July 5, 2025 at 7:55 AM
Six hour drive to the summer house today. I wonder if the cat understa...
It didn't take long. As soon as news broke that Predatory Sparrow had stolen millions of dollars in crypto assets, scammers are attempting Jita scams with the hoard (nevermind that it was likely destroyed).
June 18, 2025 at 4:29 PM
It didn't take long. As soon as news broke that Predatory Sparrow had stolen millions of dollars in crypto assets, scammers are attempting Jita scams with the hoard (nevermind that it was likely destroyed).
Ser ikke ut som Partiet Fred og Rettferdighet klarer å drive nettsted hvertfall. Litt synd å svi av 50000 på reklame og så virker ikke nettsida. Sad!
May 17, 2025 at 11:26 PM
Ser ikke ut som Partiet Fred og Rettferdighet klarer å drive nettsted hvertfall. Litt synd å svi av 50000 på reklame og så virker ikke nettsida. Sad!
A butterfly there were large numbers of where we visited in California. Probably variable checkerspot (Euphydryas chalcedona), though not the best picture.
May 13, 2025 at 11:52 AM
A butterfly there were large numbers of where we visited in California. Probably variable checkerspot (Euphydryas chalcedona), though not the best picture.
Photo ops are always cringey but Jamie Foxx was a real gentleman about it. Fun to have met man tho.
May 13, 2025 at 11:23 AM
Photo ops are always cringey but Jamie Foxx was a real gentleman about it. Fun to have met man tho.
Example of AI-diversion from Ukraine
92183f89b115881535b1bf1985f3ee4b4ebf077bec8cc4de0c6c6e266da0cb87
cert.gov.ua/article/6282946
#malware #ai
92183f89b115881535b1bf1985f3ee4b4ebf077bec8cc4de0c6c6e266da0cb87
cert.gov.ua/article/6282946
#malware #ai
April 30, 2025 at 6:43 PM
Example of AI-diversion from Ukraine
92183f89b115881535b1bf1985f3ee4b4ebf077bec8cc4de0c6c6e266da0cb87
cert.gov.ua/article/6282946
#malware #ai
92183f89b115881535b1bf1985f3ee4b4ebf077bec8cc4de0c6c6e266da0cb87
cert.gov.ua/article/6282946
#malware #ai
Also partial to when they do weird-ass stuff. Like when Denzuko stores most of its code *outside* of the disk. (Sort of. 360kb floppies had tracks 0-39. DZ formatted itself 9 sectors on track 40).
April 22, 2025 at 12:00 AM
Also partial to when they do weird-ass stuff. Like when Denzuko stores most of its code *outside* of the disk. (Sort of. 360kb floppies had tracks 0-39. DZ formatted itself 9 sectors on track 40).
They're playing 'Jonah' from Paul Simon's 'One Trick Pony' album on the radio. Not one of the albums people talk about a lot, but one I love, its melancholy drifting songs the perfect backdrop to how I feel about the 80's.
April 17, 2025 at 9:57 AM
They're playing 'Jonah' from Paul Simon's 'One Trick Pony' album on the radio. Not one of the albums people talk about a lot, but one I love, its melancholy drifting songs the perfect backdrop to how I feel about the 80's.
In April '97, the Australian virus author Clinton Haines aka Harry McBungus, Talon, and Terminator Z died of a drug overdose. His peers in the Australian virus community wrote the "Memorial" virus in his honor, a novel virus for its time.
He would have been 49 now. A waste.
#malware #virushistory
He would have been 49 now. A waste.
#malware #virushistory
April 13, 2025 at 10:21 AM
In April '97, the Australian virus author Clinton Haines aka Harry McBungus, Talon, and Terminator Z died of a drug overdose. His peers in the Australian virus community wrote the "Memorial" virus in his honor, a novel virus for its time.
He would have been 49 now. A waste.
#malware #virushistory
He would have been 49 now. A waste.
#malware #virushistory
Virus History Project subfolders will now (usually) include a readme.md displaying folder structure and included file information. Hashes are copyable and also available as a separate csv file.
#malware #virushistory
#malware #virushistory
April 12, 2025 at 11:19 PM
Virus History Project subfolders will now (usually) include a readme.md displaying folder structure and included file information. Hashes are copyable and also available as a separate csv file.
#malware #virushistory
#malware #virushistory
At least you can see out your windows
April 12, 2025 at 12:32 PM
At least you can see out your windows
We'll have to downgrade the oil revenues a bit folks. OTOH, the environment wins and Putin cries, so there's the silver lining
April 9, 2025 at 12:20 PM
We'll have to downgrade the oil revenues a bit folks. OTOH, the environment wins and Putin cries, so there's the silver lining
Context-dependent detections. Same file detected as different variants (even "exactly") depending on file extension. This scanner is no longer around, but context is used as additional parameter in a lot of products.
#malware
#malware
April 9, 2025 at 11:01 AM
Context-dependent detections. Same file detected as different variants (even "exactly") depending on file extension. This scanner is no longer around, but context is used as additional parameter in a lot of products.
#malware
#malware
This screen effect comes from a polymorphic virus for DOS from 1996, SUPD.Cryptor.5245.A. This virus is - even today - very unreliably detected with ~50% detection rate on new replications. Not a threat anymore, but interesting.
April 3, 2025 at 7:21 PM
This screen effect comes from a polymorphic virus for DOS from 1996, SUPD.Cryptor.5245.A. This virus is - even today - very unreliably detected with ~50% detection rate on new replications. Not a threat anymore, but interesting.
Folders I used to upload files to VirusTotal from. You used to be able to see upload folder name when looking at files there (not sure that is still the case). I may have confused the hell out of some analysts.
March 31, 2025 at 7:23 AM
Folders I used to upload files to VirusTotal from. You used to be able to see upload folder name when looking at files there (not sure that is still the case). I may have confused the hell out of some analysts.
Happy Friday everyone
March 28, 2025 at 7:35 AM
Happy Friday everyone
For those asking source: The data is available in the exploit.in leaks from 2016.
Very unlikely a spoof, since these are old data from before he became secdef.
Very unlikely a spoof, since these are old data from before he became secdef.
March 27, 2025 at 8:58 PM
For those asking source: The data is available in the exploit.in leaks from 2016.
Very unlikely a spoof, since these are old data from before he became secdef.
Very unlikely a spoof, since these are old data from before he became secdef.
As Spiegel says, addresses apparently belonging to Pete Hegseth can be found in the exploit.in leaks from 2016; with several addresses. These use the same password, which is a) lame, but common; and b) makes it less likely that the mail.ru address is a spoof. (These results are already public.)
March 27, 2025 at 8:08 PM
As Spiegel says, addresses apparently belonging to Pete Hegseth can be found in the exploit.in leaks from 2016; with several addresses. These use the same password, which is a) lame, but common; and b) makes it less likely that the mail.ru address is a spoof. (These results are already public.)