tlansec
@tlansec.bsky.social
Threat Intel @volexity.com n stuff.
London, UK.
London, UK.
Reposted by tlansec
Remember NFTs? 😂😂😂😂😂😂😂
November 11, 2025 at 1:00 AM
Remember NFTs? 😂😂😂😂😂😂😂
Private jets don't pay fuel tax. Now I don't either.
YouTube video by Oli Frost
www.youtube.com
November 7, 2025 at 10:27 AM
Reposted by tlansec
At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
Tech Talks - Call for Papers
www.cyberuk.uk
November 6, 2025 at 8:12 PM
At @ncsc.gov.uk we have just launched the CyberUK tech talks call for papers across three topics
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
- Cyber applications of AI
- What works: approaches that reduce cyber harm
- The evolving threat
www.cyberuk.uk/2026/call-fo...
Reposted by tlansec
my response to this is the loudest OK BRO you've ever heard in your life
Famed Russian spy hunter Christo Grozev claimed on this podcast four months ago that North Korea hacked the Democratic National Committee in 2016 and passed the info to Russia, which in exchange divulged access to Bangladesh Bank. 🤔 #infosec Passage at 13m 31s:
www.youtube.com/watch?v=dimh...
www.youtube.com/watch?v=dimh...
November 6, 2025 at 10:10 PM
my response to this is the loudest OK BRO you've ever heard in your life
Reposted by tlansec
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
Crossed wires: a case study of Iranian espionage and attribution | Proofpoint US
Proofpoint would like to thank Josh Miller for his initial research on UNK_SmudgedSerpent and contribution to this report. Key findings Between June and August 2025,
www.proofpoint.com
November 5, 2025 at 1:37 PM
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
Reposted by tlansec
Meet our speaker Patrick Whitsell!
Patrick has expertise in monitoring and defending against cyber espionage threat actors.
His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage.
Learn more! www.cyberwarcon.com
Patrick has expertise in monitoring and defending against cyber espionage threat actors.
His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage.
Learn more! www.cyberwarcon.com
November 5, 2025 at 7:47 PM
Meet our speaker Patrick Whitsell!
Patrick has expertise in monitoring and defending against cyber espionage threat actors.
His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage.
Learn more! www.cyberwarcon.com
Patrick has expertise in monitoring and defending against cyber espionage threat actors.
His talk, "Cyber(trade)war: Paradigm Shift in Economic Espionage", will cover the shift in PRC state-sponsored cyber espionage.
Learn more! www.cyberwarcon.com
Reposted by tlansec
i heard my kids singing about "APT"s and i was sorely disappointed www.youtube.com/watch?v=ekr2...
ROSÉ & Bruno Mars - APT. (Official Music Video)
YouTube video by ROSÉ
www.youtube.com
October 24, 2025 at 2:46 PM
i heard my kids singing about "APT"s and i was sorely disappointed www.youtube.com/watch?v=ekr2...
Reposted by tlansec
Thanks to @xorhex for an interesting discussion that is worth sharing here. I knew I read this somewhere but here's a fun thing you can do in YARA-X:
2 of ($a*, $b*, 3 of ($c*))
This is documented but not widely known: virustotal.github.io/yara-x/docs/...
2 of ($a*, $b*, 3 of ($c*))
This is documented but not widely known: virustotal.github.io/yara-x/docs/...
Differences with YARA
Documents the differences between YARA-X and YARA.
virustotal.github.io
October 16, 2025 at 5:48 PM
Thanks to @xorhex for an interesting discussion that is worth sharing here. I knew I read this somewhere but here's a fun thing you can do in YARA-X:
2 of ($a*, $b*, 3 of ($c*))
This is documented but not widely known: virustotal.github.io/yara-x/docs/...
2 of ($a*, $b*, 3 of ($c*))
This is documented but not widely known: virustotal.github.io/yara-x/docs/...
Reposted by tlansec
We’re just normal men
October 13, 2025 at 10:34 PM
We’re just normal men
Reposted by tlansec
This was an interesting one to work on! tldr: Chinese aligned actor uses LLM to empower their malware development, target gathering, and phishing operation. Goes wrong and starts randomly including pornographic material and other random files/info.
www.volexity.com/blog/2025/10...
www.volexity.com/blog/2025/10...
APT Meets GPT: Targeted Operations with Untamed LLMs
Starting in June 2025, Volexity detected a series of spear phishing campaigns targeting several customers and their users in North America, Asia, and Europe. The initial observed campaigns were tailor...
www.volexity.com
October 8, 2025 at 2:08 PM
This was an interesting one to work on! tldr: Chinese aligned actor uses LLM to empower their malware development, target gathering, and phishing operation. Goes wrong and starts randomly including pornographic material and other random files/info.
www.volexity.com/blog/2025/10...
www.volexity.com/blog/2025/10...
Reposted by tlansec
APT meets GPT: @volexity.com #threatintel is tracking #threatactor UTA0388's spear phishing campaigns against targets in North America, Europe & Asia, appearing to use LLMs to assist their ops. Letting #AI run your espionage operations? What could go wrong?
APT Meets GPT: Targeted Operations with Untamed LLMs
Starting in June 2025, Volexity detected a series of spear phishing campaigns targeting several customers and their users in North America, Asia, and Europe. The initial observed campaigns were tailor...
www.volexity.com
October 8, 2025 at 12:35 PM
APT meets GPT: @volexity.com #threatintel is tracking #threatactor UTA0388's spear phishing campaigns against targets in North America, Europe & Asia, appearing to use LLMs to assist their ops. Letting #AI run your espionage operations? What could go wrong?
Reposted by tlansec
We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...
October 7, 2025 at 4:47 PM
We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...
Reposted by tlansec
Reposted by tlansec
⏰ The inaugural SOS conference is 30 days away! Have you gotten your ticket yet?!?
Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more.
Registration is still open! stateofstatecraft.com/agenda
Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more.
Registration is still open! stateofstatecraft.com/agenda
September 29, 2025 at 3:01 AM
⏰ The inaugural SOS conference is 30 days away! Have you gotten your ticket yet?!?
Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more.
Registration is still open! stateofstatecraft.com/agenda
Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more.
Registration is still open! stateofstatecraft.com/agenda
Reposted by tlansec
www.zscaler.com/blogs/securi... - Nice writeup by zscaler on some COLDRIVER malware. I'm talking about this stuff at #FTSCon in a few weeks and will have lots more details there.
COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz
The Russia-linked group COLDRIVER targeted dissidents and their supporters using a ClickFix technique, resulting in the deployment of BAITSWITCH and SIMPLEFIX.
www.zscaler.com
September 26, 2025 at 2:45 PM
www.zscaler.com/blogs/securi... - Nice writeup by zscaler on some COLDRIVER malware. I'm talking about this stuff at #FTSCon in a few weeks and will have lots more details there.
Reposted by tlansec
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
RedNovember Targets Government, Defense, and Technology Organizations
RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...
www.recordedfuture.com
September 24, 2025 at 6:57 PM
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
Reposted by tlansec
Couple of openings here in our threat research org!
Staff Security Research Engineer:
proofpoint.wd5.myworkdayjobs.com/en-US/Proofp...
Senior Threat Researcher (ecrime team):
proofpoint.wd5.myworkdayjobs.com/ProofpointCa...
Staff Security Research Engineer:
proofpoint.wd5.myworkdayjobs.com/en-US/Proofp...
Senior Threat Researcher (ecrime team):
proofpoint.wd5.myworkdayjobs.com/ProofpointCa...
Staff Security Research Engineer
About Us: We are the leader in human-centric cybersecurity. Half a million customers, including 87 of the Fortune 100, rely on Proofpoint to protect their organizations. We’re driven by a mission to s...
proofpoint.wd5.myworkdayjobs.com
September 24, 2025 at 1:59 AM
Couple of openings here in our threat research org!
Staff Security Research Engineer:
proofpoint.wd5.myworkdayjobs.com/en-US/Proofp...
Senior Threat Researcher (ecrime team):
proofpoint.wd5.myworkdayjobs.com/ProofpointCa...
Staff Security Research Engineer:
proofpoint.wd5.myworkdayjobs.com/en-US/Proofp...
Senior Threat Researcher (ecrime team):
proofpoint.wd5.myworkdayjobs.com/ProofpointCa...
Reposted by tlansec
In Swedish, a word for what you eat to bridge the gap between meals (or while waiting for the main course to cook) is stödmacka. It means "support sandwich."
A similar word in Norwegian is ventepølse, or "waiting sausage."
A similar word in Norwegian is ventepølse, or "waiting sausage."
September 21, 2025 at 3:34 PM
In Swedish, a word for what you eat to bridge the gap between meals (or while waiting for the main course to cook) is stödmacka. It means "support sandwich."
A similar word in Norwegian is ventepølse, or "waiting sausage."
A similar word in Norwegian is ventepølse, or "waiting sausage."
Reposted by tlansec
#FTSCon Speaker Spotlight: Wesley Shields (@wxs.bsky.social) is presenting “COLDRIVER: NOROBOT/YESROBOT/MAYBEROBOT” in the HUNTER track.
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
September 18, 2025 at 4:29 PM
#FTSCon Speaker Spotlight: Wesley Shields (@wxs.bsky.social) is presenting “COLDRIVER: NOROBOT/YESROBOT/MAYBEROBOT” in the HUNTER track.
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
Reposted by tlansec
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...
dirkjanm.io
September 17, 2025 at 1:20 PM
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...
Reposted by tlansec
I’ll be giving a talk at FTS this year. Not going to lie, I’m doing it just so I can heckle Sir Tom of The House of Lancaster (@tlansec.bsky.social) in person.
volatilityfoundation.org/from-the-sou...
volatilityfoundation.org/from-the-sou...
From The Source 2025
Learn Directly from the World’s Leading Digital Investigators: On Monday, October 20, 2025, the Volatility Foundation is hosting From The Source, a one-day summit, in Arlington, VA, followed by fou…
volatilityfoundation.org
September 15, 2025 at 6:25 PM
I’ll be giving a talk at FTS this year. Not going to lie, I’m doing it just so I can heckle Sir Tom of The House of Lancaster (@tlansec.bsky.social) in person.
volatilityfoundation.org/from-the-sou...
volatilityfoundation.org/from-the-sou...
Reposted by tlansec
The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques
memoryanalysis.net/courses-malw...
memoryanalysis.net/courses-malw...
Malware and Memory Forensics Training - Memory Analysis
Malware and memory forensics training courses offered by the Memory Analysis Team.
memoryanalysis.net
September 3, 2025 at 5:11 PM
The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques
memoryanalysis.net/courses-malw...
memoryanalysis.net/courses-malw...
Reposted by tlansec
Now up to 22 different Cinnamon Toast Crunch related products. The quest continues.
Cinnamon Toast Crunch with Strawberry. Doesn't seem like it would add much, but who knows.
September 3, 2025 at 4:19 PM
Now up to 22 different Cinnamon Toast Crunch related products. The quest continues.