Good writeup on a very interesting piece of kit
06.03.2026 16:42
👍 0
🔁 0
💬 0
📌 0
Good writeup on a very interesting piece of kit
If I found the correct manual for the M-audio interface the original author used to record the FLAC files, the line in and line out were both capped at a 48KHz sample rate. It would be interesting to see if a higher fidelity recording would make the impedance from the mud and banana more noticeable.
If you appreciate the under-reported #InfoSec & #DataPrivacy news content I share every week, please support what I do by signing up for my newsletter. sherpaintelligence.substack.com
I'm really proud of the content I provide and subscribers make my work possible.
Repost & share with your network!
Screenshot of my blog post to share information on this Lumma Stealer infection with follow-up malware.
2025-12-30 (Tuesday): #LummaStealer infection with follow-up malware. A #pcap of the infection traffic, the associated #Lumma with follow-up #malware samples, and some IOCs are available at www.malware-traffic-analysis.net/2025/12/30/i...
Sunset over a frozen lake
Our Labs love the snow. They’re 11 & 12, and it makes them act like puppies.
“He got you, didn’t he?”
If I won the lottery, I might not tell anyone, but there would be signs.
The back story on how that performance came together is amazing, too. And so many of the songs have cool stories behind them (or after them, like Onyx & Biohazard).
I mean, the movie was the excuse to make the soundtrack. But who cares? They made the soundtrack.
Paul Melson joined us this year as our keynote speaker to talk about the history of crimeware and its evolution through the years.
In his keynote he also gives some good advice to those who are in the field and creating their professional network. Check out what he had to say!
If you’re not already alerting on
CONHOST.EXE spawning CMD.EXE spawning WGET.EXE
or
CONHOST.EXE spawning CONHOST.EXE spawning CONHOST.EXE
you’re gonna want to close that gap today.
Are weekly dental cleanings a thing?
ICYMI: Paul Melson, VP of Cyber Intelligence Engineering at Capital One, delivered the SLEUTHCON 2025 keynote!
Watch here >> www.youtube.com/watch?v=9FvB...
That’s great
Happy International Dog Day, hope you spent it with your best friends
Don’t miss the use of ngrok for tunneling here. Continue to see malicious actors use this service to hide C2. Ngrok uses AWS IPs across multiple zones for egress NAT. I recommend sinkholing their domains across your network.
ngrok[.]com
ngrok[.]io
ngrok-free[.]app
www.microsoft.com/en-us/securi...
It’s that time again, apparently.
Paul Melson's Brief History of Crime[ware] was a lovely (?!) trip down memory lane. I'm old too, @pmelson.bsky.social
#SLEUTHCON #traumamemories
It is my position that Chatham House rules and TLP should extend to any trolling that takes place in those channels and venues.
New keynote drop: Paul Melson is taking the SLEUTHCON stage to dissect the rise of crime[ware]—how it started, how it scaled, and how we shut it down.
23+ yrs defending networks. ScumBots founder. Now VP @ Capital One.
🎤 June 6
📍IRL + virtual
🎟️ Tix moving fast - sleuthcon.com
🗓️ CFP closes April 18
So simple, but what a can of worms. It emphasizes why detection pipelines with multiple, conditional rounds are needed. Ideally you’d catch this with a simple string match for the reg key after it’s been through a generic deobfuscation round that drops non-alphanumeric characters.
Took this at sunset in Fall in Minnesota:
They’re called Asperitas clouds:
cliffmass.blogspot.com/2024/04/undu...
Today I am thankful for all of the folks working a shift and watching the wires to keep us safe. I see you and I appreciate you.
@volexity.com’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world.
Read more here: www.volexity.com/blog/2024/11...
