Kenneth Kinion

We are proud to sponsor @pivotcon.bsky.social as a premier European conference for CTI professionals. It's our mission to empower defenders with the best possible knowledge and data. PIVOTcon is a fantastic place for networking, knowledge sharing, and collaboration.

See you in Malaga in May!

Your cyber threat intel is part of the North Korean strategy: DPRK operators are abusing CTI platforms to see if they’ve been seen—and moving faster because of it. 👀

New research from @milenkowski.bsky.social (S1) and @kennethkinion.bsky.social (Validin):

🇰🇵 Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms

Research: www.sentinelone.com/labs/contagi...

Reuters story: www.reuters.com/world/asia-p...

Hunting Laundry Bear: Infrastructure Analysis Guide and Findings | Validin Hunting Laundry Bear: Infrastructure Analysis Guide and Findings

🚨 New blog post 🚨

Hunting Laundry Bear: Infrastructure Analysis Guide and Findings

How to enrich previous reporting with Validin to find dozens of indicators not previously reported.

#LaundryBear #VoidBlizzard #APT

www.validin.com/blog/laundry...

From @re.wtf:
bsky.app/profile/re.w...

Zooming through BlueNoroff Indicators with Validin | Validin Pivoting through recently-reported indicators to find BlueNoroff-associated domains

Hot on the heels of the researched published by @huntress.com, hunting for Zoom-themed lures from DPRK's #BlueNoroff

💥Learn hunting techniques
💥Leverage new Validin features and data
💥Full, unredacted indicator list (domains, IPs, hashes)

www.validin.com/blog/zooming...

At @pivotcon.bsky.social, I'm presenting with @hegel.bsky.social and Sreekar Madabushi on the first public look at the full scope of a stealthy, long-running phishing network.

Finding Booking.com themed ClickFix domains using Validin | Validin Finding Booking.com themed ClickFix domains using Validin

From on a report on X, we walk through proactive detection of a #booking #fakecaptcha #clickfix campaign delivering #asyncrat

As always, full indicator list and detailed step-by-step repro included 🔥 ⤵️
www.validin.com/blog/finding...

Not Reality: Exploring Meta-themed Phishing with Validin | Validin Not Reality: Exploring Meta-themed Phishing with Validin

@bushidotoken.net explored a Meta-themed credential phishing campaign (not "Reality"). From those indicators, I pulled the "Threads" & this is far from an isolated campaign. Found great pivots in registration "Meta"data. (I'll see myself out.)

All 762 indicators 💥⤵️

www.validin.com/blog/not_rea...

Lazarus Group Bybit Heist: C2 forensics | Validin An in-depth hunt for Lazarus APT group infrastructure related to the Bybit hack using Validin's host response and DNS databases.

Found these likely #Lazarus / #TraderTraitor domains w/ #Validin
getcoinprice[.]info
stocksindex[.]org
wfinance[.]org
stockinfo[.]io

Read my how-to on leveraging Validin's exceptional visibility, history, and pivoting features for C2 infrastructure forensics:
www.validin.com/blog/bybit_h...

"Unmasking the FreeDrain Network"

Tom Hegel, Principal Threat Researcher, SentinelLabs (@TomHegel , @hegel.bsky.social )
Sreekar Madabushi, Founding Engineer, Validin
Kenneth Kinion, Founder, Validin ( @kennethkinion.bsky.social )
16/18

Incredibly excited to drop some new research alongside @kennethkinion.bsky.social and Sreekar Madabushi at this years @pivotcon.bsky.social

📣 Oops!... They did it again!!!
61 Talks submitted and so many too good that, once again, we had to increase a bit the number of accepted talks.🔥

#PIVOTcon25 Agenda is finally here, and the caliber is insane!!! Check it out➡️ pivotcon.org/agenda-2025/
#CTI #ThreatIntel
Talks and presenters in🧵⬇️ 1/18

Really looking forward to my first @pivotcon.bsky.social in May. I'm super excited about doing this talk alongside @hegel.bsky.social and Sreekar!