Rony's Avatar

Rony

@r0ny

Threat Intelligence Analyst

117
Followers 106
Following 38
Posts 04.03.2024
Joined
Posts Following

Latest posts by Rony @r0ny

Post image

Reverse engineers often spend significant time deciphering third-party libraries within firmware. My talk, scheduled for Friday at 5 PM at Reverse, introduces SightHouse, an open-source initiative aimed at automatically identifying third-party functions to enhance analysis efficiency.

02.03.2026 15:20 ๐Ÿ‘ 4 ๐Ÿ” 4 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
A side by side comparison of the original output by Ghidra, and the LLM enriched output.

A side by side comparison of the original output by Ghidra, and the LLM enriched output.

Ghidra, scripting, LLM, automagic automation. That should grab the attention for this thread. If you want to read the complete blog, you can do so here: www.trellix.com/blogs/resear...
1/n

01.07.2025 12:35 ๐Ÿ‘ 9 ๐Ÿ” 5 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0
Post image

Many many folks in this effort over the years. Thankful for everyone and hope its of use.

14.05.2025 14:10 ๐Ÿ‘ 17 ๐Ÿ” 8 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0
Preview
From the World of โ€œHacker X Filesโ€ to the Whitewashed Business Sphere Jiang Jintaoโ€™s journey from hacker to infosec entrepreneur illustrates the blend of ambition, skill, and changes in China's cybersecurity industry

The Natto Team continues finding stories of Chinese hackers fascinating as they reveal the motivations behind cyber operations and the evolution of China's information security industry.

nattothoughts.substack.com/p/stories-of...

14.05.2025 16:22 ๐Ÿ‘ 5 ๐Ÿ” 5 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 2
ACCE Release Notes v2.9.20250508 โ€“ Cipher Tech Solutions, Inc.

The May release for ACCE includes updates and support including #AurotunStealer #rutserv #PupkinStealer #PE32Ransomware #Interlock www.ciphertechsolutions.com/acce-release...

12.05.2025 16:06 ๐Ÿ‘ 1 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Russia โ€“ Attribution of cyber attacks on France to the Russian military intelligence service (APT28) (29.04.25) France condemns in the strongest terms the use by Russia's military intelligence service (GRU) of the APT28 attack group, at the origin of several (โ€ฆ)

France just called out GRU Unit 20728 (166th Research Information Centre), posted up in Rostov-on-Don, for cyberattacks. Kremlin got new ops on the board.

www.diplomatie.gouv.fr/en/country-f...

@wylienewmark.bsky.social

30.04.2025 06:16 ๐Ÿ‘ 7 ๐Ÿ” 3 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Hunting Botnets With CursorAI, GreyNoise, Censys, and Censeye Threat hunting is made easier and simpler by combining the power of Censys, GreyNoise, CursorAI, and Censeye.

Yall are beyond not ready about the shit we're cooking up with @censys.bsky.social and @greynoise.io powers combined

censys.com/blog/hunting...

21.04.2025 19:12 ๐Ÿ‘ 25 ๐Ÿ” 8 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

I'm always a big fan of @agreenberg.bsky.social's writing, but I don't see a clear reason to believe these six stories are connected to "lesser-known hacker groups."

15.04.2025 02:53 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Video thumbnail

S02E01: Smoked Customers

operation-endgame.com

09.04.2025 14:37 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

It's here!

S02E01: Smoked customers

09.04.2025 12:03 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

Tick Tock โฐ

08.04.2025 14:40 ๐Ÿ‘ 1 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 1
"A Slice Of" Modern Program Analysis - Kyle Martin
"A Slice Of" Modern Program Analysis - Kyle Martin

Kyle's talk at Insomni'Hack is live! youtu.be/I0PoE0IdtmE?...

Check it out if you're interested in a slice of modern program analysis and try the latest version of Tanto as well, in the plugin manager or at github.com/Vector35/tanto

07.04.2025 14:44 ๐Ÿ‘ 11 ๐Ÿ” 6 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

Cool stuff. Kudos to whoever at Censys wrote this. I researched the ORB network myself but lack access to historical data. Thanks for providing historical visibility.

censys.com/junos-and-re...

30.03.2025 06:59 ๐Ÿ‘ 5 ๐Ÿ” 5 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

Bring Back RiskIQ!

28.03.2025 12:04 ๐Ÿ‘ 2 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

Thanks @pstirparo.bsky.social.

21.03.2025 02:39 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

๐Ÿšจ ALEART ๐Ÿšจ

#UAT-5918 is the new #Winnti! ๐Ÿ˜‚

21.03.2025 00:29 ๐Ÿ‘ 1 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

The decrypted payload is #DOPLUGS.

20.03.2025 12:05 ๐Ÿ‘ 2 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

The R&D team at JuniperNetworks released a detailed 35-page malware analysis report "The RedPenguin Malware Incident", covering the #TINYSHELL components used by #UNC3886, including the C2 protocol structure.

supportportal.juniper.net/sfc/servlet.shepherd/document/download/069Dp00000FzdmIIAR

13.03.2025 08:56 ๐Ÿ‘ 3 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 1
Preview
Justice Department Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns The Justice Department, FBI, Naval Criminal Investigative Service, and Departments of State and the Treasury announced today their coordinated efforts to disrupt and deter the malicious cyber activiti...

APT27 & i-soon hackers charged by DOJโ€”12 caught as the cats are out of the bag now. Yet APT27โ€™s infra still purrs. Letโ€™s see how they claw back from this!

www.justice.gov/opa/pr/justi...

05.03.2025 19:58 ๐Ÿ‘ 3 ๐Ÿ” 1 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

If possible can you share the prompt?

03.03.2025 20:14 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

Yeah, none of the LLMs are capable of that yet. Maybe soon?

03.03.2025 20:13 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Cybersecurity and Infrastructure Security Agency on X: "CISAโ€™s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security." / X CISAโ€™s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.

CISA is stepping back too!!?
It seems they have a different opinion though
x.com/CISAgov/stat...

03.03.2025 04:27 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0
Internet Crime Complaint Center (IC3) | North Korea Responsible for $1.5 Billion Bybit Hack

Epic collab, UNC4899 ๐Ÿค UNC5267

FBI official advisory on Bybit crypto theft
www.ic3.gov/PSA/2025/PSA...

27.02.2025 06:20 ๐Ÿ‘ 2 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Shodan Shodan Trends - Discover how the Internet has changed over time.

@shodanhq.bsky.social Awesome! Shodan History is back in the UI. Nice!!! Thank you.
But I have a question regarding trends.shodan.io. all trends I do are stopping at October 2024. Why? Please make them to the current data again. I love it and need it. :)

24.02.2025 21:34 ๐Ÿ‘ 4 ๐Ÿ” 4 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Preview
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Cloud Blog Russia state-aligned threat actors target Signal Messenger accounts used by individuals of interest to Russia's intelligence services.

Today, Google Threat Intelligence is alerting the community to increasing efforts from several Russia state-aligned threat actors (GRU, FSB, etc.) to compromise Signal Messenger accounts.

cloud.google.com/blog/topics/...

19.02.2025 11:05 ๐Ÿ‘ 167 ๐Ÿ” 118 ๐Ÿ’ฌ 3 ๐Ÿ“Œ 15
Preview
CL0P Ransomware : Latest Attacks - CYFIRMA INTRODUCTION The Cl0p group has been active since early 2019, leveraging vulnerabilities and exploits to encrypt files for ransom. The...

This latest blog from Cyfirma on Cl0p/Cleo exploitation is utter garbage, ignore it.
LLM YARA rule (not even valid syntax), massively inflated statistics, and misleading IOCs and analysis.
www.cyfirma.com/research/cl0...

15.02.2025 22:29 ๐Ÿ‘ 5 ๐Ÿ” 2 ๐Ÿ’ฌ 1 ๐Ÿ“Œ 0

Cyfirma blogs are trash! ๐Ÿšฎ

16.02.2025 03:11 ๐Ÿ‘ 1 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0

@cryptolaemus.bsky.social folks are โœจ๐Ÿ”ฅ

11.02.2025 10:37 ๐Ÿ‘ 0 ๐Ÿ” 0 ๐Ÿ’ฌ 0 ๐Ÿ“Œ 0
Post image Post image

Excited to receive the @abuse-ch.bsky.social& @spamhaus.bsky.social swag! ๐ŸŽ Thank you for sending this amazing package. It means a lot to be recognized as a Top Contributor in the fight against cybercrime. Looking forward to continuing our battle together! ๐Ÿ’ช #StrengthINUnity

10.02.2025 11:34 ๐Ÿ‘ 7 ๐Ÿ” 0 ๐Ÿ’ฌ 2 ๐Ÿ“Œ 1