TTPs Things that Threat Actors do when they Perform a cyber attack
Never assume your audience knows what acronyms stand for.
13.11.2025 01:28
π 17
π 3
π¬ 0
π 0
TTPs Things that Threat Actors do when they Perform a cyber attack
Never assume your audience knows what acronyms stand for.
If youβve been laid off from a cyber threat intel position, and you want a ticket to CYBERWARCON, please reach out.
Well now I need to buy a ticket π«Ά
CFP closes this Friday, September 26th at 11:59pm EST!
If you'd like to speak at CYBERWARCON this year, get your talk submission in ASAP to be considered!
Submit your talk here >> www.cyberwarcon.com/cfp2025
#CYBERWARCON #CFP
This may be one of the sickest coins Iβve seen in a while
B I G facts
But it did use AI?
We published a reading list of our favorite cyber and cyber-adjacent books.
We're keeping it relatively broad. Books about privacy and surveillance are and will be a part of this.
This is meant to be a post to be updated regularly. If you have suggestions on what we should read next, please share!
Those white papers were a golden age but reports like those also cause more clusters to pop up as actors change to avoid detections
#what_is_sos
Today, Microsoft Threat Intelligence Center is proud to announce the release of RIFT, an open-source tool designed to assist malware analysts automate the identification of attacker-written code within Rust binaries. https://msft.it/63324SLarg
JS analysis is absolutely terrible
Iβve been fortunate enough to go to at least one F1 race a year since 2021 but this year I wonβt be going to any and Iβm not sure how to feel
Fwiw - I believe all the major email providers have them but itβs things like this that are making them phase it out
More CVE-2024-42009 exploitation from invoice[@]b-s-r[.]eu from May 29, 2025
Same subject and payload that CERT-PL found, but sent via TOR node instead of freemail provider
cert.pl/en/posts/202...
I know AI / LLMs get a lot of flack these days but Iβve thoroughly been enjoying whipping up a quick script or summarizing 50+ pages of legalese. I guess weβll see how long it takes for me to regret those words though
Microsoft has discovered a cluster of worldwide cloud abuse activity by new Russia-affiliated threat actor Void Blizzard (LAUNDRY BEAR), whose cyberespionage activity targets gov't, defense, transportation, media, NGO, and healthcare in Europe and North America. https://msft.it/63324S9Jkp
100 days of yara really got to you huh?
China provides several map services that can be useful for open source researchers. Gaode Maps is one of them. Conveniently, it is also accessible to people based outside of China. Have a look at @bellingcat.com's Online Investigation Toolkit to learn more: bellingcat.gitbook.io/toolkit/more...
You mean βby the truckloadβ?
The amount of medicine Iβve taken the last 24 hours to be a semi-functioning parent should be researched
Maaaan what a loaded and complicated question to answer haha
Heβs cooked chat
#ESETresearch publishes its investigation of Operation RoundPress, which uses XSS vulnerabilities to target high-value webmail servers. We attribute the operation to Sednit with medium confidence. www.welivesecurity.com/en/eset-rese... 1/5
Great stuff as always
Not all heroes wear capes
Fascinating to see reference to GRU unit 20728 from FR relative to Russia's offensive cyber program -- as far as I'm aware, a first from a Western service?
www.diplomatie.gouv.fr/fr/dossiers-...
Getting warmerβ¦
No worries! I was hoping to hit FIRST and PivotCon this year but just wasnβt in the cards
