banner
LightNews
mayahustle.com
Jimmy Wylie
@mayahustle.com
710 followers 200 following 75 posts
I look for ICS threats, and spend a lot of time reverse engineering. Distinguished Malware Analyst @ Dragos. Lead Analyst on TRISIS and PIPEDREAM. He/Him
Posts Media Videos Starter Packs
Pinned
mayahustle.com
Jimmy Wylie @mayahustle.com · Nov 23
Howdy folks! I'm a malware analyst focused on critical infrastructure threats and ICS/OT malware.

Aside from studying reverse engineering, I lift weights, play a lot of board games and try to keep my philosopher dog, Velma, entertained.

Here's an example of my work:
www.dragos.com/blog/analyzi...
Welsh corgi staring contemplatively out of a window.
10 7 310
mayahustle.com
Jimmy Wylie @mayahustle.com · 1d
I couldn’t think of a picture, so here’s an image from an old show that probably planted the seed for me to become a malware analyst.
1
mayahustle.com
Jimmy Wylie @mayahustle.com · 1d
In ICS, malware analysis can feel like archaeology. I started the week with a 13 year old sample and ended the week with @sam-hans0n.bsky.social pinging about an 18 years old sample.

So, save your old Windows ISOs and VMs, you might need them!
1 1 4
mayahustle.com
Jimmy Wylie @mayahustle.com · 3d
I enjoyed it, but I’ll readily admit, it’s not for everyone.
1 1
mayahustle.com
Jimmy Wylie @mayahustle.com · 3d
Thanks to @cybrseccon.bsky.social / HOU.SEC.CON for having us last week. (and for a really unique speaker gift!) The conference has grown into a valuable industry event, and I'm looking forward to the next one!

ICYMI, we posted resources from our talk here:
gist.github.com/maya...
Selfie of Jimmy holding a belt buckle. The belt buckle is a western style buckle. The buckle has Speaker along the top, an image of the HOUSECCON flying saucer logo below it, and an astronaut riding a horse. The bottom of the buckle has the year, 2025. The rest of the buckle is decorated with filigree.
4
mayahustle.com
Jimmy Wylie @mayahustle.com · 4d
Well.. I can’t help but listen to this. 🤘It’s weird, and I like it.

deathmeta.bandcamp.com/album/malware
MALWARE | DEATH META
10 track album
deathmeta.bandcamp.com
1 1
mayahustle.com
Jimmy Wylie @mayahustle.com · 8d
The Difference Maker Awards are about contributions to the community, so they let the community decide.
Voting ends on Wednesday, October 8. If you haven’t voted yet, please consider it!
(I’m a finalist in the ICS category alongside some amazing industry leaders)

www.sans.org/about/awards...
SANS Difference Makers Awards
These are the people and organizations acknowledged by the SANS Institute for their oustanding contributions to cyber security each year.
www.sans.org
3
mayahustle.com
Jimmy Wylie @mayahustle.com · 9d
@xorhex.bsky.social Good work on this BinaryNinja plugin! It really came in handy the other day when I was trying to type and label some dynamic api resolution code. Someone in Binja’s slack recommended it. Rock on!
github.com/xorhex/binja...
GitHub - xorhex/binjaextras
Contribute to xorhex/binjaextras development by creating an account on GitHub.
github.com
1 4
mayahustle.com
Jimmy Wylie @mayahustle.com · 18d
I was nominated for a SANS DMA - ICS/OT Practitioner of the Year, along with some impressive folks. Reverse engineering ICS malware is hard, but communicating the results is harder. Grateful to SANS for recognizing my work in this area.

Link below. Voting ends on Oct. 8.
SANS Difference Makers Awards | SANS Institute
These are the people and organizations acknowledged by the SANS Institute for their oustanding contributions to cyber security each year.
www.sans.org
3
mayahustle.com
Jimmy Wylie @mayahustle.com · 22d
I learned about it reading Orange’s write up in Phrack72: phrack.org/issues/72...

And the blog post it references here by Orange and Splitline: devco.re/blog/2025/0...

Both of these are excellent write ups and great reads if you’re into vulnerability research, CTFs, or hacker history.
3/3
The Art of PHP - My CTF Journey and Untold Stories!
Click to read the article on phrack
phrack.org
2 5
mayahustle.com
Jimmy Wylie @mayahustle.com · 22d
Orange and Splitline discovered they could abuse this feature to turn a soft hyphen into a normal one and bypass a 2012 PHP argument injection patch to leak data and potential RCE.

It’s a fascinating attack surface and a case study on how benign OS features can become unexpected attack vectors.
2/3
1 2
mayahustle.com
Jimmy Wylie @mayahustle.com · 22d
Earlier this year, I complained about how many hyphens there were in Unicode. It turns out a Soft Hyphen was abused last year in a creative PHP exploit.

CVE-2024-4577 exploits Windows’ Best Fit character conversion feature that auto-converts certain Unicode characters to ASCII equivalents.
1/3
1 1 3
mayahustle.com
Jimmy Wylie @mayahustle.com · Sep 9
Oh hey, Hex-Rays released IDA 9.2. There are new Go features like support for multiple return values to annotate Go function calls correctly. Jump Anywhere is a nice usability improvement supplanting the need to remember 5 keyboard shortcuts.

hex-rays.com/blog/id...

#idapro #reverseengineering
IDA 9.2 Release: Golang Improvements, New UI Widgets, Types Parsing and More
IDA 9.2: Smarter Go decompilation, new UI widgets, Xref Graph/Tree, LLVM-based type parser, debugger upgrades, and expanded processor support.
hex-rays.com
1 1
mayahustle.com
Jimmy Wylie @mayahustle.com · Sep 4
This is a great story about Donald Knuth and Doug McIlroy participating in a literate programming exercise and a hilarious example of different perspectives in problem solving from godfathers of Computer Science.

Original post: hachyderm.io/@mweagle/115...
1
mayahustle.com
Jimmy Wylie @mayahustle.com · Sep 3
Sam Hanson and I are speaking at @hou-sec-con.bsky.social on hunting for Python and Go ICS-related malware. You'll learn playbooks for these cases and hear stories about malware targeting ICS in the past year. The talk is on October 1st, at 1 p.m., Track 1. I hope you can make it!

#ICS #OTSecurity
4
mayahustle.com
Jimmy Wylie @mayahustle.com · Aug 26
Just read up on the IDA Domain API updates from Hex Rays. This on top of idalib is a nice step forward in usability. Def recommend checking out the All Things IDA video.

Looking forward to seeing the use case spotlights that they’ll be publishing.

youtu.be/IaOucXb033Q

#idapro #reverseengineering
An introduction to the IDA Domain API
youtu.be
1 1
mayahustle.com
Jimmy Wylie @mayahustle.com · Aug 25
My reading list for the rest of the year, inspired by DEFCON 33 and the starting chapters of the first book:
- Microcontroller Exploits - Goodspeed
- Hack to the Future - Crose
- Hardware Hacker - bunnie
- Hardware Hacking Handbook - Van Woudenberg + O’Flynn
- Art of Mac Malware (Vol 1+2) - Wardle
1 5
mayahustle.com
Jimmy Wylie @mayahustle.com · Aug 24
Eesh.. I know #ArchLinux can be difficult for folks, but this seems uncalled for. I hope they figure out who’s behind it.

www.zdnet.com/article/arch...
Arch Linux remains under attack as DDoS enters week 2 - here's a workaround | ZDNET
Something mysterious is happening to the popular Linux distro's website. Here's what we know so far.
www.zdnet.com
1 1
mayahustle.com
Jimmy Wylie @mayahustle.com · Aug 23
This reminds me of stuff Thich Nhat Hahn and other Buddhist folks say: “Look Deeply” when speaking about examining various aspects of yourself, the world, or present moment. If I ever wrote a book or blog on RE, I’d probably call it something like “The Art of Looking Deeply”
2
mayahustle.com
Jimmy Wylie @mayahustle.com · Aug 18
You want @hermit.sh on your team. If you know of anything, send it their way.
hermit.sh
ackmage @hermit.sh · Aug 18
hi!
I'm looking for new work opportunities

strongest areas are data analysis & threat hunting. I love SQL, regex, anomaly detection, data wrangling

experienced designing & using honeypot systems. have created novel techniques

I use python a lot, but can use whatever a situation calls for

tysm💓
2
mayahustle.com
Jimmy Wylie @mayahustle.com · Aug 15
Poland stopped a cyberattack that could have cut water supply to a major city yesterday.

Cyberattacks against water is a troubling trend. Access to clean water is fundamental, and these types of attacks are direct threats to public health and safety.

#ICS #OTsecurity

www.reuters.com/en/p...
1 16 32
mayahustle.com
Jimmy Wylie @mayahustle.com · Aug 15
Played “In the Footsteps of Marie Curie” tonight. More of a family game, light on the strategy, easy playing. Good one for folks just getting into independent #boardgames
6
mayahustle.com
Jimmy Wylie @mayahustle.com · Aug 14
Makes me wish I had access to their Sidekick API. I bet it’s even smoother.
mayahustle.com
Jimmy Wylie @mayahustle.com · Aug 14
I’m forcing myself to learn #BinaryNinja, and using an LLM to search through the user manual and learn the basics is a game changer. Questions about fonts, theming, basic shortcuts, and considerations coming from IDA all answered easily.
1 2
mayahustle.com
Jimmy Wylie @mayahustle.com · Aug 13
- Generating resumes and realistic messages for IT Worker and recruitment scams.

Sources:

Anthropic: www.anthropic.com/ne...

Google: cloud.google.com/blo...

OpenAI: openai.com/global-af...
3/3
Detecting and Countering Malicious Uses of Claude
Detecting and Countering Malicious Uses of Claude
www.anthropic.com
mayahustle.com
Jimmy Wylie @mayahustle.com · Aug 13
- An actor tried to rewrite known malware in a new language using Gemini.

- One actor tried to reverse engineer Carbon Black and decompile Python code, according to Google.

- Automatically generating social media posts and comments for Influence Ops
2/3
1