Ian Campbell
@neurovagrant.bsky.social
Security ops engineer and investigator @ DomainTools, writer, voracious reader. he/him. Opinions here mine only. Autistic/depressed/anxious/hungry. https://dti.domaintools.com
Pinned
RDAP and BGP in Investigative Journalism - DomainTools | Start Here. Know Now.
One of the things we’re most proud of at DomainTools is our Grants program. We offer free access and training to investigative journalists, as well as security researchers involved in community-benefi...
www.domaintools.com
DomainTools Investigations worked with OSINT analysts & journalists to help uncover the connections between websites involved in the harassment of Ukrainian personnel and their families, and the people and infrastructure involved.
Technical writeup below!
www.domaintools.com/resources/bl...
Technical writeup below!
www.domaintools.com/resources/bl...
Mandiant is hiring for a Senior Incident Response Security Consultant.
Hybrid options in Boulder, Seattle, SF, and Sunnyvale. Remote eligible in CA, CO, and WA.
(I am not affiliated with Mandiant or this hiring process.)
#infosec
www.google.com/about/career...
Hybrid options in Boulder, Seattle, SF, and Sunnyvale. Remote eligible in CA, CO, and WA.
(I am not affiliated with Mandiant or this hiring process.)
#infosec
www.google.com/about/career...
Senior Incident Response Security Consultant, Google Cloud, Mandiant — Google Careers
www.google.com
November 24, 2025 at 10:21 PM
Mandiant is hiring for a Senior Incident Response Security Consultant.
Hybrid options in Boulder, Seattle, SF, and Sunnyvale. Remote eligible in CA, CO, and WA.
(I am not affiliated with Mandiant or this hiring process.)
#infosec
www.google.com/about/career...
Hybrid options in Boulder, Seattle, SF, and Sunnyvale. Remote eligible in CA, CO, and WA.
(I am not affiliated with Mandiant or this hiring process.)
#infosec
www.google.com/about/career...
The monthly DomainTools Investigations Cybersecurity Reading List is out today - as usual, not a roundup, but what caught our attention internally! Plus a little commentary (sometimes slightly spicy).
#infosec #cybersecurity
dti.domaintools.com/cybersecurit...
#infosec #cybersecurity
dti.domaintools.com/cybersecurit...
Cybersecurity Reading List - Week of 2025-11-24 - DomainTools Investigations | DTI
Infosec, know thyself. It’s no surprise that I’m an advocate for deeply introspective paths. My autism positions me for rumination (and much overthinking), but also self-examination and self-evaluati...
dti.domaintools.com
November 24, 2025 at 6:04 PM
The monthly DomainTools Investigations Cybersecurity Reading List is out today - as usual, not a roundup, but what caught our attention internally! Plus a little commentary (sometimes slightly spicy).
#infosec #cybersecurity
dti.domaintools.com/cybersecurit...
#infosec #cybersecurity
dti.domaintools.com/cybersecurit...
'The International Association of Cryptologic Research has cancelled the results of its annual leadership election after an official lost an encryption key needed to unlock results stored in a "hyper-secure election system."'
infosec.exchange/@dangoodin/1...
infosec.exchange/@dangoodin/1...
Dan Goodin (@[email protected])
The International Association of Cryptologic Research has cancelled the results of its annual leadership election after an official lost an encryption key needed to unlock results stored in a "hyper-s...
infosec.exchange
November 21, 2025 at 10:50 PM
'The International Association of Cryptologic Research has cancelled the results of its annual leadership election after an official lost an encryption key needed to unlock results stored in a "hyper-secure election system."'
infosec.exchange/@dangoodin/1...
infosec.exchange/@dangoodin/1...
New research out from DomainTools Investigations today!
We took time to pull apart the "Charming Kitten" data dump and analyze it accordingly.
#infosec #cybersecurity #threatintel
dti.domaintools.com/threat-intel...
We took time to pull apart the "Charming Kitten" data dump and analyze it accordingly.
#infosec #cybersecurity #threatintel
dti.domaintools.com/threat-intel...
Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets - DomainTools Investigations | DTI
Unmasking APT35 (Charming Kitten). New report analyzes leaked internal documents, revealing their operational profile, Exchange attack chains (ProxyShell, EWS), and quota-driven compromise strategies.
dti.domaintools.com
November 21, 2025 at 8:31 PM
New research out from DomainTools Investigations today!
We took time to pull apart the "Charming Kitten" data dump and analyze it accordingly.
#infosec #cybersecurity #threatintel
dti.domaintools.com/threat-intel...
We took time to pull apart the "Charming Kitten" data dump and analyze it accordingly.
#infosec #cybersecurity #threatintel
dti.domaintools.com/threat-intel...
"Ways in which being autistic is like being drunk."
Admit my eyebrow nearly hit the ceiling at the topic, but there's a lot of truth here for me.
(i know, i know, insta)
#actuallyautistic
www.instagram.com/reel/DRHOzzV...
Admit my eyebrow nearly hit the ceiling at the topic, but there's a lot of truth here for me.
(i know, i know, insta)
#actuallyautistic
www.instagram.com/reel/DRHOzzV...
Daniel Wendler on Instagram: "Why autistic people get burned out and overwhelmed #autistic #autisticburnout #neurodivergent #autism"
In this video, Dr. Dan explains how autistic people experience stress and burnout due to the delayed and cumulative effects of stress. He shares his insights as an autistic psychologist and provides a...
www.instagram.com
November 21, 2025 at 1:44 PM
"Ways in which being autistic is like being drunk."
Admit my eyebrow nearly hit the ceiling at the topic, but there's a lot of truth here for me.
(i know, i know, insta)
#actuallyautistic
www.instagram.com/reel/DRHOzzV...
Admit my eyebrow nearly hit the ceiling at the topic, but there's a lot of truth here for me.
(i know, i know, insta)
#actuallyautistic
www.instagram.com/reel/DRHOzzV...
"Adversarial poetry" as a universal one-shot for jailbreaking LLMs is the coolest fucking thing I've heard of in a while.
November 20, 2025 at 8:41 PM
"Adversarial poetry" as a universal one-shot for jailbreaking LLMs is the coolest fucking thing I've heard of in a while.
Million-dollar idea I'm putting out there for infosec folks:
start erecting honeypot sensors for Salesforce third-party connector apps and APIs.
So far the exploitation I know about has mostly been the result of social engineering, but I don't want to assume that is always the case.
start erecting honeypot sensors for Salesforce third-party connector apps and APIs.
So far the exploitation I know about has mostly been the result of social engineering, but I don't want to assume that is always the case.
November 20, 2025 at 4:03 PM
Million-dollar idea I'm putting out there for infosec folks:
start erecting honeypot sensors for Salesforce third-party connector apps and APIs.
So far the exploitation I know about has mostly been the result of social engineering, but I don't want to assume that is always the case.
start erecting honeypot sensors for Salesforce third-party connector apps and APIs.
So far the exploitation I know about has mostly been the result of social engineering, but I don't want to assume that is always the case.
Reposted by Ian Campbell
Halligan must see the case is cooked if they’ve opted, not only for attacking the judge, but doing so by lying about what he said.
DOJ & Halligan attack Judge Nachmanoff. But he did not call Halligan a puppet. He asked the defense if its legal position was that Halligan had been acting as a stalking horse or puppet--doing a vindictive president's bidding. (Which she almost certainly was.)
November 20, 2025 at 1:30 PM
Halligan must see the case is cooked if they’ve opted, not only for attacking the judge, but doing so by lying about what he said.
Reposted by Ian Campbell
Blockchain investigator ZachXBT has published a report on how the APT38 (Bluenoroff) group laundered $200 million worth of crypto from 25+ hacks to fiat between 2020 and 2023.
paragraph.com/@investigati...
paragraph.com/@investigati...
How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020–2023
Table of contents1). Introduction 2). CoinBerry, Unibright, & CoinMetro hacks 3). Nexus Mutual founder hack 4). EasyFi hack 5). Bondly hack 6). Unreported hacks 7). MGNR and PolyPlay hacks 8). bZx hac...
paragraph.com
November 20, 2025 at 1:34 PM
Blockchain investigator ZachXBT has published a report on how the APT38 (Bluenoroff) group laundered $200 million worth of crypto from 25+ hacks to fiat between 2020 and 2023.
paragraph.com/@investigati...
paragraph.com/@investigati...
After a day full of brilliant people, shared purposes, and practitioner solidarity, I find myself renewed once again. Infosec, you always manage to break my heart, and to refill it again to overflowing.
Thank you @cyberwarcon.bsky.social & friends.
Thank you @cyberwarcon.bsky.social & friends.
November 20, 2025 at 1:29 PM
After a day full of brilliant people, shared purposes, and practitioner solidarity, I find myself renewed once again. Infosec, you always manage to break my heart, and to refill it again to overflowing.
Thank you @cyberwarcon.bsky.social & friends.
Thank you @cyberwarcon.bsky.social & friends.
Ever look at your luggage and think “I swear to god I packed more underwear than this”?
Anyways, my apologies to anyone else I meet this evening.
Anyways, my apologies to anyone else I meet this evening.
November 19, 2025 at 8:22 PM
Ever look at your luggage and think “I swear to god I packed more underwear than this”?
Anyways, my apologies to anyone else I meet this evening.
Anyways, my apologies to anyone else I meet this evening.
RU cyber sanctions have dropped. Aeza et al. ofac.treasury.gov/recent-actio...
Cyber-related Designations; CAATSA - Russia-related Designations; Issuance of Russia-related Frequently Asked Question | Office of Foreign Assets Control
ofac.treasury.gov
November 19, 2025 at 2:18 PM
RU cyber sanctions have dropped. Aeza et al. ofac.treasury.gov/recent-actio...
Need an “it’s always sunny in Philadelphia” title screen with
“The Gang Learns Bot Mitigation”
“The Gang Learns Bot Mitigation”
November 18, 2025 at 6:22 PM
Need an “it’s always sunny in Philadelphia” title screen with
“The Gang Learns Bot Mitigation”
“The Gang Learns Bot Mitigation”
Intel 471 has an interesting thing scheduled for tomorrow: interactive, live podcast episode walking through a nation-state threat actor investigation with attendees.
I can’t speak to the format but I know some folks at Intel 471 and they’re ace.
www.intel471.com/resources/po...
I can’t speak to the format but I know some folks at Intel 471 and they’re ace.
www.intel471.com/resources/po...
Guess Who: The Adversary Edition
A live, interactive episode of Out of the Woods: The Threat Hunting Podcast where hosts walk through a real nation-state campaign step by step, revealing tradecraft clues and behavioral patterns as at...
www.intel471.com
November 18, 2025 at 4:19 PM
Intel 471 has an interesting thing scheduled for tomorrow: interactive, live podcast episode walking through a nation-state threat actor investigation with attendees.
I can’t speak to the format but I know some folks at Intel 471 and they’re ace.
www.intel471.com/resources/po...
I can’t speak to the format but I know some folks at Intel 471 and they’re ace.
www.intel471.com/resources/po...
"Cloudflare Enacts Single Largest Threat Actor Takedown In One Day - Unfortunately It's Their Customers, And Accidental"
November 18, 2025 at 3:09 PM
"Cloudflare Enacts Single Largest Threat Actor Takedown In One Day - Unfortunately It's Their Customers, And Accidental"
Reposted by Ian Campbell
Reposted by Ian Campbell
POV: you are a young woman celebrating a recent academic success
November 17, 2025 at 7:20 PM
POV: you are a young woman celebrating a recent academic success
Catching up on some reading… at 4am…and @hrbrmstr.dev ‘s GreyNoise work tracking Stark Industries’ shrug at international sanctions is excellent and very worth reading.
#infosec #threatintel
www.greynoise.io/blog/stark-i...
#infosec #threatintel
www.greynoise.io/blog/stark-i...
The Stark Industries Shell Game - When Bulletproof Hosting Proves Bulletproof
EU sanctions hit Stark Industries in May 2025. GreyNoise data shows how the group quietly rebranded to THE.Hosting and kept its malicious infrastructure running.
www.greynoise.io
November 18, 2025 at 8:48 AM
Catching up on some reading… at 4am…and @hrbrmstr.dev ‘s GreyNoise work tracking Stark Industries’ shrug at international sanctions is excellent and very worth reading.
#infosec #threatintel
www.greynoise.io/blog/stark-i...
#infosec #threatintel
www.greynoise.io/blog/stark-i...
New report from Google Threat Intel on Iran's UNC1549 targeting aerospace & defense
#threatintel
cloud.google.com/blog/topics/...
#threatintel
cloud.google.com/blog/topics/...
Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem | Google Cloud Blog
Tactics, techniques and procedures we discovered during incident response investigations into UNC1549 activity.
cloud.google.com
November 17, 2025 at 9:12 PM
New report from Google Threat Intel on Iran's UNC1549 targeting aerospace & defense
#threatintel
cloud.google.com/blog/topics/...
#threatintel
cloud.google.com/blog/topics/...
No need, Oura, we're well acquainted.
November 17, 2025 at 9:04 PM
No need, Oura, we're well acquainted.
Watching a streamer play a Chinese martial arts game in beta, Where Winds Meet, and it's the first time I'm seeing a game leveraging AI to offer to model the player's voice for dialogue scenes. (Available in character creation but not functional yet.)
November 15, 2025 at 1:39 PM
Watching a streamer play a Chinese martial arts game in beta, Where Winds Meet, and it's the first time I'm seeing a game leveraging AI to offer to model the player's voice for dialogue scenes. (Available in character creation but not functional yet.)
Humans are wild
I'm on an adult sex dating site. I play with, remove, and then swallow the wedding rings of married people during sex. Done it four times now. The look of surprise followed by fear on their faces. It's a sure way that I get to see them again and there is a next time.
November 15, 2025 at 1:26 PM
Humans are wild
Reposted by Ian Campbell
This is why I have to apologise to doggy daycare
November 15, 2025 at 3:16 AM
This is why I have to apologise to doggy daycare
Alright that photo of Trump cupping Bill Clinton’s crotch is enough internet for me for a while.
November 15, 2025 at 6:41 AM
Alright that photo of Trump cupping Bill Clinton’s crotch is enough internet for me for a while.
Reposted by Ian Campbell
