LightNews
tlansec.bsky.social
tlansec
@tlansec.bsky.social
760 followers 250 following 38 posts
Threat Intel @volexity.com n stuff. London, UK.
Posts Media Videos Starter Packs
Reposted by tlansec
rndmamusings.bsky.social
RandomAccessMusings @rndmamusings.bsky.social · 2d
This was an interesting one to work on! tldr: Chinese aligned actor uses LLM to empower their malware development, target gathering, and phishing operation. Goes wrong and starts randomly including pornographic material and other random files/info.

www.volexity.com/blog/2025/10...
APT Meets GPT: Targeted Operations with Untamed LLMs
Starting in June 2025, Volexity detected a series of spear phishing campaigns targeting several customers and their users in North America, Asia, and Europe. The initial observed campaigns were tailor...
www.volexity.com
4 4
Reposted by tlansec
volexity.com
Volexity @volexity.com · 2d
APT meets GPT: @volexity.com #threatintel is tracking #threatactor UTA0388's spear phishing campaigns against targets in North America, Europe & Asia, appearing to use LLMs to assist their ops. Letting #AI run your espionage operations? What could go wrong?
APT Meets GPT: Targeted Operations with Untamed LLMs
Starting in June 2025, Volexity detected a series of spear phishing campaigns targeting several customers and their users in North America, Asia, and Europe. The initial observed campaigns were tailor...
www.volexity.com
2 2
Reposted by tlansec
volatilityfoundation.org
Volatility @volatilityfoundation.org · 3d
We would like to thank @volexity.com for sponsoring the #FTSCon 2025 Evening Reception, which will be at VUE Rooftop DC this year! If you haven’t registered for FTSCon yet, there’s still time! Registration closes Sunday Oct 12; learn more + register here: volatilityfoundation.org/from-the-sou...
4 3
Reposted by tlansec
pj47596176.bsky.social
PJ 🇨🇦 🧬🔬📡💻 🥃 @pj47596176.bsky.social · 5d
youtube.com/watch?v=5Z6a...
Bran Van 3000 - Drinking in LA (live at Nulle Part Ailleurs)
YouTube video by Pascal Burger
youtube.com
1 1
Reposted by tlansec
what-is-sos.bsky.social
State of Statecraft Conference @what-is-sos.bsky.social · 12d
⏰ The inaugural SOS conference is 30 days away! Have you gotten your ticket yet?!?

Listen to expert discussions on state-sponsored operations covering espionage, sabotage, and attribution of Russia, China, Iran, and more.

Registration is still open! stateofstatecraft.com/agenda
4 7
Reposted by tlansec
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 14d
www.zscaler.com/blogs/securi... - Nice writeup by zscaler on some COLDRIVER malware. I'm talking about this stuff at #FTSCon in a few weeks and will have lots more details there.
COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz
The Russia-linked group COLDRIVER targeted dissidents and their supporters using a ClickFix technique, resulting in the deployment of BAITSWITCH and SIMPLEFIX.
www.zscaler.com
4 7
Reposted by tlansec
cyberoverdrive.bsky.social
The Banshee Queen 👑 @cyberoverdrive.bsky.social · 16d
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
RedNovember Targets Government, Defense, and Technology Organizations
RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...
www.recordedfuture.com
2 14 22
Reposted by tlansec
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 17d
Couple of openings here in our threat research org!

Staff Security Research Engineer:
proofpoint.wd5.myworkdayjobs.com/en-US/Proofp...

Senior Threat Researcher (ecrime team):

proofpoint.wd5.myworkdayjobs.com/ProofpointCa...
Staff Security Research Engineer
About Us: We are the leader in human-centric cybersecurity. Half a million customers, including 87 of the Fortune 100, rely on Proofpoint to protect their organizations. We’re driven by a mission to s...
proofpoint.wd5.myworkdayjobs.com
5 10
Reposted by tlansec
adamcsharp.bsky.social
Adam Sharp @adamcsharp.bsky.social · 19d
In Swedish, a word for what you eat to bridge the gap between meals (or while waiting for the main course to cook) is stödmacka. It means "support sandwich."

A similar word in Norwegian is ventepølse, or "waiting sausage."
61 440 2.2K
Reposted by tlansec
pj47596176.bsky.social
PJ 🇨🇦 🧬🔬📡💻 🥃 @pj47596176.bsky.social · 21d
www.welivesecurity.com/en/eset-rese...
Gamaredon X Turla collab
ESET researchers reveal how the notorious APT group Turla collaborates with fellow FSB-associated group known as Gamaredon to compromise high‑profile targets in Ukraine.
www.welivesecurity.com
1 1
Reposted by tlansec
volatilityfoundation.org
Volatility @volatilityfoundation.org · 22d
#FTSCon Speaker Spotlight: Wesley Shields (@wxs.bsky.social) is presenting “COLDRIVER: NOROBOT/YESROBOT/MAYBEROBOT” in the HUNTER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
6 4
Reposted by tlansec
dirkjanm.io
Dirk-jan @dirkjanm.io · 23d
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-gl...
One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise ...
dirkjanm.io
9 38 85
Reposted by tlansec
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 25d
I’ll be giving a talk at FTS this year. Not going to lie, I’m doing it just so I can heckle Sir Tom of The House of Lancaster (@tlansec.bsky.social) in person.

volatilityfoundation.org/from-the-sou...
From The Source 2025
Learn Directly from the World’s Leading Digital Investigators: On Monday, October 20, 2025, the Volatility Foundation is hosting From The Source, a one-day summit, in Arlington, VA, followed by fou…
volatilityfoundation.org
1 5
Reposted by tlansec
qntm.org
qntm @qntm.org · Sep 7
ME, IN TEARS: you can't just say every single part of a computer system is a file

UNIX, POINTING AT THE MOUSE: file
39 510 2.3K
Reposted by tlansec
attrc.bsky.social
Andrew Case @attrc.bsky.social · Sep 3
The next in-person offering of our Malware and Memory Forensics Training will be held in Arlington, VA from Oct 21st-24th. This course has converted to Volatility 3, and all the material and labs are updated to cover the latest threats & analysis techniques

memoryanalysis.net/courses-malw...
Malware and Memory Forensics Training - Memory Analysis
Malware and memory forensics training courses offered by the Memory Analysis Team.
memoryanalysis.net
6 6
Reposted by tlansec
benread.bsky.social
Ben Read @benread.bsky.social · Sep 3
Now up to 22 different Cinnamon Toast Crunch related products. The quest continues.
benread.bsky.social
Ben Read @benread.bsky.social · Sep 3
Cinnamon Toast Crunch with Strawberry. Doesn't seem like it would add much, but who knows.
Cinnamon Toast Crunch with Strawberry
1 2
Reposted by tlansec
pstirparo.bsky.social
Pasquale Stirparo 🇺🇦 🇪🇺 @pstirparo.bsky.social · Aug 28
TL;DR I am launching my #startup and we are going to change how to evaluate,cluster and reason about #malware, delivering accurate,contextual intelligence on samples. Say Hi to RationalEdge
@rationaledge.bsky.social
rationaledge.io

#threatintel #threathunting #cti #reverseengineering #detection 1/9
RationalEdge - Intelligence Meets Accuracy
Advanced malware analysis and threat intelligence solutions by RationalEdge
rationaledge.io
2 15 25
Reposted by tlansec
volexity.com
Volexity @volexity.com · Aug 22
And that’s a wrap for our 2025 #summerinternship program! This was a great summer of challenging impactful projects & fun team-building excursions. We wish our students all the best as they settle back into their Dept of Computer Science programs at University of Notre Dame & University of Maryland!
2 2
Reposted by tlansec
joeposting.bsky.social
Joe @joeposting.bsky.social · Aug 17
I don't think children should have phones. They should have huge beige desktop computer with "Windows 9x Operating System", "Dedicated 3D accelerator", and "SoundBlaster compatible sound card"
75 330 1.8K
Reposted by tlansec
volatilityfoundation.org
Volatility @volatilityfoundation.org · Aug 13
Coming this October: #FTSCon 2025, hosted by @volatilityfoundation.org! And this year there are TWO in-person training opportunities!👇

#dfir #memoryforensics #volatility3 #hardwarehackingbasics #grandideastudio
1 4 2
Reposted by tlansec
volatilityfoundation.org
Volatility @volatilityfoundation.org · Aug 6
We are thrilled to announce that @joegrand.bsky.social is this year’s #FTSCon Keynote speaker! Joe will be sharing stories & technical details about his wallet hacking adventures to kickoff our full-day event on Monday, Oct 20, 2025. You don’t want to miss this!
1 5 4
Reposted by tlansec
volexity.com
Volexity @volexity.com · Aug 11
@volexity.com has released updates to its #opensource GoResolver project and more! This work was part of a project for one of our #summerinternship students. Read more details about Volexity’s updated GoResolver projects + other #golang tools in our special blog post!
Go Get 'Em: Updates to Volexity Golang Tooling
Volexity’s GoResolver tool was released in April 2025 to help with analysis of these samples, reducing analyst load when working with obfuscated Golang binaries. However, there are still some difficul...
www.volexity.com
1 10 10
Reposted by tlansec
esetresearch.bsky.social
ESET Research @esetresearch.bsky.social · Aug 11
#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74 www.welivesecurity.com/en/eset-rese...
1/7
1 11 17
Reposted by tlansec
wxs.bsky.social
Wesley Shields @wxs.bsky.social · Aug 8
YARA-X 1.5.0 is out. Nice new features (including a crx module) and bug fixes. Congratulations to Victor and all the contributors!

github.com/VirusTotal/y...
Release v1.5.0 · VirusTotal/yara-x
Implement the crx module for parsing Chrome Extension files (#423). Allow underscores in integer and float literals (#405). Adopt Anomali's symhash algorithm for Mach-O files (#425). Support boolea...
github.com
1 4
tlansec.bsky.social
tlansec @tlansec.bsky.social · Aug 8
Incredible writeup from Eye Security on their adventures logging into internal-only MS services: research.eye.security/consent-and-...