banner
LightNews
wxs.bsky.social
Wesley Shields
@wxs.bsky.social
670 followers 46 following 170 posts
Working at Google TAG. Retired FreeBSD committer. May or may not be a robot.
Posts Media Videos Starter Packs
Pinned
wxs.bsky.social
Wesley Shields @wxs.bsky.social · Jan 14
"The popular definition of 'simple' among programmers has moved from 'few moving parts' to 'short invocation' (easy) and this is a problem."

Not my quote but I stand by it.

Another good one: "Layers of abstraction become boundaries of competence"

That one is Travis Goodspeed I think.
1
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 3d
Smart person says smart things! And it’s not just when walking this structure (though it is great there) it is for any loop that can get out of hand.

Use it and be happy. Don’t use it and be sad - as I have seen first hand multiple times.
xorhex.bsky.social
🇺🇦 Xorhex 🇺🇦 @xorhex.bsky.social · 3d
When walking a zip file's central directory structure using #yara-x, `math.max` and `with` are your friends.
1
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 4d
I won’t be at CYBERWARCON this year so I need someone to give @hultquist.bsky.social a hard time for me. I don’t yet know why he deserves this, but I’m sure a reason will present itself between now and then. The man never disappoints in the shenanigans and tomfoolery department.
1 1 5
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 6d
I appreciate it. Happy to help, but credit really goes to Victor for being so responsive to contributors and users!
1
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 6d
And credit to @xorhex.bsky.social for the feature request that inspired me to get off my ass and do something.

github.com/VirusTotal/y...
1 2
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 6d
Two things:

YARA-X 1.8.0 is out with some nice features if you use the various bindings and a bug fix involving an edge case in PE signatures. Congrats to all involved!

To be more useful I wrote a small PR to display filenames in console.log() output when using yr scan.

github.com/VirusTotal/y...
Release v1.8.0 · VirusTotal/yara-x
Implement block scanning API for Rust and C (#459, 185c2ee). Implement Golang and C APIs for setting global variables of type array and structure (#449). Add iterator for Rules object in Python (#4...
github.com
1 1 3
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 16d
www.zscaler.com/blogs/securi... - Nice writeup by zscaler on some COLDRIVER malware. I'm talking about this stuff at #FTSCon in a few weeks and will have lots more details there.
COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz
The Russia-linked group COLDRIVER targeted dissidents and their supporters using a ClickFix technique, resulting in the deployment of BAITSWITCH and SIMPLEFIX.
www.zscaler.com
4 7
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 20d
I’ve given the new Tanglewood album a few solid listens since the release on Friday. It continues to impress with the uncompromising sound and production quality out of this band. You should listen to the first two albums a few times to really understand this album. Definitely in my rotation list.
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 20d
The first album by Lucid Planet was an instant like. A great progressive rock album that is insanely well produced. When the second album came out I liked it but it took a few full listens to really come into its own - I had to really embrace the electronica inspirations but definitely great album.
Lucid Planet
open.spotify.com
1
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 22d
Those are the best. There’s a place near me called Utica Bakery that is run out of a trailer on cinder blocks. Only open a few hours on weekends and you get whatever they happen to post as their menu that day. Always sells out and so damn good.
Blocks.is / Typescript Components for Websites and User Interfaces
Collection of Typescript Components for building Websites and User Interfaces by Bridger Tower.
blocks.is
2
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 23d
I got no problem with that, I’ve basically been encouraging it. I find it hilarious that most people who say it have no idea why people call me a robot.
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 23d
The whole “wxs is a robot” meme has officially gone too far. See you in October!
volatilityfoundation.org
Volatility @volatilityfoundation.org · 24d
#FTSCon Speaker Spotlight: Wesley Shields (@wxs.bsky.social) is presenting “COLDRIVER: NOROBOT/YESROBOT/MAYBEROBOT” in the HUNTER track.

See the full list of speakers + event info, including how to register, here: volatilityfoundation.org/from-the-sou...
1 1 4
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 25d
yara-x 1.7.0 is out. Some good bug fixes in there! Congrats to Victor and all the contributors!

github.com/VirusTotal/y...
Release v1.7.0 · VirusTotal/yara-x
New warning suggesting the use of none of them instead of 0 of them. Added option --max-matches-per-pattern to the CLI and the max_matches_per_pattern method to the Python API (#437). New yrx_final...
github.com
2
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 26d
Spotify algorithm is on some serious drugs. What the deuce is this?
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 27d
I’ll be giving a talk at FTS this year. Not going to lie, I’m doing it just so I can heckle Sir Tom of The House of Lancaster (@tlansec.bsky.social) in person.

volatilityfoundation.org/from-the-sou...
From The Source 2025
Learn Directly from the World’s Leading Digital Investigators: On Monday, October 20, 2025, the Volatility Foundation is hosting From The Source, a one-day summit, in Arlington, VA, followed by fou…
volatilityfoundation.org
1 5
wxs.bsky.social
Wesley Shields @wxs.bsky.social · Sep 9
Thanks! It's been a mixed bag but I'm surviving. You can't keep a good robot down!
1
wxs.bsky.social
Wesley Shields @wxs.bsky.social · Sep 9
Almost a month ago I had to have emergency surgery to have my gallbladder removed (not fun, do not recommend). It does mean I just got to use the sentence: "unnecessary organs will be removed for efficiency" - and for that I am happy.
1 3
wxs.bsky.social
Wesley Shields @wxs.bsky.social · Sep 3
a cat is standing on its hind legs on a beach with the words `` weirdo '' written below it .
ALT: a cat is standing on its hind legs on a beach with the words `` weirdo '' written below it .
media.tenor.com
1
wxs.bsky.social
Wesley Shields @wxs.bsky.social · Sep 3
Uh, that’s an every day breakfast item. Don’t know what weird stuff you’re doing up there!
1
wxs.bsky.social
Wesley Shields @wxs.bsky.social · Aug 31
Somebody to love. Perfect melody and harmonies.
1
wxs.bsky.social
Wesley Shields @wxs.bsky.social · Aug 26
I’m old enough to remember lil john and the ying yang boys. I won’t be calling them by that name, at least not with a straight face!
a man with dreadlocks wearing a ny hat and glasses says yeaaahhhh
ALT: a man with dreadlocks wearing a ny hat and glasses says yeaaahhhh
media.tenor.com
1 1
wxs.bsky.social
Wesley Shields @wxs.bsky.social · Aug 25
Patrick doing good work and with classy emoji usage in the <whatever the equivalent to a tweet is>.
1 2
wxs.bsky.social
Wesley Shields @wxs.bsky.social · Aug 8
YARA-X 1.5.0 is out. Nice new features (including a crx module) and bug fixes. Congratulations to Victor and all the contributors!

github.com/VirusTotal/y...
Release v1.5.0 · VirusTotal/yara-x
Implement the crx module for parsing Chrome Extension files (#423). Allow underscores in integer and float literals (#405). Adopt Anomali's symhash algorithm for Mach-O files (#425). Support boolea...
github.com
1 4
wxs.bsky.social
Wesley Shields @wxs.bsky.social · Jul 29
…shellcode that is written to be benign on one platform but do something malicious on another.

Knowing what the bytes mean in the context in which they are executed is critical to expressing complex signatures.
1 3
wxs.bsky.social
Wesley Shields @wxs.bsky.social · Jul 29
I’ve said this and a corollary to this for years. It’s all just bytes but “why is that particular sequence interesting” and “what do those bytes mean in the context of this malware” are the more interesting questions.

Many decades ago I discovered something new to me that illustrates this…
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · Jul 28
the biggest skill jump I took with yara was to think how the bytes within a file relate to one another

Malware isn’t a monolith - it’s a composite of bytes, and those bytes have to work together to do their job.

we can exploit those unique relations to track em
1 2 7
wxs.bsky.social
Wesley Shields @wxs.bsky.social · Jul 21
First question: Will I be fired for only referring to you as Sir Tom of The House of Lancaster?

Seriously though, if you’re looking this is one of the teams I would consider.
tlansec.bsky.social
tlansec @tlansec.bsky.social · Jul 21
@volexity.com is looking to grow our Threat Intelligence team. New job posting for Senior Analyst role is up here:

www.volexity.com/company/care...

If you have any questions, don't hesitate to ask.
Open Position
Career Opportunity: Volexity is currently looking to hire Senior Threat Intelligence Analyst to join its rapidly growing services team.
www.volexity.com
1 4