banner
LightNews
xorhex.bsky.social
🇺🇦 Xorhex 🇺🇦
@xorhex.bsky.social
230 followers 570 following 80 posts
Posts Media Videos Starter Packs
Reposted by 🇺🇦 Xorhex 🇺🇦
bbaskin.bsky.social
Brian Baskin @bbaskin.bsky.social · 11h
The Binary Ninja 5.2 dev release is showing some amazing work with their new Time Travel Debugging (TTD) interface. This makes a huge impact on analysis!

(and fits well on my UW monitor)
1 2 7
xorhex.bsky.social
🇺🇦 Xorhex 🇺🇦 @xorhex.bsky.social · 1d
When walking a zip file's central directory structure using #yara-x, `math.max` and `with` are your friends.
1 1
xorhex.bsky.social
🇺🇦 Xorhex 🇺🇦 @xorhex.bsky.social · 3d
Time to update: cargo install-update -i yara-x-cli
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 3d
Two things:

YARA-X 1.8.0 is out with some nice features if you use the various bindings and a bug fix involving an edge case in PE signatures. Congrats to all involved!

To be more useful I wrote a small PR to display filenames in console.log() output when using yr scan.

github.com/VirusTotal/y...
Release v1.8.0 · VirusTotal/yara-x
Implement block scanning API for Rust and C (#459, 185c2ee). Implement Golang and C APIs for setting global variables of type array and structure (#449). Add iterator for Rules object in Python (#4...
github.com
xorhex.bsky.social
🇺🇦 Xorhex 🇺🇦 @xorhex.bsky.social · 3d
Yet again, you're providing god tier support on this open source project. Thank you! 🙇
1 2
Reposted by 🇺🇦 Xorhex 🇺🇦
hexacorn.bsky.social
Hexacorn @hexacorn.bsky.social · 5d
Using .LNK files as lolbins

www.hexacorn.com/blog/2025/10...
1 3 7
xorhex.bsky.social
🇺🇦 Xorhex 🇺🇦 @xorhex.bsky.social · 6d
Custom String Types 🫶
Reposted by 🇺🇦 Xorhex 🇺🇦
binary.ninja
Binary Ninja @binary.ninja · 6d
Binary Ninja 5.2 feature stream starts now! Join us to get a sneak peak of what's coming in the new stable: www.youtube.com/@vector35/live
Binary Ninja: 5.2 Feature Stream!
Let's check out all the new major headlining features coming soon in 5.2! Try Binary Ninja: https://binary.ninja/demo/ Check out Sidekick at https://sidekick...
www.youtube.com
1 1 3
Reposted by 🇺🇦 Xorhex 🇺🇦
strikereadylabs.com
StrikeReady Labs @strikereadylabs.com · 6d
Quite a bit of CN APT activity in europe in the past week

strikeready.com/blog/cn-apt-...

As always, if you're interested in tuning your skills, download the samples here github.com/StrikeReady-...
CN APT targets Serbian Government
Mustang Panda continues targeting European governments
strikeready.com
6 6
Reposted by 🇺🇦 Xorhex 🇺🇦
cyberoverdrive.bsky.social
The Banshee Queen 👑 @cyberoverdrive.bsky.social · 8d
A thread of great questions from @greg-l.bsky.social and fantastic answers (and nuance) by @invisig0th.bsky.social, about the legendary APT1 report and way more.
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 9d
HI @invisig0th.bsky.social been enjoying your recent media appearances with KZ and TBP!

Was wondering two things

1. You’re obviously the lead singer of the APT1 report “band” - Without burning names, can you talk about the make up of the team (skills, backgrounds, etc) +
& what made it special?
3 6
Reposted by 🇺🇦 Xorhex 🇺🇦
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 7d
Great piece from
@strikereadylabs.com
on a continuation of Operation Roundpress - both a great finding and walkthrough how to find, and analyze, these types of XSS phishes

strikeready.com/blog/0day-ic...
0day .ICS attack in the wild
Earlier in 2025, an apparent sender from 193.29.58.37 spoofed the Libyan Navy’s Office of Protocol to send a then-zero-day exploit in Zimbra’s Collaboration Suite, CVE-2025-27915, targeting Brazil’s m...
strikeready.com
1 2 6
Reposted by 🇺🇦 Xorhex 🇺🇦
pivotcon.bsky.social
PIVOTcon @pivotcon.bsky.social · 7d
📣 🔥 🛋️ SAVE THE DATE 🛋️ 🔥 📣
The next #PIVOTcon will be on 6-8 May 2026, in Malaga, ES!!!

You favorite ;) #ThreatResearch conference is coming back and we are planning to bring you the usual experience and content of utmost quality. Follow us + #StayTuned for more info
#CTI #ThreatIntel #PIVOTcon26
10 16
xorhex.bsky.social
🇺🇦 Xorhex 🇺🇦 @xorhex.bsky.social · 7d
Thanks!! That means a lot. Hoping to drop an update with another feature one of these days. So many ideas and not enough time 😅
1
xorhex.bsky.social
🇺🇦 Xorhex 🇺🇦 @xorhex.bsky.social · 7d
#MustangPanda
2
xorhex.bsky.social
🇺🇦 Xorhex 🇺🇦 @xorhex.bsky.social · 8d
Doesn’t look like they are on bsky.
1
xorhex.bsky.social
🇺🇦 Xorhex 🇺🇦 @xorhex.bsky.social · 8d
Know if it’s Yara or Yara-X? When I quickly went through the blog, I got the feeling it was Yara.
1 1
Reposted by 🇺🇦 Xorhex 🇺🇦
mrphrazer.bsky.social
Tim Blazytko @mrphrazer.bsky.social · 10d
We at @emproofsecurity.bsky.social open-sourced a free firmware reverse engineering workshop for self-study.

Topics: ELF analysis, cracking, malware triage, embedded-Linux, bare-metal, crypto-key extraction, anti-analysis. Docker setup and solutions included.

github.com/emproof-com/...
GitHub - emproof-com/workshop_firmware_reverse_engineering: Workshop on firmware reverse engineering
Workshop on firmware reverse engineering. Contribute to emproof-com/workshop_firmware_reverse_engineering development by creating an account on GitHub.
github.com
2 5
xorhex.bsky.social
🇺🇦 Xorhex 🇺🇦 @xorhex.bsky.social · 10d
Why is it so hard to get software over the last mile stone to make it usable for more than just me? I've a new #BinaryNinja ( #yarax ) plugin sitting in the wings needing to be polished for release and another release of #BinjaExtras with additional features close, but not close enough for release.
2
Reposted by 🇺🇦 Xorhex 🇺🇦
julianferdinand.bsky.social
Julian-Ferdinand Vögele @julianferdinand.bsky.social · 11d
Excited to join a discussion on the second edition of The Mythical Beast by Jen Roberts (@atlanticcouncil.bsky.social), exploring the complex networks behind the spyware ecosystem. This kicks off the new Colloquium series by @virtualroutes.bsky.social: virtual-routes.org/event/mythic...
Mythical Beasts and Where to Find Them: Diving into the Depths of the Global Spyware Market - Virtual Routes Colloquium
The first session of the Virtual Routes Colloquium Fall/Winter series hosts Jen Roberts from Cyber Statecraft Initiative. Jen will present her research on "Mythical Beasts and Where to Find Them: Divi...
virtual-routes.org
10 10
Reposted by 🇺🇦 Xorhex 🇺🇦
esetresearch.bsky.social
ESET Research @esetresearch.bsky.social · 14d
#ESETresearch has observed #Gamaredon exploiting CVE-2025-8088 (#WinRAR path traversal) in an ongoing spearphishing campaign. This vulnerability allows arbitrary file write via crafted RAR archives. 1/6
1 9 16
Reposted by 🇺🇦 Xorhex 🇺🇦
cyberoverdrive.bsky.social
The Banshee Queen 👑 @cyberoverdrive.bsky.social · 15d
First public report at Recorded Future by yours truly is out! RedNovember (formerly TAG-100, a.k.a. Storm-2077) is a Chinese state-sponsored threat group focused on intelligence collection, especially on flashpoint issues of strategic interest to China. www.recordedfuture.com/research/red...
RedNovember Targets Government, Defense, and Technology Organizations
RedNovember, a likely Chinese state-sponsored cyber-espionage group, has targeted global government, defense, and tech sectors using advanced tools like Pantegana and Cobalt Strike. Discover the lates...
www.recordedfuture.com
2 14 22
Reposted by 🇺🇦 Xorhex 🇺🇦
wxs.bsky.social
Wesley Shields @wxs.bsky.social · 13d
www.zscaler.com/blogs/securi... - Nice writeup by zscaler on some COLDRIVER malware. I'm talking about this stuff at #FTSCon in a few weeks and will have lots more details there.
COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz
The Russia-linked group COLDRIVER targeted dissidents and their supporters using a ClickFix technique, resulting in the deployment of BAITSWITCH and SIMPLEFIX.
www.zscaler.com
4 7
Reposted by 🇺🇦 Xorhex 🇺🇦
oxley.io
David Oxley @oxley.io · Aug 29
This morning, Amazon Cyber Threat Intelligence published a report about a recent watering hole attack by APT29 🇷🇺 that we discovered targeting Microsoft device code authentication. Proud of the work of the team and the chance to share this with the community! aws.amazon.com/blogs/securi...
Amazon disrupts watering hole campaign by Russia’s APT29 | Amazon Web Services
Amazon’s threat intelligence team has identified and disrupted a watering hole campaign conducted by APT29 (also known as Midnight Blizzard), a threat actor associated with Russia’s Foreign Intelligen...
aws.amazon.com
2 10
Reposted by 🇺🇦 Xorhex 🇺🇦
julianferdinand.bsky.social
Julian-Ferdinand Vögele @julianferdinand.bsky.social · 18d
I'm excited to speak at #VB2025 later this week! I'll be diving into TAG-124, a group whose services are leveraged by a wide range of actors, from cybercriminals to state-sponsored groups. Hit me up if you are in town!

www.virusbulletin.com/conference/v...
9 18
Reposted by 🇺🇦 Xorhex 🇺🇦
julianferdinand.bsky.social
Julian-Ferdinand Vögele @julianferdinand.bsky.social · 23d
Really excited to present at #LABScon25 on ChamelGang‘s most recent campaign targeting the Taliban, a collaborative research project with @milenkowski.bsky.social (SentinelLABS) and @azaka.fun (TeamT5)! www.labscon.io/speakers/jul...
3 5
Reposted by 🇺🇦 Xorhex 🇺🇦
re-verse.io
RE//verse @re-verse.io · Sep 2
RE//verse 2026 CFP is open! Want to be apart of the lineup? Submit your talk: sessionize.com/reverse-2026
2 2