greg-l.bsky.social
Greg Lesnewich
@greg-l.bsky.social
520 followers 370 following 1.5K posts
oh great, now I’m on bluesky
Posts Media Videos Starter Packs
Reposted by Greg Lesnewich
xorhex.bsky.social
🇺🇦 Xorhex 🇺🇦 @xorhex.bsky.social · 12h
When walking a zip file's central directory structure using #yara-x, `math.max` and `with` are your friends.
1 1
Reposted by Greg Lesnewich
strikereadylabs.com
StrikeReady Labs @strikereadylabs.com · 5d
Quite a bit of CN APT activity in europe in the past week

strikeready.com/blog/cn-apt-...

As always, if you're interested in tuning your skills, download the samples here github.com/StrikeReady-...
CN APT targets Serbian Government
Mustang Panda continues targeting European governments
strikeready.com
6 6
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 6d
if solo, I agree

If at brunch or breakfast, I think you have to go donut holes instead of full sized. But determining if an order of donuts for the table, is as Good as an order of pancakes for the table… will require further research

To the diner and bakery!
1
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 6d
Great piece from
@strikereadylabs.com
on a continuation of Operation Roundpress - both a great finding and walkthrough how to find, and analyze, these types of XSS phishes

strikeready.com/blog/0day-ic...
0day .ICS attack in the wild
Earlier in 2025, an apparent sender from 193.29.58.37 spoofed the Libyan Navy’s Office of Protocol to send a then-zero-day exploit in Zimbra’s Collaboration Suite, CVE-2025-27915, targeting Brazil’s m...
strikeready.com
1 2 6
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 6d
a man with a beard wearing a bandana on his head .
ALT: a man with a beard wearing a bandana on his head .
media.tenor.com
2
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 6d
Which active crews right now catch your eye with such criteria? the one that gives you the urge to hunt them down?
2
Reposted by Greg Lesnewich
invisig0th.bsky.social
visi stark @invisig0th.bsky.social · 7d
That being said, my true love is still state affiliated actors (and hybrid ecosystems) engaged in sophisticated high-risk / high-reward attacks with creative and nimble trade-craft 💚 But that's probably due to my experience being on the other side of the microscope lens 😉
3 1 8
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 7d
we know each others pain 🫶
3
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 7d
Surprisingly difficult to get FULL buy in from engineering and leadership for such things to happen, even at ”cyber” companies in 2025
1 4
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 7d
Sounds like if there were some treaty and you could share a drink with a former adversary, that type would be top of your list to meet
1 3
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 7d
Dang! That sounds kind of romantic (if cyber can be such a thing)
1 3
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 7d
I love some executive buy in with real follow through!
1 1
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 7d
Also I can only find vague references to APT8 - what was so fascinating about them?
1 3
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 7d
Thanks for the answers! Time for Follow ups! Did you all get handed all of the M data pretty easily?

Or was it a longer process to get various folks to open up and share?
2 3
Reposted by Greg Lesnewich
invisig0th.bsky.social
visi stark @invisig0th.bsky.social · 7d
Actually authoring the report was mainly ( but not exclusively ) squirrely folks, some with previous experience writing finished intel for the US intelligence community. A couple from a more strategic/policy perspective and a few with more tactical/operational use.
1 1 2
Reposted by Greg Lesnewich
invisig0th.bsky.social
visi stark @invisig0th.bsky.social · 7d
Re 2: I had already been following several other state directed/affiliated threat groups, several of which we had associated MUCDs and individuals identified. APT5, APT8, APT12, APT17, APT18 all come to mind readily as groups that i found *far* more interesting at the time.
1 1 2
Reposted by Greg Lesnewich
wylienewmark.bsky.social
Horkos @wylienewmark.bsky.social · 7d
As both a Jew and a scholar of international affairs (2 degrees!): if someone actually listens to Mamdani’s explanation here and still (a) thinks he supports Hamas and/or (b) is antisemitic, then that person is acting in bad faith and should jump up their own asshole until they suffocate.
razzball.bsky.social
Razzball @razzball.bsky.social · 7d
Zohran Mamdani calling it a genocide on The View and getting applause.
1 4 27
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 7d
2 9
Reposted by Greg Lesnewich
validhorizon.bsky.social
Daniel Gordon @validhorizon.bsky.social · 8d
I don’t think I’ve seen a vendor do this before. Just add YARA support.

www.validin.com/blog/yara_hu...
Introducing YARA Rules: Search and Monitor the Internet’s Infrastructure with YARA | Validin
Learn how to threat hunt with YARA rules in the Validin platform using host response data. We show you how to uncover exposed LLM Keys using a YARA rule
www.validin.com
1 1 4
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 8d
2. What other groups or activity crossed your desk AFTER APT1 report dropped did you want to turn your sights onto?

And what was the limiting factor to not torch those groups as thoroughly as APT1? Just time/interest? Lack of viz? Unwilling to burn sources/methods?
1 8
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 8d
HI @invisig0th.bsky.social been enjoying your recent media appearances with KZ and TBP!

Was wondering two things

1. You’re obviously the lead singer of the APT1 report “band” - Without burning names, can you talk about the make up of the team (skills, backgrounds, etc) +
& what made it special?
1 2 15
Reposted by Greg Lesnewich
esetresearch.bsky.social
ESET Research @esetresearch.bsky.social · 12d
#ESETresearch has observed #Gamaredon exploiting CVE-2025-8088 (#WinRAR path traversal) in an ongoing spearphishing campaign. This vulnerability allows arbitrary file write via crafted RAR archives. 1/6
1 9 16
Reposted by Greg Lesnewich
swholocron.bsky.social
Star Wars Holocron @swholocron.bsky.social · 13d
Star Wars Visions Volume 3 features the craziest lightsaber we’ve ever seen 👀
3 10 48
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 13d
That’s wise. We’ll probably go that way in the future

We got scared off buy a company wanting to panel 80% of our roof 😵‍💫
1 1
greg-l.bsky.social
Greg Lesnewich @greg-l.bsky.social · 13d
And install companies are aggressive about stuff, and not transparent about cost of equipment and servicing. But they’re all crazy profitable, so… 🤔
1 1