Lightnews — Scholar-powered news

Silas Cutler @silascutler.bsky.social · 1h

𝗧𝗵𝗲 𝗖𝗿𝗼𝘄𝗻 𝗣𝗿𝗶𝗻𝗰𝗲, 𝗡𝗲𝘇𝗵𝗮: 𝗔 𝗡𝗲𝘄 𝗧𝗼𝗼𝗹 𝗙𝗮𝘃𝗼𝗿𝗲𝗱 𝗯𝘆 𝗖𝗵𝗶𝗻𝗮-𝗡𝗲𝘅𝘂𝘀 𝗧𝗵𝗿𝗲𝗮𝘁 𝗔𝗰𝘁𝗼𝗿𝘀
https://www.huntress.com/blog/nezha-china-nexus-threat-actor-tool

1

Silas Cutler @silascutler.bsky.social · 1d

Not seeing any good connections beyond. While the `banner_hash_sha256` on @censysio shows 4 other hosts, normally a good sign when looking for unique malware, the underlying conditions (content length / server header) are weak in this case.

Silas Cutler @silascutler.bsky.social · 1d

Back in the rest of the #opendir, uploads/ is used by app.py, I don't see where downloads_cache is used, but similar agent-[0-9]+ structure. The SANS PDF "All-books-in-oneSANSSEC670RedTeamingTools-DevelopingCustomToolsforWindows.pdf" may be the inspiration behind app.py/agent.go

1

Silas Cutler @silascutler.bsky.social · 1d

stealer.go (SHA256: bf9bbcc1692140d5aeaabb839a96e90d4c6df9b75e01ef79585ee07324b984ab) is a stand alone tool, for extracting logins. Looks to be custom, debug messages unique.

Silas Cutler @silascutler.bsky.social · 1d

Case statements in agent.go show a bit of the functionality :
- start_shell
- cd / list_files / delete
- upload / download
- clipboard_on / keylog_on
- shutdown / restart

mouse_move and mouse_click are interesting to see. Less common to see at this level of functionality implementation.

Silas Cutler @silascutler.bsky.social · 1d

app.py (SHA256: 707cd46cd390072ba79f2655c562a205cba586f3634ef52e8c034c8a6a607a8c)
looks to be the C2 server and agent.go (SHA256: 8342dd353a95bd8f8884eef0cd1ba5b4e81751f669babf8c91b068e10ea64d99) as the client.

1

Silas Cutler @silascutler.bsky.social · 1d

Interesting #OpenDir on #QuasarRat C2 server 185.208.159[.]161:8000 . The open web directory includes source code for a backdoor + misc development artifacts.

https://platform.censys.io/hosts/185.208.159.161
https://search.censys.io/hosts/185.208.159.161

#malware #thread 🧵

5

Silas Cutler @silascutler.bsky.social · 7d

AI video is getting better every day at beating KYC

Drew Harwell @drewharwell.com · 7d

OpenAI employees are very excited about how well their new AI tool can create fake videos of people doing crimes and have definitely thought through all the implications of this

1 2

Silas Cutler @silascutler.bsky.social · 8d

Wild to see Htran being used all these years later. cc: @joestewart.bsky.social

https://unit42.paloaltonetworks.com/phantom-taurus/

1

Silas Cutler @silascutler.bsky.social · 9d

Disallow: /security-research? Crypto Phishing Sites' Failed Attempt to Block Investigators

https://censys.com/blog/disallow-security-research-crypto-phishing-sites-failed-attempt-to-block-investigators

1 1 1

Silas Cutler @silascutler.bsky.social · 11d

CFP for #DistrictCon closes tomorrow https://www.districtcon.org/cfp . Speakers set be announced on 20 October 2025

2 3

Silas Cutler @silascutler.bsky.social · 12d

Updated post from GreyNoise about Cisco ASA vuln
https://www.greynoise.io/blog/scanning-surge-cisco-asa-devices

2

Silas Cutler @silascutler.bsky.social · 14d

https://censys.com/blog/a-look-at-polaredge-adjacent-infrastructure

1

Silas Cutler @silascutler.bsky.social · 17d

CFP for #DistrictCon closes next week https://www.districtcon.org/cfp .

Silas Cutler @silascutler.bsky.social · 22d

cool post
https://kennedn.com/blog/posts/tapo/

2 2

Reposted by Silas Cutler

Armin Ronacher @mitsuhiko.at · Sep 6

A small rant on the contemporary Zeitgeist for the weekend. Fuck 996. lucumr.pocoo.org/2025/9/4/996/

996

There is cost to your lifestyle.

lucumr.pocoo.org

5 14 100

Reposted by Silas Cutler

Institute for Security and Technology @istorg.bsky.social · Sep 5

SAVE THE DATE: the 3rd annual #CyberPolicyAwards will be held on Feb. 5 2026 at the National Press Club in DC! IST is proud to present another year of the premier gathering of the U.S. cyber community & key international partners to recognize those who have driven progress.
🏆 Register for updates:

Third Annual Cyber Policy Awards

Save the Date to join IST for the Third Annual Cyber Policy Awards in February 2026.

securityandtechnology.org

1

Reposted by Silas Cutler

CYBERWARCON @cyberwarcon.bsky.social · Aug 28

3 4

Silas Cutler @silascutler.bsky.social · Aug 28

https://x.com/cyberwarcon/status/1961119335813931093?s=46&t=20DjMeG2QQOhJR4gMy2OPA

Silas Cutler @silascutler.bsky.social · Aug 28

Pondering my ORB - A look at #PolarEdge Adjacent Infrastructure

https://censys.com/blog/pondering-my-orb-a-look-at-polaredge-adjacent-infrastructure

2 3

Silas Cutler @silascutler.bsky.social · Aug 26

2025 State of the Internet Report: Summary and Conclusions
https://censys.com/blog/2025-state-of-the-internet-report-summary-and-conclusions

(Screenshot: PolarEdge infections as of 5 August 2025)

1 3 4

Silas Cutler @silascutler.bsky.social · Aug 26

Yes, I would like this patch

1

Silas Cutler @silascutler.bsky.social · Aug 22

Sadly RSS is not working on the site. A few of us internally have been pushing for it.

1 1

Reposted by Silas Cutler

Debby ⁂ ❤️🐧📎 @debby.blue-ocean.social · Aug 21

Microsoft admits it can—and will—hand over Canadian citizens’ data, as well as sensitive government and defence information stored on its servers, to the US government upon request. Even worse? They aren’t required to notify anyone when it happens. 👀
#cdnpoli #DataSovereignty #PrivacyMatters

Microsoft says U.S. law takes precedence over Canadian data sovereignty

Microsoft representative says US CLOUD Act comes before other country's sovereignty.

www.digitaljournal.com

17 70 110

Silas Cutler @silascutler.bsky.social · Aug 16

IST's Bluesky is @istorg.bsky.social

1 2