Olivia
Online
Kyle Eaton
@0xkyle
phishing, maldocs, threat intel
Joined March 2015
343 Following
1K Followers
622 Posts
Look, backtrack is still cooler than kali
@KyleTDavis1 You’ve always been a joy to work with, and have given me good advice related to work/cyber and anything else I’ve needed help with. I know you’ll thrive wherever you land next
@j2k3k Interviewers when I, literally Neo in the matrix, runs ssh on a nonstandard port
Who to follow
Greg Lesnewich
@greglesnewich
great, now I'm on twitter
Dan Perez 
@MrDanPerez
Technical Lead, 🇨🇳 Mission @Google GTIG. Specializing in tracking and attribution of China-Nexus Threats, and making life difficult for them.
SLEUTHCON
@SLEUTHCON
SLEUTHCON ‘26 CFP and registration are now open! https://t.co/vRns0Do5xa
Proofpoint threat researchers have designed an open-source tool—named PDF Object Hashing—to track and detect the unique characteristics of PDFs used by threat actors... similar to a digital fingerprint.
We use this tool internally to help track multiple threat actors with high confidence, improving attribution in many cases.
The tool has been released in the @Proofpoint Emerging Threats public #GitHub for other defenders to leverage.
Learn more about it here: https://t.co/I8IGC8mxCk
@ET_Labs #PDF #threatdetection #cyberthreat
I’ll be presenting at @GrrCON this year about some weird pdf detection ideas I’ve been messing with. Swing by and tell me your file format
@ex_raritas It’s been really nice working with you, and good luck in your next role! 🐜
@MalwareUtkonos @greglesnewich Oh that’s really good, especially considering all the other offsets are based from the eocd
@MalwareUtkonos @greglesnewich I do really like that you’re using the filesize in part of the location check like that, I don’t know if I have any rules that use the filesize in that way.
@MalwareUtkonos @greglesnewich Am I right in assuming that’s meant to make sure you’re only reading the eocd of the actual zip file and not any of the sub files? I have some rules where I’ve done something similar, I think it went something like: uint32be(@eocd[#eocd] + whatever) == 0xdeadbeef
the biggest skill jump I took with yara was to think how the bytes within a file relate to one another
Malware isn’t a monolith - it’s a composite of bytes, and those bytes have to work together to do their job.
we can exploit those unique relations to track em
@greglesnewich @MalwareUtkonos Definitely have to echo how impactful learning file formats was for improving my yara rules. How highly structured the
Zip format is makes rules very fun. The only sample rule I have rn is this old compression ratio one
The PDF spec is where the phrase “bless this mess” originated.
https://t.co/Tl8mp0dd9A
Also expecting to see indiandefenceforces[.]link soon
Haven’t seen PDFs yet but new domain popped up: defenceindia[.]link
Haven’t seen PDFs yet but new domain popped up: defenceindia[.]link
departmentofdefence[.]link 🧐
Probably see PDFs using this soon
7c8a483f3c745d23db9557479bedbc6e458104c77709edc6907fa108065fc63a
PDF phish
ministryofdefenceindia[.]link does not pass the sniff test.
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers