NCT

❓ Is dual RTX-3090 rig worth $4K for home inferencing? 🔹 2× RTX 3090 GPUs in one PC with shared mem 🔹 + NVLink bridge for best performance 🔹 Gives effective 48 GB VRAM via tensor parallel (TP=2) ✅ Memory is pooled for large models (70B+ Q4/Q5) ✅ vLLM / llama.cpp / ExLlamaV2 split & run across both ❌ 4090 & 5090 lack NVLink → slower PCIe-only multi-GPU Still a top value local LLM rig in 2026.

𝗙𝗿𝗲𝗲 𝗦𝗜𝗘𝗠 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴𝘀 ✅ Microsoft Sentinel 📎 What is Microsoft Sentinel – https://t.co/WM1y9nQoib 📎 Microsoft Sentinel Level 400 Training – https://t.co/9NZLGR4GAA 📎 SOC 101 – https://t.co/3RUpdukXm9 ✅ Other SIEM Platforms 🔹 FortiSIEM – https://t.co/mxNw0FLRwC 🔹 AlienVault OSSIM – https://t.co/mCgM0NZdU5 🔹 LogSign – https://t.co/Sz59sU8PeJ 🔹 Exabeam Fusion SIEM – https://t.co/y2kKZo1ryk 🔹 Devo SIEM – https://t.co/trLJwQaCFc 🔹 Rapid7 InsightIDR – https://t.co/Z71LZxxWmt 🔹 Chronicle Security (Google Cloud) – https://t.co/3H53RsJ7YX

This is very good malware. This is solid-solid-SOLID B+ malware, very close to A- malware. APT37 is using a old-school playbook. They're doing EPO (Entry Point Obfuscation) on a self-delivered binary for evasion. They also unironically are using something akin to cavity infection ... but on themselves. This is something you saw more in the Windows 95 - Windows XP era, not something you see in 2026. Very cool. I respect it. The multi-staged fragmentation of shellcode phases is also really, really, really cool. This is (once again) a more old-school technique usually reserved for infected binaries, not self-delivered binaries. Despite all of these super cool features, APT37 shoots themselves in the foot immediately. - EAT walking for Kernel32 functionality (???) - XOR decryption is a huge red flag - Allocating with PAGE_EXECUTE_READWRITE (???) - Hardcoded OAuth token (???) - Used external dependency for AES (???) Why not use NT functionality to hook evasion? XOR is easily identified in static analysis, why XOR? Allocating memory with VirtualAlloc with RWX is a MASSIVE RED FLAG. They also hardcode a OAuth token ... they can multi-staged shellcode payload with old-school malware techniques but hardcore AN OAUTH TOKEN? It unironically makes me wonder if they had one old-head malware guy working on it, then they had some newer dude do the non-hardcore stuff. There is a huge gap in skill sets here. Or the old-head hasn't kept up to date on malware stuff since 2005... or they got lazy... I don't know, really weird.