.dzeko

Hot take: the cybersecurity industry is losing its institutional memory. The OG hackers - the ones who figured this stuff out before there were playbooks - are aging out. And most of their knowledge is not being captured. What they learned by breaking things in the 90s and early 2000s is still more relevant than half the threat intel reports being published today. We need more stages, more mentorship, more intentional knowledge transfer. Before that generation is gone.

GOOGLE BUILT A SECRET WEAPON FOR FILE DETECTION they ran it internally for years, gmail, drive, safe browsing, hundreds of billions of files every week then they open sourced it it's called magika and it exposes what files really are, not what they pretend to be rename malware to "resume.pdf"? magika sees through it disguise a script as an image? magika sees through it any trick attackers use with file extensions? magika sees through all of it ai trained on 100 million files. 200+ content types. 99% accuracy. 5ms per file one command `pip install magika` the same tool protecting google's billion users is now protecting yours https://t.co/Jr3LjmQobq

I'm a hacker and for 15 years I've worked on the offensive side - which is why this is not coming from a defensive frame of mind/opinion. I'm watching my own community (cybersecurity) laugh at AI slop while completely missing the point. Yeah, there will be mistakes. New vulnerabilities. That's what happens with any new tech. But security people sitting on the sidelines saying "ha ha look at that garbage" think they're being smart when they're actually getting left behind. You can't just point fingers anymore. If you're too busy mocking AI to learn how to work with it, you'll get replaced by a sixty-dollar Anthropic subscription. The acceleration is real. Your "sorry I'm on the spectrum" excuses won't save your job.

🚀 It’s official — my new book is live on Amazon: MAoS – Malware Analysis on Steroids This book is not like the others. It’s built on years of raw, hands-on research, reverse engineering sessions at 3 AM, and real-world incident response cases. Inside, you’ll find full A–Z dissections of malware: loaders, persistence tricks, obfuscation layers, evasive logic, and more. It’s written for analysts, red teamers, defenders, SOC teams, and anyone who wants to think like an attacker in order to act like a defender. This isn’t a theory book. This is malware analysis on steroids. 👉 Get your copy here: https://t.co/2SI2dw87g7 #CyberSecurity #MalwareAnalysis #ReverseEngineering #Infosec #MAoS #TrainSec #OffensiveSecurity #Malware

A threat actor installed Huntress. ... a hysterical mistake on their part, giving us first-hand insight to their tooling, workflow & routine. Phishing infra, stealer logs, Telegram+dark web sites, AI... Hilarious goldmine of cybercrime deets with a front row seat: https://t.co/2gLT2VNDkO

During a recent Incident Response case, it was evident that the attacker disabled Defender on various hosts during a timeframe of a few hours. Would you detect such behavior in your environment? Do you monitor for AV disabling and, on top of that, monitor for a threshold of systems left unprotected within a certain period? Windows Defender creates the EventID 5001 = "Real-time protection is disabled." https://t.co/bIlUUusb9m