Jorn Hartvigsen

🚨 PATCH NOW: A Firefox bug let attackers fingerprint your browser and follow you even in Private Browsing, and in Tor browser even after a "New Identity." The vulnerability made it possible for unrelated websites to independently observe the same fingerprint and quietly link your activity across them. Mozilla patched CVE-2026-6770 on April 21, 2026 in Firefox 150, ESR 140.10, and Thunderbird. The Tor Project shipped Tor Browser 15.0.10 with the fix. If you are still on an older build, your Private Browsing wasn't private and your Tor session wasn't either. Update now.

DFIR analysts who use macOS as their daily driver deserve free and native forensic tooling. So I built one. 🍎 Introducing 𝗜𝗥𝗙𝗹𝗼𝘄 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 — a timeline analysis app built from the ground up for Mac-based DFIR folks, forensic investigators, or SOC analysts. Built in appreciation of, and inspired by, Eric Zimmerman’s Timeline Explorer. Every feature in this tool was shaped by real IR casework. Handling massive timelines, parsing artifacts here and there, and pivoting across logs during active investigations. I built IRFlow Timeline to be the native macOS timeline analyzer that actually keeps up with a live case. Every button and view is intentional; if it’s in the app, it’s because I needed it mid-case and realized the standard tools fell short. No dependencies. Zero setup. Just drag, drop, and analyze. #dfir #incidentresponse #timeline #macos #threathunitng #digitalforensics

This is really cool. I like this code, proof-of-concept, and paper A LOT. Basically he is modifying the raw bytes of .LNK files (Windows shortcuts) to make them perform malicious actions while also operating correctly as a .LNK file. When examined from the user they will appear completely legitimate, but it's not. This is really, really, really cool. This is a great malware technique. I can't recall the last time I read anything on .LNK files being abused in this manner. Historically they're "hijacked", not modified at the byte level. My only criticism is he wrote this proof-of-concept in Python (not C or C++, like a gangster). Excellent work.

For convenience: I wrote a small collector that pulls all SHA-256, SHA-1 and MD5 hashes from Notepad++ releases and compiles them into big CSV + JSON files Use it to check if any Notepad++ installs in your org match known-good release hashes - and spot weird/malicious outliers https://t.co/W2pYbfYemz

Just updated our Yamato Security tools Hayabusa, Takajo and Suzaku for our upcoming showcase at Black Hat Arsenal USA in Vegas. All thanks to our contributors: Fukusuke Takahashi, Akira Nishikawa, James Takai, DustInDark and Akkuman! Hayabusa 3.4.0: https://t.co/6IEEylbgML Takajo 2.11.0: https://t.co/rqs7skcMfV Suzaku 1.0.0: https://t.co/35bF3ZuaHr We will be showcasing Hayabusa and Takajo on August 6th 3-4pm: https://t.co/l66933eQHo and Suzaku on August 7th at 10-11am: https://t.co/1Frs5sxrAh Please stop by and say hi if you are attending Black Hat! Fukusuke Takahashi、Akira Nishikawa、James Takai、DustInDark、Akkumanのコントリビュータのお陰様で、大和セキュリティツールのHayabusa、Takajo、Suzakuをラスベガスで開催されるBlack Hat Arsenal USAでの展示会に向けて更新しました！ 8月6日15~16時にHayabusaとTakajoを展示します: https://t.co/l66933eQHo また、8月7日10~11時にSuzakuを展示します: https://t.co/1Frs5sxrAh Black Hatにご参加の方は、ぜひお立ち寄りいただき、ご挨拶ください！