Talal Balouch

Loki RS is alive 🐍⚡ - High performance YARA & IOC scanner - Multi-threaded - Process memory & filesystem scanning - ZIP scanning - TUI - New YARA-X - IOCs from signature-base + YARA Forge - HTML report - Remote logging - JSONL / Syslog output Personal lab for scanner UX/perf experiments - if it breaks, it breaks; that’s part of the deal https://t.co/k4JjMDqjoO

2026 is here—time to refresh that toolkit! Atomic Red Team: Atomic Red Team Hands on Getting Started Guide - https://t.co/zQzBdAbZBd Why? Exactly are you not using Atomic Red Team? - https://t.co/ctlCxcPU9O DeepBlueCLI DeepBlueCLI - Tactical IR - https://t.co/wx1YlaaG4e Threat Hunting Toolkit Looking for Needles in Needlestacks w/ Threat Hunting Toolkit - https://t.co/VSG2vWRe8u Bloodhound: A Blue Team's Perspective on Red Team Hack Tools - https://t.co/DR05O8D4fv RITA: RITA - Finding Bad Things on Your Network Using Free and Open Source Tools - https://t.co/s9fXnI0aFr Zeek: Introduction to Zeek Log Analysis w/ Troy Wojewoda - https://t.co/dqtz0cgedd Wireshark: Getting started with Wireshark - John Strand - https://t.co/XjUK5AIoFx Search Engine: How to Design and Execute Social Engineering Calls w/ John Malone - https://t.co/PwbInooDcY

I recently discovered a super cool website inspection tool called Web-Check. It has a strong hacker vibe. It lets you inspect almost everything about a website: IP details, SSL, DNS records, cookies, domain info, crawler rules, server location, redirect history, open ports, traceroute, DNSSEC, site performance, associated hostnames, and more. https://t.co/A5B83COLK7

Last week our CISO asked me to present on “zero trust architecture.” I don’t know what that means. I make $340,000 a year. I haven’t touched a firewall since Obama’s first term. But I have a CISSP. I passed by memorizing acronyms. I still don’t know what half of them stand for. I opened my presentation with “assume breach.” Everyone nodded gravely. I said “defense in depth” three times. The board was captivated. Then a junior analyst raised her hand. She asked how we’d implement microsegmentation. I felt a cold sweat. I said, “Great question. Let’s take that offline.” She persisted. I said we should “leverage AI-driven solutions.” She asked which ones. I said, “The cloud-native ones.” She looked confused. I told her confusion was natural. I said, “Security is a journey, not a destination.” The CEO started clapping. I don’t know why. But others joined in. The analyst stopped asking questions. I ended with “security is everyone’s responsibility.” This meant it was no one’s responsibility. Especially not mine. We got breached two weeks later. I blamed the analyst for “creating a culture of doubt.” She got put on a PIP. I got promoted to VP. Resilience isn’t about preventing failure. It’s about surviving it. Preferably while others don’t.

For the life of me I can never remember the registry tweaks to avoid TPM checks when installing Win11 in a VM. I finally took note of the `reg add` commands to just copy and paste into the Shift+F10 terminal. reg add "HKLM\SYSTEM\Setup\LabConfig" /f reg add "HKLM\SYSTEM\Setup\LabConfig" /v BypassTPMCheck /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\Setup\LabConfig" /v BypassSecureBootCheck /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\Setup\LabConfig" /v BypassRAMCheck /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\Setup\LabConfig" /v BypassCPUCheck /t REG_DWORD /d 1 /f reg add "HKLM\SYSTEM\Setup\LabConfig" /v BypassStorageCheck /t REG_DWORD /d 1 /f

At the time of our research, the malicious payload contained a PowerShell script that looks like a ransomware in development. Encrypting files live in a folder called "testShiba" located on the user's desktop and display a ransom message: "Your files have been encrypted. Pay 1 ShibaCoin to ShibaWallet to recover them." Interestingly, the author did not provide a wallet address in this version of the payload, but it is possible that there were other versions of the payload.