RT @SquiblydooBlog: Cert Central .org is live! We track and report abused code-signing certs. By submitting to the website, you contribute…

Cool news for those who use GitHub Copilot.

That TA2726 popped out. I took a look. The domain newgoodfoodmarket[.]com uses the IP (185.218.137[.]129) that the domains blacksaltys[.]com and packedbrick[.]com used. Those were previously tracked as Keitaro TDS. Just in case anyone else was wondering.

Last year's SLEUTHCON was great! Looking forward to this next one!

@emilstahl @craiu Concur, a lot of the time you can find other unique properties that can be used to attribute to an actor.

Very cool, repeatable workflow to find associated infrastructure!

RT @0x6rss: New #android RAT "BTMOB" is avaliable. A new RAT that is different from other RATs. It connects to the RAT using an API on the…

RT @RecordedFuture: TAG-124 is an advanced Traffic Distribution System (TDS) linked to Rhysida ransomware, Interlock ransomware, SocGholish…

Feeling super stoked to have my most recent LandUpdate808 analysis referenced in @RecordedFuture's research! Thanks!

@BHinfoSecurity Aloha!

Very nice hunting guide!

RT @Gi7w0rm: Released my new blogpost: "A beginner(s) guide to hunting web-based credit card skimmers" My experience on how to detect and a…

Howzit! Very nice guide! Thanks for sharing! I've got a bunch of questions about your use with Claude if you have time. For the websocket client, about how long did it take you to get a working solution from Claude? Did it take a lot of tweaking? Do you use Claude as a plugin in an IDE or are you using the regular prompt?

That's it for now! Thanks to @Unit42_Intel for sharing the info!