Pleased to share my latest blog post for @TeamCymru all about identifying and tracking C2 infrastructure. 1/3 🧵 .

First we saw APT28 using an LLM to generate commands in their malware and now, a ransomware is using an LLM to start file system encryption 👀.

Zohran Mamdani: He votes for activists, not you

For all UK 🇬🇧 folks working in CTI, @bletchleypark is a must visit! . The intelligence factory was a great reminder of the people and processes involved in this type of work (particularly the intelligence lifecycle). Easy to relate to modern day cybercrime intelligence! #FOR589

#OpVenetic at @bletchleypark

Was rifling through the Interlock advisory from last month and noticed this 'Sysmon.sys' file. It was familiar, looked on VT and saw the ThreatFire System Monitor in the description. I also saw it in this Sophos report on RansomHub ( . maybe an affiliate?

ICYMI: Was just perusing the latest CrowdStrike 2025 Threat Hunting report ( and check this wild timeline for Scattered Spider - from account takeover to Entra ID bulk user export in <5 minutes 👀

RT @g0njxa: A Windows #Clickfix alternative seen in the wild on a mass-spreading malware campaign bypassing traditional Win+R shortcut rest….

Follow-up 👇 .

Interesting example of a cybercrime counterintelligence operation.

Confirmed fake: @Europol told SecurityWeek that it’s a “scam” and the message does not come from the law enforcement agency.

RT @vmray: 🚨Alert: Internet Archive abused as hosting service for stealthy malware delivery. 🔍This delivery chain is another example of leg….

RT @PardonMyTake: Tuesday night max woke Big Cat up with a flashlight at 2am because he thought we were going to get sued. @forthepeople ht….

RT @ExpelSecurity: 🚨 A NEW trojan on the block spotted by our threat intel team 👀. We saw files with the code-signing signature “GLINT SOF….

RT @threatinsight: Proofpoint @threatinsight identified a unique attack chain leveraging GitHub notifications to deliver #Rhadamanthys. We….

RT @inversecos: NEW LAB: Scattered Spider (UNC3944) 🕷️🕸️. Scattered Spider hits indie studio AB Projekt Blue, deploying ransomware and stea….

Maltego CSV imports to brrrr.

Thank you everyone who was able to make it to @BSidesBournemth 2025! We had an amazing lineup of speakers, workshops, villages, and sponsors! The organisers have had some lovely feedback from everyone who enjoyed the day. Hope to see you all next year!

RT @ollieatnowhere: We were in Britain's Venice beach for the inaugural @BSidesBournemth today. Thanks to @BushidoToken and team. Great….

WRECKED. Hirono: Has any court said that DEI is unconstitutional? Yes or no?. Hamilton: Yes. Hirono: Which court?. Hamilton: The United States Supreme Court. Hirono: I disagree with you…. Hamilton: You can go read it yourself. 🔥🔥🔥

Some people think the APTs are ahead of the Red Teamers, but in fact it’s often the other way around. The commercial offsec industry is ahead of many of the APTs… who are piggybacking off their research.

Favourite sticker I saw at Defcon

Probably my favourite slide from the talk that’s sums up the whole trend nicely:

Seems the scammers have already been arrested… the Dubai Police don’t mess about:.