New Research 👉 Process Injection via NtQueueApcThreadEx with NTDLL ROP Gadget 1. Pick random pop r32; ret gadget within NTDLL 2. The NtQueueApcThreadEx call will force the IP to ntdll.dll!<gadget> 3. Return into SystemArgument1 (our shellcode) 🔗 -

As intelligence professionals our job is to abstract that away and present the reverent info, not dump raw disassembly as lazy analysis masquerading as technical depth.

It’s 2025 and people are still plastering screenshots of IDA linear disassembly in writeups like it’s some medieval tapestry of forbidden knowledge. It’s not inherently insightful, unless the semantics are completely unhinged or handwritten 🙃

Hey @airesruy, please could you DM me? It is urgent and about your post on the Ubiquiti forum.

@infrawatch_app More information (worth reading):

August 14th we posted this and mocked, sayiny it was probably North Korea. Some people (for reasons I don't understand) said it was probably safe (it's not) Thankfully, @infrawatch_app went way out there way to investigate the company mentioned in the Reddit post (DSLRoot) and

Foreign-controlled proxy network "DSLRoot" has deployed hardware in 300+ U.S. homes across 20+ states-including military residences. Full investigation now live:

Also see Brian's post here: https://t.co/qljAPY59WJ. This was a great collaboration which led us down new paths to investigate! 🤖

This research is finally out! What started as one forum post led us down a rabbit hole to uncover 300+ devices in U.S. homes-including an Air National Guard member's house. Brian's post can be found here:

What could go wrong..? 🙃

When times were simpler 😇

New research Tuesday: How is a Belarus company convincing US military personnel to install network devices in their homes? Our investigation into DSLRoot reveals Americans are unknowingly helping foreign actors build proxy infrastructure on US soil.

https://t.co/GP3Tx2SHqk now works on Windows 11 24H2! 🥳

I'll be at @reconmtl next week in Montreal 🇨🇦 if you're around, pop me a message!

Windows 11 24H2 broke a popular malware evasion technique! The Lloyd Labs self-deletion method now fails because of NTFS changes, so I spent time with kernel debugging to figure out why and how to fix it. Full technical breakdown:

As a Scottish resident, I applied for access to the .SCOT zone files via ICANN CZDS for legitimate security research. However, @dotscotregistry denied my request, while other registries—including SU, RU, and CN—granted access without issue. This lack of transparency does a

Infrawatch researchers explore GhostSocks, a Golang-based SOCKS5 backconnect proxy malware, detailing its integration with LummaC2 and its command-and-control infrastructure. https://t.co/DoZUtb8d02

Today, I'm releasing the first version of a small web 🚀: https://t.co/WZMsLWpGEK It provides IOCs and YARA rules collected semi-automatically from public blog posts and reports of almost 200 cybersecurity sites. I hope it proves useful to some of you ... 🙏✨ #ThreatIntel

"The lack of flexibility in traditional scanning products leaves organizations reliant on publicly available datasets, often waiting for others to decide what gets scanned and when." 👀🔥