As far as pivoting is concerned in CTI, you can pretty much do it all between @virustotal, @censysio & @urlscanio 🐧. I have taken all Artifact types and their features from the Awesome Pivot Atlas maintained by @AmitaiCo & mapped it against sources & where to find them. Links ⬇️

@DEATHCon2025 I will also be in Edinburgh on 8th & 9th of Nov if anyone wants to link up :). Also, @knappresearchlb will be doing a CTF style workshop on Adversary Infrastructure Hunting (rumor has it that winner gets a sick custom coin) 😉. Tickets are now live at

Super excited to say that I will be doing my first ever solo workshop at @DEATHCon2025. It will be on writing YARA for malware attribution (I know this is a scary word) 🐧. There are plenty of other cool workshops on all things Detection Engineering & Threat Hunting. Mo Deets ⬇️

#RandomThoughts .In my opinion, one of the biggest challenges in the modern realm of CTI is retaining conventional intelligence while bolstering workflows using automation, GenAI and other machine learning components which are likely to introduce unknown biases in the process 🐧.

Apologies for the Mandatory Details Entry, call it my bias if you may but it is worth it 🙃.

Our team has just released the 2025 CTI Report. The key focus has been on tracking adversary infrastructure and is packed with our threat research insights alongside an in-depth view into the changing information stealers & ransomware ecosystems 🐧. Link:

RT @ShanHolo: Saturday morning and I'm bit bored so why don't I look for #Phishing #CryptoScam websites for the #lol 🤣🤪using free tools?….

Back to all things Cyber after a month of break, feeling refreshed and pumped up 🐧.

RT @DEATHCon2025: We've received so many excellent workshop CFP responses for DEATHCon 2025, and we'll be sending acceptance messages by to….

RT @RexorVc0: #APT #APT37 #RicochetChollima #ScarCruft #threat #malware #RokRAT. 📍🇰🇵.💥🇰🇷🌏. ⛓️#Phishing > Dropbox link > ZIP + #LNK > Drop i….

For the malware loving homosapiens, this platform is for you. You simply got to admire the efforts that the community is putting in to make sure awesome resources accessible to all, nicely done @MalGamy12 🐧.

@greglesnewich All of my rules from 2024 and 2025 challenges can be found below. Link: Exciting times ahead, so stay frosty 🐧.

#100DaysofYARA . ===> Final Post <===. I would like to thank @greglesnewich for all the motivation. This challenge has massively improved my YARA 🐧. If anyone knows any Closed YARA Sharing Groups, I would love to be part of it (preferably focused on APTs) . Link to my rules ⬇️.

#100DaysofYARA Days 100:. Last but not least, this YARA detects the Linux Auto-Color backdoor 🐧.

#100DaysofYARA Days 99:. More on Apple Seed, this time focused on the EXE version based on the observed strings 🐧.

#100DaysofYARA Days 98:. Detects Apple Seed backdoor DLL used by DPRK APT Kimsuky 🐧.

#100DaysofYARA . As we are slowing coming towards the end of the challenge, just wanted to thank @vxunderground, @abuse_ch & countless other awesome humans who continue to share malware. This is what has allowed my malware corpus to grow over time and with that the YARA 🐧

#100DaysofYARA Days 97:. More LNK action, this one uses the LNK module in YARA to detect those files attempting to download or contact URLs 🐧.

#100DaysofYARA Days 96:. More on Medusa, this one is based on the ransomware note strings and potential ASCII art 🐧.

#100DaysofYARA Days 95:. Detects Medusa Ransomware based on the the PDB artifact 🐧.

#100DaysofYARA Days 94:. This one detects a Windows Reverse Shell impersonating Putty Client with malware config properties of Meterpreter.