I 😻 speaking at #OBTS! Thank you @objective_see and @MITREattack for making this presentation happen! ATT&CKing Pandas: Drawing out ATT&CK Techniques in the Wild - slides... https://t.co/Y9D4LfN0uv 🙏Thank you to @MiscreantsHQ for the amazing artwork! 🎨 comics in 🧵

For anyone who wants to understand certificates better and how to spot abuse, this is a great read (by @SquiblydooBlog ) https://t.co/55pMCg266s

Some strange Linux sample named "agent" seen from France: a18c29c72d1808477727ec2a611cee0f22ecd435457265bcf10823e0980c3636 microsoftonline[.]download "ShrekWare2024" "Robust TCP-based Reconnaissance C2 Agent Started" 🤔 🤷‍♂️

I reverse engineered iMessage so it sends you a notification whenever someone starts typing... Here's how it works. 1. The app injects its own code into the iMessage app using DYLD_INSERT_LIBRARIES to hook into its internal methods 2. Dynamically loads Apple's private

🚨The IP 23.27.140[.]49 metioned in the report also hosts an #ELF sample 298ef0317beb4d6c3e1f1dbe1ee6f244 This file is actually linux variant of the #BADCALL #Backdoor, which is attributed to the #Lazarus #APT group. 📸#IOC #C2 is 23.27.177[.]183.📸 Happy hunting 🍷 @Xlab_qax

Incase you missed it, I dropped my new book “Threat Hunting macOS” last month. You can purchase it from my website if you’re interested! https://t.co/wOlMwj3NkU

Arctic Wolf Labs reports that the China-linked threat actor UNC6384 targeted European diplomatic entities in Hungary and Belgium during September and October 2025, exploiting ZDI-CAN-25373 and deploying PlugX RAT malware. https://t.co/nMkh0jeqyc

Many asked Stuart (@stuartjash), how he made his slides so 🔥for his recent #OBTS v8 talk. He was kind enough to make an explainer video, that we've added to our YouTube channel: Watch: "WeTalks - Keynote tutorial (Part 1): Keynope to Keydope"

Alright here's another interesting one. More infostealer stuff but worth a look. There's a couple parts to this so I'll attempt to summarize. Thanks @malwrhunterteam for sharing :) Starting with the initial mach-O, (readable strings?!?!) Ugly plist for persistence. 🧵

Palo Alto's Unit 42 team investigate the Jingle Thief campaign operated by financially motivated Morocco-based attackers. The attackers use phishing & smishing to steal credentials, to compromise organizations that issue gift cards. https://t.co/Fixf1j0OOs

A FortiGuard article examines methodologies employed to identify strategic connections between Winos 4.0 attack campaigns across Asia, revealing how seemingly unrelated attacks are linked through shared infrastructure, code patterns & operational tactics https://t.co/wuGoONfyhl

Elastic Security Labs publishes nightMARE, a Python library (v0.16) for malware analysis and for building configuration extractors. https://t.co/Cdofl8Lazn

Now freely live streaming on our YouTube channel: #OBTS v8 (Day #1) 😍 https://t.co/7qwbworxHq 🍎🎥🍿

Finally, my DEF CON talk is now available on YouTube. In this presentation, I explore how DPRK threat actors have evolved, expanding, collaborating, and restructuring their internal operations. The session dives deep into how these organizational shifts, combined with technical

Say hi to them — check out our latest research!

Looks like another domain dropping Amos/odyssey infostealer: nadrty[.]com. This one was seen leveraging the URL directory path of /Homebrew/install/HEAD/ as a homebrew lookalike @500mk500

MacOS red-team made practical — Objective-C implant for DarwinOps! Private Mythic C2 implant: lightweight (in-memory shellcode), post-exploitation, EDR & MDM evasion, integrates with DarwinOps + GateKeeper bypass. Contact us for more details! #RedTeam #macOS

DomainTools researchers look inside Salt Typhoon, a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations targeting global telecommunications infrastructure. https://t.co/tNE0zllDRJ

Check Point Research is tracking a long-running campaign by the Iranian threat actor Nimbus Manticore. The ongoing campaign targets defence manufacturing, telecommunications, and aviation sectors in Europe. https://t.co/7dSgIJCPic

Had an incredible time working on this case! 🔍 Proud to share my first contribution to @TheDFIRReport, I learned so much from investigating this case and can't wait to contribute more ☺️🐼

Lateral movement getting blocked by traditional methods? @werdhaihai just dropped research on a new lateral movement technique using Windows Installer Custom Action Server, complete with working BOF code.