RT @elasticseclabs: Check out this new #Linux research from @rsprooten and @RFGroenewoud! The article from #ElasticSecurityLabs details the….

Check out my new blog post on declawing PUMAKIT, a sneaky #LKM #rootkit targeting Linux systems. Find out how it hides, escalates privileges, and stays under the radar. Don’t miss the deep-dive! #cybersecurity #malwareanalysis #linux.

I had a little fun writing Go Assembly to supercharge the speed of my code. It's not every day I get to play with ARM assembly, let alone Go Assembly—challenging! But the speedup blew my mind. #go #simd #neon #benchmark.

RT @elasticseclabs: Yesterday the CUPS vulnerabilities were disclosed — today, we’re showcasing our analysis of the POC and how Elastic Sec….

RT @elasticseclabs: Today, @RFGroenewoud and @rsprooten are revealing the details to REF6138 — a Linux campaign for mining BitCoin/XMR. Rea….

RT @bsidesbelfast: @rsprooten showing us another way to look at malware code similarly with vector search!. #bsides #bsidesbelfast #bsidesb….

Excited to have presented on code similarity detection using Vector Search at #FirstCTI24 in Berlin! Yesterday, teamed up with @RFGroenewoud for a workshop on Malware Analysis & Event Collection. Amazing audience, incredible insights! #Cybersecurity.

RT @dez_: Not sure what this is but a lot of vt uploads recently with EV cert "REMAX PLUS LLC". PDF icon. Embedded obfuscated string "I am….

Just encountered a case in the #BeaverTail/#InvisibleFerret malware campaign, previously identified by @Unit42_Intel. Our findings: campaign ID NVRlYW05 and C2 server 144[.]172.74.108. It's a reminder of the evolving nature of cyber threats. Stay alert! #CyberSecurity #InfoSec

Yesterday was the launch day for my first #HTB box. Hop you all like it. #HackTheBox

What to do on a "shut it down"-Friday? Exactly, update some system config scripts 😂.#kali #ansible.

RT @elasticseclabs: Looking for a deeper dive on the Global Threat Report? Join our webinar next Thursday at 9am PT with @_devonkerr_ and @….

This is the second time I have the pleasure of working together with @RFGroenewoud and thrilled to have co-authored his first blog post for @elasticseclabs.

RT @FFmpeg: There have been several incorrect reports that FFmpeg has been involved in the distribution of malware. FFmpeg only provides s….

In all seriousness, it is very cool to be able to work on these samples. Especially the last stage (the info stealer). Anyone else had a look at that?.

Speciale thanks to @dez_ , @DanielStepanic , @_devonkerr_ and @andythevariable for helping me prove once again that sleep is for the weak.

So I did not sleep a lot last night, but it's all worth it when you're working with a great team and kicking some #malware to the curb 🤣.

RT @elasticseclabs: Check out the latest research from @jdu2600, a technical analysis that explains LRPC and the limitations of defender vi….

And one more in this series. This time we go into the tools and techniques they used for maintaining persistence. We've seen a shift from custom #malware to #opensource tools and code.