Joined March 2023
- Tweets 969
- Following 359
- Followers 1,341
- Likes 3,227
290 Photos and videos
Pinned Tweet
29 Dec 2025
#100DaysofYARA
Really lucky to have this awesome blossom of an opportunity! Am already pumped up and got some exciting things planned in the YARA pipeline for the challenge & beyond π§
28 Dec 2025
π¨#100DaysofYARA lives!!
2 time reigning champ @RustyNoob619 has kindly offered to take the helm for this community effort! Give the homie a follow π
Check the repo to contribute: github.com/100DaysofYARA
And gear up for Jan 1 when #100DaysofYARA will kick off!
1
1
8
1,846
May 21
Our 2026 Annual Threat Intel Report is out π§
This is easily the biggest piece of research we push out each year & the insights are directly driven from our infrastructure tracking we have executed over the year
It was also fun writing a few bits around DPRK APT ops π
Link β¬οΈ
1
2
5
801
May 21
See how adversary infrastructure is shifting, with malicious hosting patterns, C2 frameworks and infrastructure rotation revealing where adversaries are building, hiding and sustaining operations before compromise becomes visible other cool shizzle π§
bridewell.com/insights/whiteβ¦
2
3
305
Apr 18
#100DaysofYARA Final!!
Have completed my last rule! All YARA rules have now been added to the Challenge repo. Also, renamed & merged all of my rules into the main repo π§
Again many thanks for participating in the challenge, see you awesome bunch next year π«‘
Links to repos β¬οΈ
1
7
217
Apr 18
2026 Challenge Repo: github.com/100DaysofYARA/202β¦
My main YARA Repo: github.com/RustyNoob-619/YARβ¦
The Awesome Individuals who contributed to the 100 Days of YARA 2026 Challenge π§
@t3ft3lb
@SquiblydooBlog
@josh_penny
@knappresearchlb
@zendannyy
1
6
253
Apr 13
#100DaysofYARA The End
A bit late to the party (was ill), but the challenge is officially done! It has been awesome to see so much engagement π§
Massive kudos to @t3ft3lb for taking down this beast & also inspiring me to crack on π«‘
I still need to write the last rule
More β¬οΈ
1
7
179
Apr 13
Also, special mention to @SquiblydooBlog for the super detailed rule explanations. I personally have learnt loads from it!!
@t3ft3lb and @SquiblydooBlog will be receiving the challenge coins, super well deserved π§
I still need to merge & rename the rules to the Git repo π
β¬οΈ
1
5
124
Apr 13
Hope the challenge was insightful & in the end, YARA is all about experimenting...
There were a few other things in pipeline for the challenge which I could not convert in time π«€
Lastly, a very special thanks to @greglesnewich for allowing me to host the challenge this year π§
1
2
129
#100DaysofYARA β Day 100 π
The final rule in this challenge.
YARA rule to detect Ligolo-ng agent used for tunneling and pivoting π
github.com/t3ft3lb/2026-100Dβ¦
3
10
2,036
#100DaysofYARA β Day 99
YARA rule to detect LucidRook stager π
github.com/t3ft3lb/2026-100Dβ¦
2
4
1,883
#100DaysofYARA
Woken up from hibernation, got some ground to cover, this is the final push!!
Super happy to see the amazing @t3ft3lb going on so consistently and keeping the momentum ON like King Kong in Bhutan, absolutely smashing it π§
3
85
#100DaysofYARA β Day 98
YARA rule to detect Unsolicited Werewolf (UnsolicitedBooker) LuciLoad loader π
github.com/t3ft3lb/2026-100Dβ¦
3
4
1,582
#100DaysofYARA β Day 97
YARA rule to detect Unsolicited Werewolf (UnsolicitedBooker) MarsSnake loader π
github.com/t3ft3lb/2026-100Dβ¦
2
3
349
#100DaysofYARA β Day 96
YARA rule to detect Iridescent Hyena (RGB-Team) CMoon RAT π
github.com/t3ft3lb/2026-100Dβ¦
There's a common classification question - is CMoon a worm or a stealer? It's actually a typical RAT. The attackers also call it CM00nImplant.
2
3
349
#100DaysofYARA β Day 95
YARA rule to detect BlackHawk loader π
github.com/t3ft3lb/2026-100Dβ¦
1
2
4
414
#100DaysofYARA β Day 92
YARA rule to detect CrystalX RAT π
github.com/t3ft3lb/2026-100Dβ¦
3
3
382
#100DaysofYARA β Day 93
YARA rule to detect the Subtle Werewolf (QuietCrabs, UTA0178, UNC5221) KrustyLoader π
github.com/t3ft3lb/2026-100Dβ¦
2
3
312
#100DaysofYARA β Day 91
YARA rule to detect the Paper Werewolf (GOFFEE) XLL loader π
github.com/t3ft3lb/2026-100Dβ¦
2
2
479
#100DaysofYARA β Day 90
YARA rule to detect Velociraptor (DFIR tool) binaries with embedded configuration π
github.com/t3ft3lb/2026-100Dβ¦
3
2
438
#100DaysofYARA β Day 89
YARA rule to detect Crysome RAT client π
github.com/t3ft3lb/2026-100Dβ¦
3
9
541