given the rise and impact of ICS phishing, we open sourced a tool to help the SOC clean up malicious calendar invites even if you’re not using @sublime_sec. please xpost for reach: github.com/sublime-security/…

Addiction to short-form videos reduces brain activity in the frontal lobe weakening the ability to focus.

Go watch and support. Ben’s content game has leveled up to infinity this year

I dont mean to brag, but we have the highest quality video on @YouTube as rated by @cyrusSecurity Check out the all new @wehackhealth channel youtube.com/@wehackhealth?si…

Big drama today in the Tor community. Conrad Rockenhaus, a Tor operator based out of Michigan, United States, was arrested in 2020 after refusing to cooperate with the United States Federal Bureau of Investigation Rockenhaus, a disabled United States military veteran, ran the fastest Tor node in the United States. He was approached sometime in late 2019 when the FBI requested he allow them arbitrary access to his exit node and allow them to decrypt traffic. He denied their request. Subsequently, in February, 2020 his home was raided. He was arrested for violating the CFAA (Computer Fraud and Abuse Act). It was alleged that he was a disgruntled ex-employee causing problems at his former place of employment. Interestingly, to "help resolve the matter", law enforcement requested he decrypt his Tor exit node to prove his innocence (???). After he refused, he was held in a pre-trial detention cell for over 3 years. He was denied bail after law enforcement stated Mr. Rockenhaus used Linux to "access the dark web" and he was "not complying" and not allowing them access to this Tor exit node. After Mr. Rockenhaus' wife filed an official complaint, and Mr. Rockenhaus was miraculously released, he was raided by the United States Marshal Fugitive Task Force TWO TIMES(???). They took him out his home, threw him to the ground, beat him, smashed his windows, and threatened to murder his animals. They are still requesting Mr. Rockenhaus allow them to access his Tor exit node. Mr. Rockenhaus still has not granted them that privilege. All of this has been captured on home security camera footage. Additionally, his wife has released all court documents. See subsequent post for more information.

RT @MalwareRE: Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard…

ALERT—The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector. These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts. They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk. Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware. The FBI is actively working with aviation and industry partners to address this activity and assist victims. Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise. If you suspect your organization has been targeted, please contact your local FBI office.

No need for the sauna when you’ve got this

This advice and thread has been incredibly insightful. Highly recommend for all career stages

I’m sorry, but when did it ever leave the core mission? This is bs. That agency and the people working for them were doing great work. ⁦@CISAJen⁩ had done amazing things there DHS Secretary Noem: CISA needs to get back to ‘core mission’ | CyberScoop cyberscoop.com/kristi-noem-r…

This is just wrong. Imagine just being employed at SentinelOne and now you lost your clearance over a personal vendetta.

Stop robbing yourself of real knowledge. “Learning” today often looks like 5-10 minute videos claiming to be “complete guides” or “everything you need to know”—but most of the time, they either oversimplify or barely scratch the surface. Reading books/papers, listening to long-form discussions, and sitting with deep material changed how I understand complex topics. There’s a massive gap between surface-level overviews and the depth needed for true understanding. As a content creator, I’ll be the first to say: that “1 hour” guide probably came from weeks, months, or years of research, trial, error, and actual work experience. Use quick content as a spark - not a shortcut. Don’t trade depth for convenience.

Just built an MCP for Ghidra. Now basically any LLM (Claude, Gemini, local...) can Reverse Engineer malware for you. With the right prompting, it automates a *ton* of tedious tasks. One-shot markups of entire binaries with just a click. Open source, on Github now.

A threat actor leveraging the same naming pattern has registered 10K domains for various #smishing scams. They pose as toll services for US states and package delivery services. Root domain names start with "com-" as a way to trick victims. More info at bit.ly/4ipQ0LW

🚨The CrowdStrike 2025 Global Threat Report is available NOW. Get unparalleled insights into how adversaries evolved in 2024. Download the full report here: crwdstr.ke/6015LwkGS

DOGE is a bigger threat to US federal government information systems than China. If you find this statement controversial, I'm going to question your IT and cybersecurity credentials.

i have 3 @defcon badges to give away. if you’re a student or paid for your own way to vegas this year hmu. please RT for reach