"Final boss of Threat Research"
Joined April 2013
- Tweets 92
- Following 111
- Followers 107
- Likes 230
14 Photos and videos
Jeremy Hedges retweeted
7 Jul 2025
Updated #Lumma stealer C2 extractor! See github.com/CAPESandbox/CAPE-…
25
97
10,720
5 Sep 2024
Maybe there be slightly less malware hosted on Discord.
3 Sep 2024
Discord is lowering the free upload limit back to 10MB, citing operational and financial concerns. The previous free upload limit was 25MB.
1
4
267
Jeremy Hedges retweeted
20 Jul 2024
Tavis Ormandy is the Silver Back Gorilla of nerds.
Seeing Tavis throw his hat into the ring on this is like watching Mike Tyson in his prime.
20 Jul 2024
This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n
12
139
1,476
107,576
Jeremy Hedges retweeted
8 Apr 2024
Did I get a chance to mention I love Windows API? 🤯
8
24
299
33,452
Jeremy Hedges retweeted
30 Mar 2024
Microsoft engineer: 500ms lag in liblzma? Something's up.
Also Microsoft engineer: 45 minute lag in Microsoft Teams? Perfect.
123
2,007
20,537
902,815
8 Jan 2024
[1/5] In the spirit of #100DaysOfYara (Likely only posting today, as newborn should arrive any day now) and inspired from this post; I created a rule for one of my favorite Anti-Debug methods
This tweet is unavailable
1
5
8
2,602
8 Jan 2024
[4/5] I compiled 32bit and 64bit executables, noticed a slight difference in intrinsics... however it's pretty tolerable (in my opinion) to hit the handle the op codes of the argument the call (FF 15)
1
2
89
8 Jan 2024
[5/5] As a little bonus exercise: If you want to see this work in VS, run your program without debugging, then run it with debugging :)
2
79
Jeremy Hedges retweeted
21 Sep 2023
is this $28bn that Cisco is giving Splunk to buy them, or just renew their license for the year?
110
381
3,508
294,105
Jeremy Hedges retweeted
20 Sep 2023
I asked MidJourney to generate a picture showing a group of cyber security professionals ...
but when I saw the last picture, I was really creeped out 🫣
109
47
486
192,838
29 Aug 2023
It's a rare opportunity that I post about open roles, but these are really exciting ones. If you want to track APTs with some of the best in addition to supporting one of the best threat research & detection teams on the planet, do apply:
1
5
10
1,161
22 Aug 2023
Coming to a pyinstaller malware near you soon!
2
179
10 Aug 2023
Whoever is the dev of #DarkCloud, are you insecure about your malware written in C# that you needed to rewrite it in VB? Asking for a friend.
virustotal.com/gui/file/97eb…
C2 Is Telegram 🙃
BotName: bot6179013510
MessageUsername: niiarmah_bot
MessageFirstName: Niiarmah
5
245
Loading up the APK into JADX to decompile the bytecode into Java, it's apparent they are still using the Qihoo packer as before.
The actual code we want to encrypted. Although Qihoo is an advanced (native) packer, there is a trivial way to obtain what we want - pull the decrypted Dalvik executable directly off the Android device after it's decrypted - using a Frida script.
github.com/hluwa/frida-dexdu…
@Zimperium have a really nice write up on the Qihoo packer:
zimperium.com/blog/dissectin…
(5/n)
3
17
262
79,777
Jeremy Hedges retweeted
3 Aug 2023
@MITREattack ATT&CKcon 4.0 tickets are live!! Come out and see me and @ex_raritas cosplay as Link and a stranded Korok while debuting a brand new sub technique for Defense Evasion. .lnk icon smuggling coming to a Nintendo Switch near you 🎮
3 Aug 2023
In person ticket sales are now open for ATT&CKcon 4.0! Come join us at MITRE’s HQ in McLean, VA October 24-25. You can purchase tickets for $495 or see this year’s talk lineup at na.eventscloud.com/attackcon….
Free virtual registration will be coming in September.
2
7
17
16,088
14 Jul 2023
Proofpoint has been tracking a new loader, dubbed WikiLoader, since February 2023. On July 11th, Proofpoint researchers observed WikiLoader return with new and notable updates in a high-volume campaign.
15
39
9,881