Author/Operator of @ScumBots. Blue Team by day, Blue Team by night. Opinions, typos, and bad grammar do not represent my employer. He/Him
Joined February 2008
- Tweets 16,861
- Following 1,434
- Followers 14,239
- Likes 28,772
5,023 Photos and videos
Pinned Tweet
9 Nov 2024
Rather than continue to bang my head against the increasing frequency of nonsense errors and timeouts coming from Twitter’s APIs, I’ve decided just to move ScumBots. You can now follow it here on infosec.exchange: infosec.exchange/@ScumBots
3
9
35
9,913
Paul Melson retweeted
17 Oct 2025
Check out his full talk here
youtube.com/watch?v=9FvBwgj6…
1
1
995
Paul Melson retweeted
17 Oct 2025
Paul Melson joined us this year as our keynote speaker to talk about the history of crimeware and its evolution through the years.
In his keynote he also gives some good advice to those who are in the field and creating their professional network. Check out what he had to say!
2
3
10
1,227
Paul Melson retweeted
#MalwareChallenge
New way to embed b64-enc EXE in image
@Cryptolaemus1
@executemalware
@HazMalware
@James_inthe_box
@JAMESWT_MHT
@JRoosen
@lazyactivist192
@luc4m
@malwrhunterteam
@MsftSecIntel
@JohnLaTwC
@neonprimetime
@ps66uk
@Racco42
@utsuk_ladki
@l3m0ntr33
@H_Miser
@pmelson
#MalwareChallenge
Looks like Base64 markers changed from
<<BASE64_START>> / <<BASE64_END>>
to
'BaseStart-(.*?)-BaseEnd'
for b64-encoded payloads embedded in images
5879d31ba880a8bf0825ed666ce82913b53830be8ab8f20ea22702f4202ff789
#RemcosRAT
2
3
13
1,865
Paul Melson retweeted
18 Jun 2025
I found a what I think novel approach which allowed me to list some of the content of #Lumma #Infostealer Command & Control servers with the help of left behind .DS_Store files. Blog, tool and Lumma files can be found here nexusfuzzy.medium.com/lumma-…
4
25
124
15,007
Paul Melson retweeted
6 Jun 2025
@SLEUTHCON off to a great start.
My lesson learned from @pmelson is:
make friends, they probably know something you don’t, and the Intel space is all about not not knowing things
#sharingIsScaring
#CTI
3
6
648
Paul Melson retweeted
6 Jun 2025
We're kicked off at #SLEUTHCON with @pmelson discussing the importance of networking in cyber, not for packet routing or job hunting, but disruption opportunities by pooling our collective access. I agree. Collectively, we're actually more powerful than state actors in many ways.
3
9
50
3,029
Paul Melson retweeted
14 Apr 2025
Get ready for this year's Sleuthcon by listening to the episode of THE Microsoft Threat Intelligence podcast all about ScumBots with Paul Melson!
thecyberwire.com/podcasts/mi…
14 Apr 2025
We are excited to announce our 2025 SLEUTHCON keynote speaker: @pmelson, VP of Cybersecurity at Capital One and author/operator of @ScumBots
With over two decades of experience defending networks and disrupting adversaries, Paul brings unmatched insight into the economics of cybercrime.
His talk, A Brief History of Crime[ware], traces the evolution of monetized malware and explores how we can stop attackers by targeting what they care about most: profit.
📍 June 6 | Arlington, VA Virtual
🎟️ Early bird pricing ends soon
🗓️ CFP closes April 18
⚠️ This event will sell out
REGISTER TODAY: sleuthcon.com/registration
1
14
45
8,318
Paul Melson retweeted
14 Apr 2025
We are excited to announce our 2025 SLEUTHCON keynote speaker: @pmelson, VP of Cybersecurity at Capital One and author/operator of @ScumBots
With over two decades of experience defending networks and disrupting adversaries, Paul brings unmatched insight into the economics of cybercrime.
His talk, A Brief History of Crime[ware], traces the evolution of monetized malware and explores how we can stop attackers by targeting what they care about most: profit.
📍 June 6 | Arlington, VA Virtual
🎟️ Early bird pricing ends soon
🗓️ CFP closes April 18
⚠️ This event will sell out
REGISTER TODAY: sleuthcon.com/registration
1
11
35
13,446
28 Nov 2024
Today I am thankful for all of the folks working a shift and watching the wires to keep us safe. I see you and I appreciate you.
3
12
2,051
Paul Melson retweeted
23 Nov 2024
@censysio Censys has many open positions open right now across the company: sales, marketing, product, engineering, and research. Come join the team building the next generation of Internet scanning technology, the Internet Intelligence Platform. censys.com/careers/
1
9
9
2,878
23 Oct 2024
I posted my analysis of a malicious PDF containing a heavily obfuscated PHP payload over on infosec[.]exchange:
infosec.exchange/@pmelson/11…
3
59
257
16,809
Paul Melson retweeted
27 Sep 2024
1
1
9
903
Paul Melson retweeted
29 Sep 2024
Given the significant impact of Hurricane Helene, the BSidesAugusta organizers have decided to cancel BSidesAugusta 2024 and our directly associated events during Augusta Cyber Week.
3
17
43
8,690
Paul Melson retweeted
27 Sep 2024
#BruteRatel - #Latrodectus - .pdf > url > .js > .msi > .dll
wscript.exe Document-19-51-48.js
msiexec.exe /V
MSIBA2E.tmp /DontWait
rundll32.exe C:\Users\Admin\AppData\Roaming\vierm_soft_x64.dll, GetDeepDVCState
(1/3) 👇
IOC's
github.com/pr0xylife/Latrode…
1
38
87
9,968
26 Sep 2024
25 Sep 2024
Check out our new built-in capability to find “sus” as my kids would say.
2
1,037
Paul Melson retweeted
25 Sep 2024
#BAMFI ALERT - #Chicago: “Abducted 4y/o from Chicago in Arizona or Texas? Riley Batts, 4, was last seen on Sept 23, in the 5500 block of South Lowe Avenue in the Englewood neighborhood. Police say she was abducted by her non-custodial parent. - via JCodenReports.com
5
362
144
6,111
Paul Melson retweeted
25 Sep 2024
#Oakland, #California: 5y/o King Scott has been #missing since yesterday (Tues, Sept 24).
He was last seen in the 1000 blk of Eight St in Oakland. Authorities believe King may be with his Mother, Mikalairene King, who is also missing (pictured).
Pls SHARE to help us find King.
8
418
195
6,770