Good writeup on a very interesting piece of kit

If I found the correct manual for the M-audio interface the original author used to record the FLAC files, the line in and line out were both capped at a 48KHz sample rate. It would be interesting to see if a higher fidelity recording would make the impedance from the mud and banana more noticeable.

If you appreciate the under-reported #InfoSec & #DataPrivacy news content I share every week, please support what I do by signing up for my newsletter. sherpaintelligence.substack.com

I'm really proud of the content I provide and subscribers make my work possible.

Repost & share with your network!

Screenshot of my blog post to share information on this Lumma Stealer infection with follow-up malware.

2025-12-30 (Tuesday): #LummaStealer infection with follow-up malware. A #pcap of the infection traffic, the associated #Lumma with follow-up #malware samples, and some IOCs are available at www.malware-traffic-analysis.net/2025/12/30/i...

Sunset over a frozen lake

Our Labs love the snow. They’re 11 & 12, and it makes them act like puppies.

“He got you, didn’t he?”

If I won the lottery, I might not tell anyone, but there would be signs.

The back story on how that performance came together is amazing, too. And so many of the songs have cool stories behind them (or after them, like Onyx & Biohazard).

I mean, the movie was the excuse to make the soundtrack. But who cares? They made the soundtrack.

Evil Corp: 1. Zeus Podcast Episode · Cyber Hack · S3 E1 · 39m

BBC has the goods

podcasts.apple.com/us/podcast/c...

Keynote | SLEUTHCON 2025 June 6th, SLEUTHCON 2025 in Arlington, VA Presented by Paul Melson

Check out his full talk here:
www.google.com/url?sa=t&sou...

Paul Melson joined us this year as our keynote speaker to talk about the history of crimeware and its evolution through the years.

In his keynote he also gives some good advice to those who are in the field and creating their professional network. Check out what he had to say!

If you’re not already alerting on

CONHOST.EXE spawning CMD.EXE spawning WGET.EXE

or

CONHOST.EXE spawning CONHOST.EXE spawning CONHOST.EXE

you’re gonna want to close that gap today.

Are weekly dental cleanings a thing?

Keynote | SLEUTHCON 2025 YouTube video by SLEUTHCON

ICYMI: Paul Melson, VP of Cyber Intelligence Engineering at Capital One, delivered the SLEUTHCON 2025 keynote!

Watch here >> www.youtube.com/watch?v=9FvB...

That’s great

Happy International Dog Day, hope you spent it with your best friends

Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities targeting internet-facing SharePoint servers. In addition, we have observed a...

Don’t miss the use of ngrok for tunneling here. Continue to see malicious actors use this service to hide C2. Ngrok uses AWS IPs across multiple zones for egress NAT. I recommend sinkholing their domains across your network.
ngrok[.]com
ngrok[.]io
ngrok-free[.]app

www.microsoft.com/en-us/securi...

It’s that time again, apparently.

Paul Melson's Brief History of Crime[ware] was a lovely (?!) trip down memory lane. I'm old too, @pmelson.bsky.social
#SLEUTHCON #traumamemories

It is my position that Chatham House rules and TLP should extend to any trolling that takes place in those channels and venues.

New keynote drop: Paul Melson is taking the SLEUTHCON stage to dissect the rise of crime[ware]—how it started, how it scaled, and how we shut it down.
23+ yrs defending networks. ScumBots founder. Now VP @ Capital One.
🎤 June 6
📍IRL + virtual
🎟️ Tix moving fast - sleuthcon.com
🗓️ CFP closes April 18

So simple, but what a can of worms. It emphasizes why detection pipelines with multiple, conditional rounds are needed. Ideally you’d catch this with a simple string match for the reg key after it’s been through a generic deobfuscation round that drops non-alphanumeric characters.

Took this at sunset in Fall in Minnesota:

Undulating Clouds This blog provides updated forecasts and comments on current weather or other topics

They’re called Asperitas clouds:

cliffmass.blogspot.com/2024/04/undu...

Today I am thankful for all of the folks working a shift and watching the wires to keep us safe. I see you and I appreciate you.

The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...

@volexity.com’s latest blog post describes in detail how a Russian APT used a new attack technique, the “Nearest Neighbor Attack”, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world. 
 
Read more here: www.volexity.com/blog/2024/11...