2026-04-16 (Thursday): #pcap and #malware samples from the #LummaStealer infection with #SectopRAT ( #ArechClient2 ) that I documented in an ISC diary at isc.sans.edu/diary/Lumma+...

Going to be a long season, but good to see Wetherholt step right up!

Alec Burleson's big blast caps Cardinals' 8-run rally in sixth to shock Rays, win opener Free article: Top prospect JJ Wetherholt also homered, but it was the decisive sixth-inning outburst of eight runs and eight hits that led to the 9-7 victory.

A solid start to my ball club’s season

So I always like to go "What would have happened had a Marine done this in Afghanistan" and it's so obvious in this case as to make the exercise moot.

Senior official at Indo-Pacific Command is set to be Trump’s pick to lead Cyber Command, NSA The president has taken steps to nominate Army Lt. Gen. Joshua Rudd, deputy chief of U.S. Indo-Pacific Command, to lead U.S. Cyber Command and the National Security Agency.

NEW: President Donald Trump has taken steps to nominate Army Lt. Gen. Joshua Rudd, the deputy chief of U.S. Indo-Pacific Command, to head the military's Cyber Command and the National Security Agency.

ON @therecordmedia.bsky.social

therecord.media/joshua-rudd-...

Happy Birthday, Marines!

Gummy nerds are the best. Fueled with them on my last ultra, and just gave out tons of them tonight!

Bring back the BBS!

Congrats to those selected for TLS!

www.marines.mil/News/Message...

The Marine Corps Americans Want Can’t Be Derailed by a Fake Crisis - War on the Rocks The Marine Corps relies on a sense of crisis to promote and prevent change more than any other institution I’ve come across. As one well-known Marine

Preach.

Image showing how someone gets from a link in a social media post to arrive at the downloaded archive.

Image showing how someone would extract malware from the downloaded archive. From zip archive to password-protected 7-Zip archive to zip archive to extracted Windows executable (.exe) file.

Traffic from an infection filtered in Wireshark.

How I picture someone would actually run this malware.

2025-06-20 (Friday): Post I wrote for my employer on other social media about distribution of #malware disguised as cracked software. The malware is contained in password-protected 7-Zip archives to avoid detection. #pcap and malware files at www.malware-traffic-analysis.net/2025/06/20/i...

Screenshot of the web page for the associated blog post.

2025-06-21 (Saturday): #KoiLoader / #KoiStealer infection. #pcap of the infection traffic, associated malware/files, and some of the indicators available at www.malware-traffic-analysis.net/2025/06/21/i...

I will be speaking at @kernelcon.bsky.social on Fri, Apr 3rd. The talk will cover previously-unreported features of the sedexp Linux malware found in the wild - including loading of a memory-only rootkit! Talk will cover how the rootkit was discovered & how to analyze with @volatilityfoundation.org

tcpdump, wireshark - can’t be beat.

I surprise myself with how I often I ask about the pcap for a given thing (iykyk). And I’m just some dumb dumb LtCol Marine 😂

These are great!

Every SCIF dweller is going to respond to this like how I posted CISSP CPEs for a decade: "Worked on projects relating to national security that cannot be publicly disclosed or documented."

250 years …semiquincentennial. Doesn’t exactly roll of the tongue, but the Birthday ball should be a good one this year!

I see what you did there…

After I got settled, I had to guide a new guy to the visitor center. My directions were apparently substandard….he lost at least an hour of his day 🤣

Yep. Run that gate. It will go smooth. Very smooth…🤣

Enjoy it!

Buying or selling? 🤣

Been using it for a couple years now. Dead simple config in your dotfiles.

Newsboat, but I’m good living from my terminal for the news. Prefer to be off my phone to do any reading.

Two hour run in six inches of snow? Yep.

Not the smartest, probably, but peaceful!

But surely this new tool will solve the issue…

Headlines retrospectively discussing the “sinister turn” in China nexus intrusion for OPE are telling. No, this wasn’t just a new problem in ‘24; they have been ongoing since at least ‘08 if not earlier. You are just now noticing.

Interesting #infosec role for those inclined to work in the doing good space:
www.habitat.org/about/career...