Advertisement · 728 × 90

Posts by tlansec

Post image

Memory-only malware leaves no trace on the file system and is commonly used by threat actors ranging from criminal organizations to ransomware operators to APT groups. In our Volatility 3 training, students gain deep hands on experience analyzing such threats:

memoryanalysis.net/courses-malw...

6 days ago 5 6 0 0
Preview
Release v1.15.0 · VirusTotal/yara-x Add full support for WASM. The whole yara-x create now can be built for WASM (#583, #588, #598). New playground at https://virustotal.github.io/yara-x/playground/ (#601). The yr check command now n...

github.com/VirusTotal/y... - congrats to all involved! These new features are really great!

1 week ago 4 1 1 0
Trenchant Exec Says He Had Depression, Money Troubles When He Decided to Sell Zero Days to Russian Buyer; Also, New Info Reveals Nature of His Work for Australian Intelligence Agency Peter Joseph Williams, a former L3 Trenchant executive recently convicted of secretly selling zero-day exploits to a Russian broker, says he was suffering anxiety, burnout, years of depression, and financial difficulties when he decided to steal exploits from his US employer and sell them to the Russian buyer. Williams, who

High five to everyone who has suffered from anxiety, burnout, and depression without even once stealing 0-days from their employer and selling them to the Russians. www.zetter-zeroday.com/trenchant-ex...

1 week ago 301 53 7 1
@revrrlewis I've played over 1,000 hours of Civilization VI. Here's how Ukraine can defeat Russia. (1/47) Anthony Smith - 2h Replying to @revrrlewis one game of Civ VI and you think you're an expert????

@revrrlewis I've played over 1,000 hours of Civilization VI. Here's how Ukraine can defeat Russia. (1/47) Anthony Smith - 2h Replying to @revrrlewis one game of Civ VI and you think you're an expert????

2 weeks ago 1807 330 8 5
Preview
RIP Metaverse, an $80 Billion Dumpster Fire Nobody Wanted Who could have possibly predicted this, besides everyone?

The complete and utter failure of the metaverse is a reminder [...] that quite often these oligarchs quite simply cannot relate to real people, don’t know how or why people use their products, and very often have no idea what they’re doing www.404media.co/rip-metavers...

1 month ago 226 67 5 8
Post image

📣 #PIVOTcon26 Agenda is here 🤟 We are thrilled to announce the lineup for this year's edition!
2⃣ days and 19 talks from leading #ThreatResearch experts.
The agenda link is in the first comment👇, and the talks and speakers are in the thread.🧵
#CTI #ThreatIntel
1/15

1 month ago 15 10 1 1
Preview
GitHub - volexity/GoResolver: GoResolver is a Go analysis tool using both Go symbol extraction and Control Flow Graph (CFG) similarity to identify and resolve the function symbols of an obfuscated Go ... GoResolver is a Go analysis tool using both Go symbol extraction and Control Flow Graph (CFG) similarity to identify and resolve the function symbols of an obfuscated Go binary. - volexity/GoResolver

@volexity.com recently released GoResolver v1.4, bringing significant updates to our #opensource tool for recovering symbol data from obfuscated Go binaries. This release is available on GitHub: github.com/volexity/GoR... [1/8]

1 month ago 8 5 1 0

This is a bad take. You can’t counter far right narratives on a platform that is designed to amplify only those narratives. Politicians should set the example.

And journalist should get off of it too.

1 month ago 53 11 2 1
Post image

SOS returns to Brussels on October 22, 2026!

As the geopolitical landscape rifts, hybrid threats continue to adapt & evolve. We provide a forum for observers of state-aligned sabotage, espionage, and more to share research with an action-oriented community.

Stay tuned for more announcements!

2 months ago 6 5 0 0
Advertisement

It's like F1 but with people instead of cars.

2 months ago 0 0 1 0
Video

We’re just normal men

2 months ago 2401 886 17 35
Preview
two purple beach chairs on the beach with the words these are waiting for us ALT: two purple beach chairs on the beach with the words these are waiting for us

Reminder that the #PIVOTcon2026 CFP closes this Friday, February 6. Get those papers in. We want to see you at @pivotcon.bsky.social in Malaga! 😎

2 months ago 7 5 0 0
Security Update Guide - Microsoft Security Response Center

You say "Security Feature Bypass"... I say.... "Remote Code Execution":

msrc.microsoft.com/update-guide...

2 months ago 12 6 1 0
Preview
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom.

For folks looking for Notepad++ IoCs, @rapid7.com just dropped a write-up. www.rapid7.com/blog/post/tr...

2 months ago 7 5 1 0
Post image Post image Post image Post image

#apt #unk via VT
BULLETEN_H.doc 7c396677848776f9824ebe408bbba943
1291.doc d47261e52335b516a777da368208ee91
Courses.doc 2f7b4dca1c79e525aef8da537294a6c4
Consultation_Topics_Ukraine(Final).doc 95e59536455a089ced64f5af2539a449
freefoodaid[.]com wellnessmedcare[.]org

2 months ago 2 1 0 1

A++

2 months ago 2 0 0 0

I promise you. I absolutely guarantee. You are not ready for what happens when you click this link. ovu.moe

2 months ago 247 42 121 42
Advertisement

WHAT?!?

LABYRINTHM CHOLLIMA is evolving!

Congratulations

Your LABYRINTH CHOLLIMA evolved into LABYRINTH CHOLLIMA!

2 months ago 5 1 2 0

That parameter is also a palindrome and does the same thing in reverse!

2 months ago 2 0 1 0
Preview
Release v1.11.0 · VirusTotal/yara-x Make the parser stricter (#502). Implement dex module (#458). Implement C api console log (#515). Implement permhash for the crx module (#510). Implement the imports() method for the Rules object i...

github.com/VirusTotal/y... - 1.11.0 is out! Lots of new features, modules and bug fixes. Read the release notes and congrats to Victor and the contributors!

3 months ago 7 3 0 0
Post image

Microsoft is so fucking stupid.

Microsoft renamed Microsoft Office to Microsoft 365 Copilot App

I'm not joking

3 months ago 2196 529 163 728
Post image

Volexity Volcano Server & Volcano One v25.12.18 adds 300+ YARA rules, full parsing of Windows prefetch and Linux cron jobs, inline syscall hooking detection, and 5-level page table support. [1/3]

3 months ago 1 1 1 0

Narrator Voice: And so thousands of infosec people looking for relevance and attention logged into VirusTotal looking for samples uploaded from Venezuela in the last year.

3 months ago 11 2 0 0

finally, we're living through precedented times

3 months ago 18336 2372 200 93
Post image

Some phishers have taken inspiration from Russian cyber-espionage group UTA0355 and are using a technique that tricks users into sharing their OAuth material in a web page (UAT0355 did it via email replies)

pushsecurity.com/blog/consent...

4 months ago 11 1 0 0

everyone in the uk, internally hears: _OH DARLING HOLD MY HAND_

4 months ago 3 0 0 0
Advertisement
Post image

A study in the evolution of SVR cyberespionage tradecraft

4 months ago 22 4 0 1
Preview
Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks In early 2025, Volexity published two blog posts detailing a new trend among Russian threat actors targeting organizations through the abuse of Microsoft 365 OAuth and Device Code authentication workf...

@volexity.com tracks a variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials, which continue to see success due to creative social engineering. Our latest blog post details Russian threat actor UTA0355’s campaigns impersonating European security events.

4 months ago 10 8 0 0

On the plus side, everytime there's a Cloudflare outage 1000s of threat actors around the world have their malware C2 go down for a few hours.

4 months ago 11 1 0 0

I don't work for Insikit group.

4 months ago 0 0 1 0