🙂

Reverse engineers often spend significant time deciphering third-party libraries within firmware. My talk, scheduled for Friday at 5 PM at Reverse, introduces SightHouse, an open-source initiative aimed at automatically identifying third-party functions to enhance analysis efficiency.

A side by side comparison of the original output by Ghidra, and the LLM enriched output.

Ghidra, scripting, LLM, automagic automation. That should grab the attention for this thread. If you want to read the complete blog, you can do so here: www.trellix.com/blogs/resear...
1/n

Many many folks in this effort over the years. Thankful for everyone and hope its of use.

From the World of “Hacker X Files” to the Whitewashed Business Sphere Jiang Jintao’s journey from hacker to infosec entrepreneur illustrates the blend of ambition, skill, and changes in China's cybersecurity industry

The Natto Team continues finding stories of Chinese hackers fascinating as they reveal the motivations behind cyber operations and the evolution of China's information security industry.

nattothoughts.substack.com/p/stories-of...

The May release for ACCE includes updates and support including #AurotunStealer #rutserv #PupkinStealer #PE32Ransomware #Interlock www.ciphertechsolutions.com/acce-release...

Russia – Attribution of cyber attacks on France to the Russian military intelligence service (APT28) (29.04.25) France condemns in the strongest terms the use by Russia's military intelligence service (GRU) of the APT28 attack group, at the origin of several (…)

France just called out GRU Unit 20728 (166th Research Information Centre), posted up in Rostov-on-Don, for cyberattacks. Kremlin got new ops on the board.

www.diplomatie.gouv.fr/en/country-f...

@wylienewmark.bsky.social

Hunting Botnets With CursorAI, GreyNoise, Censys, and Censeye Threat hunting is made easier and simpler by combining the power of Censys, GreyNoise, CursorAI, and Censeye.

Yall are beyond not ready about the shit we're cooking up with @censys.bsky.social and @greynoise.io powers combined

censys.com/blog/hunting...

I'm always a big fan of @agreenberg.bsky.social's writing, but I don't see a clear reason to believe these six stories are connected to "lesser-known hacker groups."

S02E01: Smoked Customers

operation-endgame.com

It's here!

S02E01: Smoked customers

Tick Tock ⏰

"A Slice Of" Modern Program Analysis - Kyle Martin

Kyle's talk at Insomni'Hack is live! youtu.be/I0PoE0IdtmE?...

Check it out if you're interested in a slice of modern program analysis and try the latest version of Tanto as well, in the plugin manager or at github.com/Vector35/tanto

Cool stuff. Kudos to whoever at Censys wrote this. I researched the ORB network myself but lack access to historical data. Thanks for providing historical visibility.

censys.com/junos-and-re...

Bring Back RiskIQ!

Thanks @pstirparo.bsky.social.

🚨 ALEART 🚨

#UAT-5918 is the new #Winnti! 😂

The decrypted payload is #DOPLUGS.

The R&D team at JuniperNetworks released a detailed 35-page malware analysis report "The RedPenguin Malware Incident", covering the #TINYSHELL components used by #UNC3886, including the C2 protocol structure.

supportportal.juniper.net/sfc/servlet.shepherd/document/download/069Dp00000FzdmIIAR

Justice Department Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns The Justice Department, FBI, Naval Criminal Investigative Service, and Departments of State and the Treasury announced today their coordinated efforts to disrupt and deter the malicious cyber activiti...

APT27 & i-soon hackers charged by DOJ—12 caught as the cats are out of the bag now. Yet APT27’s infra still purrs. Let’s see how they claw back from this!

www.justice.gov/opa/pr/justi...

If possible can you share the prompt?

Yeah, none of the LLMs are capable of that yet. Maybe soon?

Cybersecurity and Infrastructure Security Agency on X: "CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security." / X CISA’s mission is to defend against all cyber threats to U.S. Critical Infrastructure, including from Russia. There has been no change in our posture. Any reporting to the contrary is fake and undermines our national security.

CISA is stepping back too!!?
It seems they have a different opinion though
x.com/CISAgov/stat...

Epic collab, UNC4899 🤝 UNC5267

FBI official advisory on Bybit crypto theft
www.ic3.gov/PSA/2025/PSA...

Shodan Shodan Trends - Discover how the Internet has changed over time.

@shodanhq.bsky.social Awesome! Shodan History is back in the UI. Nice!!! Thank you.
But I have a question regarding trends.shodan.io. all trends I do are stopping at October 2024. Why? Please make them to the current data again. I love it and need it. :)

Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | Google Cloud Blog Russia state-aligned threat actors target Signal Messenger accounts used by individuals of interest to Russia's intelligence services.

Today, Google Threat Intelligence is alerting the community to increasing efforts from several Russia state-aligned threat actors (GRU, FSB, etc.) to compromise Signal Messenger accounts.

cloud.google.com/blog/topics/...

CL0P Ransomware : Latest Attacks - CYFIRMA INTRODUCTION The Cl0p group has been active since early 2019, leveraging vulnerabilities and exploits to encrypt files for ransom. The...

This latest blog from Cyfirma on Cl0p/Cleo exploitation is utter garbage, ignore it.
LLM YARA rule (not even valid syntax), massively inflated statistics, and misleading IOCs and analysis.
www.cyfirma.com/research/cl0...

Cyfirma blogs are trash! 🚮

@cryptolaemus.bsky.social folks are ✨🔥