Profile avatar
bugfire.io
malware detection and analysis, hunting and gathering, threat research
142 posts 87 followers 133 following
Regular Contributor
Active Commenter
Posts 27 Comments 23

Post I wrote for my employer on other social media: 2025-02-18 (Tues): Legit but compromised websites with injected script for #SmartApeSG lead to a fake browser update for #NetSupportRAT malware. During an infection run, we saw follow-up malware for #StealC. Details at github.com/PaloAltoNetw...

submitted 3 days ago • 1 comment

🔥 Episode 5 of Behind the Binary is here! This episode features Saumil Shah, a renowned hacker & educator! We discuss the evolution of reverse engineering tools and techniques, from manual approaches to AI-driven automation, and he shares his insights on the future of the field

submitted 10 days ago • 0 comments

🔥 Live streams resume this week! Greg Lesnewich joins us to talk about 100 Days of Yara, some Yara rule tips and the current state of email borne threats! https://buff.ly/4gukMSN 🗓️ Thursday at 2pm CST

submitted 12 days ago • 0 comments

🎙️New episode! I've made this one based on my notes on the subject🙂I'll eventually turn them into a blog post that dives a bit deeper. 🔗Listen to it here: creators.spotify.com... ➛ Parts 1️⃣ Case Study – thedfirreport.com/20... 2️⃣ Attacker Mistakes+Psychology 3️⃣ Defense Strategies

submitted 12 days ago • 0 comments

I had been such an early fan of SpaceX and the awesome innovation and possibilities that lay before it. Now with the current state of affairs with its leader, I’ve lost that enthusiasm and saddened by the prospects that lie ahead. Hoping for some type of turn of events soon to restore my faith.

submitted 15 days ago • 0 comments

⌛ This series will take you through installing WinDbg and configuring Binary Ninja to use the WinDbg engine to create and use TTD traces. It will also show you how to capture TTD traces and replay them in Binary Ninja 👇

submitted 16 days ago • 0 comments

2025-02-05 (Wednesday): #ClearFake / #ClickFix style fake CAPTCHA leads to possible #Vidar. Vidar C2 using eteherealpath[.]top behind Cloudflare. Details at github.com/malware-traf...

submitted 17 days ago • 1 comment

What an interesting instagram account takeover spam link. First they suspend your account then send you these fake recovery links. Seems like they target folks with ads accounts specifically.

submitted 18 days ago • 0 comments

Well this is quite timely. Per a previous book recommendation from @malwareindepth.com for "Attribution of Advanced Persistent Threats" that is from 2021 (which is excellent BTW) there's this nugget about half way through:

submitted 18 days ago • 1 comment

This is an insightful read and perspective on what the US has become: www.huffpost.com/entry/moved-...

submitted 20 days ago • 0 comments

This is excellent!!

submitted 20 days ago • 0 comments

2025-01-31 (Friday): Two pcaps with traffic of AgentTesla-style data exfil. One #pcap has FTP exfil, while the other has SMTP exfil. Pcaps are available at www.malware-traffic-analysis.net/2025/01/31/i...

submitted 22 days ago • 0 comments

📣 New video drop - in this video I discuss ways to detect shellcode entry point using properties of position independence. Nothing advanced but a helpful technique when you lack context on the shellcode 👇

submitted 23 days ago • 0 comments

Social media accounts whenever a new online article about #DeepSeek is posted.

submitted 23 days ago • 1 comment

Exciting update to our blog! As part of our ongoing research we identified some public Github repos being leveraged that, I'm happy to say, are no longer active! More details--plus some IOCs for still-active sites--in the update. redcanary.com/blog/threat-...

submitted 23 days ago • 0 comments

It’s tax season so of course I’m blogging the scams www.proofpoint.com/us/blog/thre...

submitted 25 days ago • 0 comments

🎙️ New podcast episode is live! I used my experience as an Incident Responder and provided it to NotebookLM to turn into a podcast. Wondering what it feels like to be in IR? This episode shares most responsibilities, true to life for 99% of IR folks. Hope you enjoy: creators.spotify.com...

submitted 27 days ago • 0 comments

No live streams this week so why not learn more about the PE file format?! This video discusses the AddressOfEntryPoint and techniques for finding main in tools such as IDA Pro 👇 https://buff.ly/4haGIDu Need more PE (and who doesn't)? Give this playlist a view: https://buff.ly/4aO0lz3

submitted 26 days ago • 0 comments

🦔 📹 New Video: Binary Refinery deobfuscation of a LummaStealer loader (PowerShell, JScript) www.youtube.com/watch?v=kHU_... #MalwareAnalysisForHedgehogs #PowerShell #JScript

submitted 27 days ago • 0 comments

Bills & Chiefs down to the wire!

submitted 27 days ago • 0 comments

Hey folks! Kicking off my Bluesky debut with a new Red Canary bird debut. This month we introduced Tangerine Turkey, Red Canary's name for a VBS worm that is delivered via an infected USB and uses a printui DLL hijack to deliver a cryptomining payload. Here's our blog! redcanary.com/blog/threat-...

submitted 29 days ago • 0 comments

A malware campaign named J-magic is exploiting vulnerabilities in Juniper Networks routers using a custom backdoor. This allows attackers to gain control of devices and steal data. Ensure your systems are updated to mitigate this #threat. Stay safe in the #cybersecurity landscape.

submitted 28 days ago • 0 comments

submitted 29 days ago • 0 comments

2025-01-22 (Wednesday): #TrafficAnalysisExercise: Download from fake software site. I've posted a traffic analysis exercise based on the same type of #Malvertizing I wrote about for my employer at github.com/PaloAltoNetw... The exercise #pcap is at www.malware-traffic-analysis.net/2025/01/22/i...

submitted 30 days ago • 0 comments

Released my new blogpost: "A beginner(s) guide to hunting web-based credit card skimmers" My experience on how to detect and analyze skimming campaigns using free tools like Validin, URLscan and FoFa. Includes WebSocket analysis and new IOCs! https://gi7w0rm.medium.com/a-beginner-s-guide-to-huntin…

submitted 30 days ago • 2 comments

As the Chief of NSA's Cybersecurity Collaboration Center, Kristina Walter is focused on scaling the NSA's collaborative partnerships with domestic companies to enhance cyber threat intel for defensive purposes. Stream DISCARDED to hear her expert insights: www.proofpoint.com/us/podcasts/....

submitted 31 days ago • 0 comments

@greg-l.bsky.social will be outstanding, looking forward to it

submitted 33 days ago • 0 comments