stvemillertime.bsky.social - Profile | ThreadSky | a Reddit-style client for Bluesky

SSH is the cyber blood magick of both the world's most stalwart orgs and the world's toughest adversaries.

submitted 2 days ago • 0 comments

You’re an MSS or SVR cyber targeter who’s spent years trying to find an access vector into SPS/PAM; then suddenly a pack of high-profile, right-wing, edgelord zoomers — who will definitely click on any link they think will get them laid — just get admin access. Prepositioning acquisition speedrun.

submitted 19 days ago • 3 comments

Years of mediocre gen AI commodities will birth a generation of neo-luddites who refuse to delegate the joys of art, music, writing & human connection to machines. They'll sketch, read human-gen pBooks, buy vinyls at concerts, share hand-written original pre-trend non-memes.

submitted 44 days ago • 1 comment

If you want to test out my YARA rule linting work use this PR: github.com/VirusTotal/y... If you want to get the basic gist of it, this config file change has documentation on it: github.com/VirusTotal/y... Just set it in your config file and use "yr check" for now. Happy #100DaysOfYARA. ;)

submitted 45 days ago • 1 comment

Which subscription news services do you pay for? I want premium, non content farm, mostly human-written science, tech, security news. I'm considering things like The Information, 404 media, MIT Tech Review, etc, but looking for recommendations. (I get NYT, AP, Reuters already)

submitted 54 days ago • 4 comments

A unique finding, a novel artifact, a hidden curio, a piece of something yet unknown to the world. With each discovery comes a bewitching temptation to believe you alone know a secret, and own it.

submitted 70 days ago • 0 comments

In your opinion, what are the differences between cyber security journalism and cyber threat intelligence?

submitted 72 days ago • 8 comments

How would you detect something like this, generically? SOFT_WARE\Micros_oft\Win_dows\Curr_entVer_sion\Ru_n

submitted 78 days ago • 6 comments

Lovely creature comforts in YARA-X such as basic stats for scanned, match number and time. 502551 file(s) scanned in 35.8s. 0 file(s) matched.

submitted 78 days ago • 1 comment

I often use my personal SIGINT experiences to describe CN APT groups, and rightly accused of mirroring bias. Still, CN has been pillaging and imitating us for decades, so if you want to see what they're up to today on the CNO front, look at what the IC was doing 10+ years ago.

submitted 79 days ago • 0 comments

Curate your collection

submitted 79 days ago • 1 comment

There is no "right" way to write YARA rules. You may dislike my rule format preferences or content decisions, just as I might dislike your document with bland vocabulary, unimaginative prose. There are ineffective ways to use YARA, but there's no right way. Find your style.

submitted 80 days ago • 2 comments

While I don’t necessarily disagree I think a lot of the NIH syndrome comes from the fact that they have built decades of engineering foundations and often shoe-horning outside tech to work with it is a lot of work and a maintenance nightmare. It’s more about intertia than hubris.

submitted 81 days ago • 1 comment

There is a latent hubris in both msft & goog that any problem is solvable w/ their own tech because of prior successes & massive amounts of resources. I think this is foolish because I often see smaller, less "powerful" tools out-perform goliath systems through elegant design.

submitted 81 days ago • 0 comments

There's a cool course called "Smiller for Security Analysts" and its basically three straight weeks of me waving my hands and going on about YARA and tradecraft and malware and detection, which can be helpful (and fun!) for folks who are getting into that stuff.

submitted 83 days ago • 0 comments

Binary Ninja plugin for copy and pasting bytes into YARA friendly format, courtesy of @re.wtf github.com/ald3ns/copy-... Rumor has it there's a next-generation version in the works that will probably blow your mind.

submitted 88 days ago • 0 comments

I've not spoken to many analysts who feel they are properly equipped to do their best work. Most feel they could be moving faster, scaling bigger, helping more, if only they had the right vehicles, tooling, data. I wonder if thats because we're critics (in good & bad ways).

submitted 89 days ago • 0 comments

In my experience, reverse engineering malware is like one of those sliding block puzzles where there's only one empty space, but instead of being a 5x5 grid of an image, its a tedious 1000x1000 grid of bytes

submitted 89 days ago • 1 comment

Does anyone use FLOSS with Binary Ninja? Do you have to create a script to import the FLOSS json?

submitted 89 days ago • 1 comment

I suppose I don't think DoSing a C2 system is 'hacking back' per se, because I believe the knowledge that made me aware of the C2 node is a qualified invite to the party and more than a sufficient excuse to bring thousands of friends.

submitted 90 days ago • 2 comments

LLMs are nice because you can make lemonade out of a big pile of trash data that you've stored for decades. But on the other hand, your output might still be a distillate of what is ultimately trash to begin with.

submitted 91 days ago • 1 comment

For my #100daysofYARA 2025, I plan to focus on YARA-X experiments and scripting/plugins for Binary Ninja.

submitted 92 days ago • 1 comment

You'd know from my job history that I am not loyal to corporations. Mandiant is no longer a company, but it is still an ethos & an ideology that I believe can transform thinking in the security space, & I will do everything I can to ensure that Google Threat Intelligence carries that spirit forward.

submitted 92 days ago • 0 comments

*downselection of activity not to scale

submitted 93 days ago • 1 comment

When investigating a logic match (YARA/Suricata/Sigma etc rule) we are assessing the extent to which the match aligns w/ the phenomena the rule was meant to describe. This means analysts (SOC/IR etc) need to understand those phenomena & imo rule metadata is consistently insufficient.

submitted 94 days ago • 0 comments

It can be helpful to think about what you're trying to get away from. What is the "South Star" for your product, organization, or workflow? Given how much time I spend copying and pasting data from one system to another, Ctrl+C Ctrl-V is my South Star in almost everything.

submitted 96 days ago • 1 comment

It's only an "ORB" if it is from the Cheltenham region of UK, otherwise it is just a sparkling botnet

submitted 97 days ago • 4 comments

Much like the conservation of mass-energy, the "detection evasion paradox" suggests that detection surface area cannot be created nor destroyed, only transformed or transferred to another form. Every attempt to hide generates a new signal.

submitted 97 days ago • 0 comments

I think many UI/UX designers severely underestimate the amount of information I want on my screen. What is the point of my giant, hi-res screen, if you're just going to chew up the real-estate with empty space and oversized nonsense? Sorry, but I do not want a link preview to be half the screen.

submitted 97 days ago • 2 comments

Another example of the "detection evasion paradox" is in the xz backdoor. The developer used Trie encoding of strings to obfuscate the malicious code. But the Trie may have caused the latency in the program that later raised flags to engineers that something was amiss, which I think is pretty funny.

submitted 99 days ago • 1 comment