Profile avatar
validhorizon.bsky.social
Thought Trailer, Cyber Threat Intel, DFIR. He/Him. Bucketing, sharing, and bacon-saving as a service. https://validhorizon.medium.com/
532 posts 3,121 followers 194 following
Prolific Poster
Conversation Starter
Posts 31 Comments 18

NEW REPORT: Russia's state-backed hackers have a new trick. In collab w/ Google Threat Intelligence Group, we investigated an attack against prominent Russian expert @keirgiles.bsky.social & uncovered an elaborate attack targeting App-Specific Passwords (ASPs). citizenlab.ca/2025/06/russ...

submitted 16 hours ago • 1 comment

"Inside the BlueNoroff Web3 macOS Intrusion Analysis" published by Huntress. #BlueNoroff, #macOS, #DPRK, #CTI https://www.huntress.com/blog/inside-bluenoroff-web3-intrusion-analysis

submitted 15 hours ago • 0 comments

Bluesky should not be like a Signal chat where we just let in whoever and debating someone who argues purely in bad faith is a waste of everyone’s time. Time to block and continue about your day.

submitted 14 hours ago • 0 comments

🚨NEW REPORT: exposing clever new hacking tactic. 🇷🇺Russian state-backed hackers used an App-Specific Password attack against prominent Russia expert @keirgiles.bsky.social It's like they knew what we all expect from 🇷🇺...and then did the opposite 1/ By us @citizenlab.ca & Google's GTIG

submitted 18 hours ago • 10 comments

Today was quite the week apnews.com/article/iran...

submitted 6 days ago • 0 comments

“Headlines have blamed over-hiring during the pandemic and, more recently, AI. But beneath the surface was a hidden accelerant: a change to what’s known as Section 174 that helped gut in-house software and product development teams everywhere..” qz.com/tech-layoffs...

submitted 9 days ago • 0 comments

Paywalled which is annoying but contains attribution of the Coinbase incident to folks from the Comm. fortune.com/crypto/2025/...

submitted 13 days ago • 0 comments

I’ll be honest, even if he wakes up tomorrow in Guantanamo with alligator clips on his scrotum, his last words should be “thank god I didn’t beef with Kendrick Lamar”

submitted 13 days ago • 0 comments

Last day to get your @sleuthcon.bsky.social tickets!!!

submitted 14 days ago • 0 comments

We are excited to announce FTSCon 2025 on October 20, 2025, in Arlington VA! Registration is now OPEN + we have a Call for Speakers. Following FTSCon will be a 4-day Malware & Memory Forensics Training course with Volatility 3. See the full details here: volatilityfoundation.org/announcing-f...

submitted 26 days ago • 0 comments

Really excited to see this research go live. We found 400 web based HMIs for US Water facilities open on Censys. With the EPA, we helped reduced that exposure by over 94%. https://censys.com/blog/turning-off-the-information-flow-working-with-the-epa-to-secure-hundreds-of-exposed-water-hmis

submitted 13 days ago • 3 comments

I could probably talk for an hour non-stop about this crosswalk. About what got included and didn’t. About the asterisk. About the value of attribution. The significance of multiple entries. About choosing to do this with images instead of text. About the why of all of this.

submitted 16 days ago • 1 comment

An analyst told me that their leadership expects them to complete alert triage to root cause analysis within 15 minutes. What are some of the problems with this?

submitted 20 days ago • 3 comments

One week until @sleuthcon.bsky.social! Hope to see many of you at the best cybercrime conference of the year. (And grab a ticket while you still can!) #SLEUTHCON

submitted 20 days ago • 1 comment

Not sure what this means for the Red Canary folks I’ve worked with I’ve the years but hopefully moar dataz!

submitted 22 days ago • 0 comments

Crowdstrike managed to out-terrible Microsoft’s naming scheme!

submitted 22 days ago • 1 comment

Fascinating retrospective read on an iOS exploit, but the most interesting part might be the Aftermath section. Apparently Apple shifted gears with iOS 14 and started implementing deep mitigations, which despite not perfect really changed the game. blog.siguza.net/tachy0n/#:~:...

submitted 25 days ago • 0 comments

The day-to-day of China-based APTs and their supporting ecosystem (2021-present, colorised)

submitted 28 days ago • 1 comment

Check out the new DISCARDED episode! Had too much fun recording my first podcast with @selenalarson.bsky.social and Sarah on my ClickFix crossover blog!! Podcast: podcasts.apple.com/us/podcast/d... Blog: www.proofpoint.com/us/blog/thre...

submitted 35 days ago • 1 comment

Went into this blog expecting results from a single IR + netflow analysis and hooboy was I wildly wrong. blog.eclecticiq.com/china-nexus-...

submitted 36 days ago • 0 comments

This is not what patch Tuesday means. forums.ivanti.com/s/article/Se...

submitted 36 days ago • 0 comments

Great research on Sea Turtle but also god help any organization using this random internal messenger app in 2025. www.microsoft.com/en-us/securi...

submitted 37 days ago • 0 comments

@greg-l.bsky.social drops knowledge on TA406 (Konni) as North Korea shows new interest in Ukraine, likely to keep tabs on the progress of the war and Russia's ability to keep pace on the battlefield www.proofpoint.com/us/blog/thre...

submitted 37 days ago • 0 comments

This report has no right to be this good.

submitted 44 days ago • 0 comments

I’ll teach a rare, public, online session of my Paralus #CTI #CyberThreatIntel + #DetectionEngineering & #ThreatHunting (DE&TH) in July - register your interest at the following form: forms.gle/AkdPY7pvQZ6o...

submitted 45 days ago • 0 comments

Is this still Signalgate or do we need a new scandal name? Probably gonna need to factor in that there will be at least 5 more dumb comm’s scandals coming.

submitted 45 days ago • 0 comments

I don’t 100% agree with this analogy but most of my disagreements are edge cases or because I know some much sketchier gym dudes than Joe.

submitted 46 days ago • 0 comments

Investigation Scenario 🔎 You’ve discovered a developer workstation running an FTP server. The system owner is on vacation and can’t be reached. What do you look for to investigate whether an incident occurred, its source, and its impact? #InvestigationPath #DFIR #SOC

submitted 51 days ago • 0 comments

Why yes I did just achieve the pinnacle of my social media career, why do you ask.

submitted 54 days ago • 0 comments

Ok so this is a pretty good blog but if I had any hair, I would’ve torn it out trying to figure out what the exploit was. Also big sigh for only three MD5s for malware that is not in VT. securelist.com/operation-sy...

submitted 54 days ago • 0 comments

I have speculation about attribution for this based on targeting but nothing else lines up. Interesting activity though and Trend Micro blogs always seem to go under the radar, probably cause of their terrible naming convention. www.trendmicro.com/en_us/resear...

submitted 54 days ago • 0 comments