New blog post: Data Driven Detection Engineering.

In which I argue for stronger software engineering skills in cybersecurity, and a focus on data engineering.

jvehent.org/2023/04/16/Dat…

— Julien Vehent (@jvehent)
3:21 PM • Apr 16, 2023

software is eating the world - and spitting most of it back out again looking slightly chewed, soggy and half-eaten, as it moves on to the next thing that you used to be able to rely on

— Mary Branscombe (@marypcbuk)
10:03 PM • Feb 2, 2018

New Blog Post:
"The LockBit ransomware (kinda) comes for macOS":  🍎🔐

Includes full technical analysis of LockBit's macOS arm64 variant ("locker_Apple_M1_64") + sample for download + heuristic methods of detection 🔥

H/T @malwrhunterteam@vxunderground

— Patrick Wardle (@patrickwardle)
11:59 PM • Apr 16, 2023

"focus on my private life with my remaining apes" -- a new phrase to bounce around my head for the next week

— james hennessy (@jrhennessy)
12:31 AM • Apr 17, 2023

Here are the slides for my keynote, 'Mobile Exploitation, the past, present, and the future' at #Zer0Con2023. Zer0con was a blast as always, thank you @POC_Crew!! 🚀💫

github.com/externalist/pr…

— Ahn Ki Chan (@Externalist)
3:45 PM • Apr 16, 2023

BREAKING: mercenary #spyware developer #QuaDream is closing on heels last week's @citizenlab report.

Per Israeli media just now. 1/

By @omerka & @mei@meirorbachory:httpcalcalist.co.il/calcalistech/a…pp

— John Scott-Railton (@jsrailton)
5:13 PM • Apr 16, 2023

Now in English:
Israeli spyware maker QuaDream closes, fires all employees

@omerbenj

— avi scharf (@avischarf)
7:35 PM • Apr 16, 2023

Cobalt Strike redirector technique used recently by Russian APT29/Nobellium ⚡️

This is a Red Team technique (T1090.002 External Proxy)
attack.mitre.org/techniques/T10…
to hide C2 behind a legit website.

This could be very useful for Threat Hunters/Intel to set up a hypothesis/monitor… twitter.com/i/web/status/1…

— Michael Koczwara (@MichalKoczwara)
12:34 PM • Apr 16, 2023