twitter Infosec charlatans providing incident response updates for a case they aren’t working

When Bryce went to Bryce, Bryce bought Van a Bryce shirt. So when Van went to Bryce, Van bought Bryce a Bryce shirt. Now Bryce must go to Van and buy Van a Van shirt. #vancity #MYcity

happy holidays

my nfl team has a bye week so I am gonna curl up and watch my favorite Disney Pixar film today

update, semi yearly quarterly cyber crime power tiers

Friday drop - a lil POC for trying to find similarity across Macho files!

tl;dr two scripts to get:
🔧 dylib hash (dependencies)
🏗️ export hash
🛂 import hash
👷‍♂️ certificate name

hoping we can use this to a our quick pivots across Mac malware !

github.com/g-les/macho_si…

Another great LABScon

Nice work Brendan and Ray

when the ransomware UNC invites a new guy who has negative reputation to the group

Incredible reporting detailing the vulnerability ecosystem within China, and how that very ecosystem enables their cyber actors.

qakbot admins asking how many bots remain online

Mandiant Just dropped our deep-dive analysis on the #UNC4841 🇨🇳 global espionage campaign exploiting a 0-day in Barracuda ESG appliances since OCT 2022. We include more information about how #UNC4841 responded to remediation activities
mandiant.com/resources/blog…

Today we launched a 🔎 scanning tool for orgs to search their Citrix netscalers for evidence of CVE-2023-3519 post-exploration. You can run this direct on the ADC or against a forensic image. With public POCs out there expect more exploitation!

mandiant.com/resources/blog…
#DFIR

chinese APT in peoples DMs

Mandiant is releasing details on a targeted North Korean 🇰🇵 supply chain attack that leveraged JumpCloud. Our investigation at a downstream victim uncovered useful MacOS artifacts, OPSEC fumbles, and continued targeting of cryptocurrency verticals.
mandiant.com/resources/blog…