I’m back from my one-week vacation in Mallorca, tweeps. (had my last vacation during the Follina clusterduck a year ago) Next vacation: 1 week in Switzerland 🇨🇭 in July #OffTopic tweeter.jakobs.systems/i/web/status/166…

That’s how it works

The Mr. Robot effect

So, a TA offers a tool that kills all EDRs/AVs and all we got is a short video clip All we know is it uses the HxD icon & is named "terminator" Let's write a YARA rule to detect it (& other malware using the HxD icon) Report linkedin.com/feed/update/urn… YARA github.com/Neo23x0/signature… tweeter.jakobs.systems/i/web/status/166…

dope

Sometimes I leave tabs open for weeks hoping to one day get to them. This one was completely worth it! interaktiv.br.de/elite-hacke…

This „infection“ and „backdoor“ is as inventive as adding a command to .bashrc

{slow claps} ncsc.gov.uk/news/turla-group…

🚨 1/ Ongoing campaign primarily targeting security researchers here on Twitter. Possibly they are trying to exploit some vulnerability in Internet Explorer and database tools like Navicat. I haven't been able to get the malicious payload yet, but something fishy is going on 🤔

Somebody lamented to me that the addition of RAR and 7-Zip support to Windows will open up more attacks. I think those formats are covered pretty well by security products. VHD(X), OTOH, is a much bigger blind spot that I blogged about 4 years ago. Nothing is parsing these still.

I can't believe I've just fine-tuned a 33B-parameter LLM on Google Colab in a few hours.😱 Insane announcement for any of you using open-source LLMs on normal GPUs! 🤯 A new paper has been released, QLoRA, which is nothing short of game-changing for the ability to train and… tweeter.jakobs.systems/i/web/status/166…

A TOX 1.17.6 (current version) RCE 0day is for sale. It would give nerds the ability to pwn literally every ransomware group, and major Threat Actor, on the planet. All it requests is sending a friend request, and the other person accepting it. It is being sold for $500,000