About

Threat research / intelligence human big into YARA, infrastructure tracking, and weird artifacts

Selected Publications

• TA422’s Dedicated Exploitation Loop—the Same Week After Week
• TA444: The APT Startup Aimed at Acquisition (of Your Funds)
• Webshell Madness: Full Spectrum Detections for 5 Popular Web Shells
• Annual Adversary Infrastructure Report
• 4 Chinese APT Groups Identified Targeting Mail Server of Afghan Telecommunications Firm Roshan
• Yemeni War Emphasizes Importance of Internet Control in Statecraft and Conflict
• Chinese Threat Actor TEMP.Periscope Targets UK-Based Engineering Company Using Russian APT Techniques

Conference Talks

• Exploring Initial Access Methods of Surprisingly Competent Government Employees
• Star-Gazing Using a Full Galaxy of YARA Methods to Pursue an Apex Actor

Selected Projects

• 100DaysofYARA - Sharing the YARA Love
• floss2yar - Identify Potentially Interesting Decoding Functions, and Codify that w/ YARA
• Macho_Similarity - Conceptual Methods for Finding Commonalities in Macho Files