b4n1shed
@b4n1shed.bsky.social
Security Research, Threat Intelligence, Malware Analysis, Embedded Systems, Misc. Hackery and Shenanigans.
Pinned
b4n1shed
@b4n1shed.bsky.social
· Aug 12
Malvertising campaign leads to PS1Bot, a multi-stage malware framework
Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.”
blog.talosintelligence.com
Excited to announce that we just published our research into "PS1Bot" a multi-stage PowerShell-based modular malware framework being delivered via malvertising campaigns that we've been tracking throughout 2025. Check it out!
blog.talosintelligence.com/ps1bot-malve...
#malware #stealer
blog.talosintelligence.com/ps1bot-malve...
#malware #stealer
Reposted by b4n1shed
🚨 Watch out as the new #PS1Bot malware steals crypto wallets, passwords, and sensitive data, spreading through #malvertising while evading detection.
Read: hackread.com/malvertising...
#CyberSecurity #Malware #Crypto #Keylogger
Read: hackread.com/malvertising...
#CyberSecurity #Malware #Crypto #Keylogger
New Malvertising Attack Spreads Crypto Stealing PS1Bot Malware
Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
hackread.com
August 14, 2025 at 9:15 PM
🚨 Watch out as the new #PS1Bot malware steals crypto wallets, passwords, and sensitive data, spreading through #malvertising while evading detection.
Read: hackread.com/malvertising...
#CyberSecurity #Malware #Crypto #Keylogger
Read: hackread.com/malvertising...
#CyberSecurity #Malware #Crypto #Keylogger
New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks thehackernews.com/2025/08/new-... via @thehackernews.bsky.social
New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks
PS1Bot malvertising campaign uses in-memory PowerShell attacks since early 2025, enabling stealth data theft.
thehackernews.com
August 13, 2025 at 4:13 PM
New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks thehackernews.com/2025/08/new-... via @thehackernews.bsky.social
Excited to announce that we just published our research into "PS1Bot" a multi-stage PowerShell-based modular malware framework being delivered via malvertising campaigns that we've been tracking throughout 2025. Check it out!
blog.talosintelligence.com/ps1bot-malve...
#malware #stealer
blog.talosintelligence.com/ps1bot-malve...
#malware #stealer
Malvertising campaign leads to PS1Bot, a multi-stage malware framework
Cisco Talos has observed an ongoing malware campaign that seeks to infect victims with a multi-stage malware framework, implemented in PowerShell and C#, which we are referring to as “PS1Bot.”
blog.talosintelligence.com
August 12, 2025 at 8:12 PM
Excited to announce that we just published our research into "PS1Bot" a multi-stage PowerShell-based modular malware framework being delivered via malvertising campaigns that we've been tracking throughout 2025. Check it out!
blog.talosintelligence.com/ps1bot-malve...
#malware #stealer
blog.talosintelligence.com/ps1bot-malve...
#malware #stealer
Reposted by b4n1shed
You Wouldn’t Download A Skateboard?
You Wouldn’t Download A Skateboard?
Hackaday Article
hackaday.com
May 30, 2025 at 11:02 PM
You Wouldn’t Download A Skateboard?
Researchers Unveil New Mechanism to Track Compartmentalized Cyber Threats gbhackers.com/new-mechanis...
Researchers Unveil New Mechanism to Track Compartmentalized Cyber Threats
Cisco Talos, in collaboration with The Vertex Project, has introduced an innovative approach to tackle the rising complexity.
gbhackers.com
May 14, 2025 at 2:41 PM
Researchers Unveil New Mechanism to Track Compartmentalized Cyber Threats gbhackers.com/new-mechanis...
Reposted by b4n1shed
Attack kill chains are evolving, and defenders must, too. In this two-part blog, Talos examines how threat actors are working together like never before, and proposes an extension to the Diamond Model: http://cs.co/63324NVHbE
May 13, 2025 at 2:54 PM
Attack kill chains are evolving, and defenders must, too. In this two-part blog, Talos examines how threat actors are working together like never before, and proposes an extension to the Diamond Model: http://cs.co/63324NVHbE
Reposted by b4n1shed
Huge thanks to @vertexproject.bsky.social for updating Synapse to support the new "relationship" context.
We’re excited to see this research foster collaboration and push real change across the threat intelligence community. (3/3)
We’re excited to see this research foster collaboration and push real change across the threat intelligence community. (3/3)
May 13, 2025 at 1:02 PM
Huge thanks to @vertexproject.bsky.social for updating Synapse to support the new "relationship" context.
We’re excited to see this research foster collaboration and push real change across the threat intelligence community. (3/3)
We’re excited to see this research foster collaboration and push real change across the threat intelligence community. (3/3)
Reposted by b4n1shed
In blog 2, we dive into the challenges of investigating compartmentalized campaigns. We share our approach to identifying them and propose an extended Diamond Model with a new "relationship" layer to close the analytical gaps. (2/3)
blog.talosintelligence.com/compartmenta...
blog.talosintelligence.com/compartmenta...
Defining a new methodology for modeling and tracking compartmentalized threats
How do you profile actors and defend your systems when multiple threat actors are working together? In Part 2, Cisco Talos proposes an extended Diamond Model to analyze complex relationships between a...
blog.talosintelligence.com
May 13, 2025 at 1:02 PM
In blog 2, we dive into the challenges of investigating compartmentalized campaigns. We share our approach to identifying them and propose an extended Diamond Model with a new "relationship" layer to close the analytical gaps. (2/3)
blog.talosintelligence.com/compartmenta...
blog.talosintelligence.com/compartmenta...
Reposted by b4n1shed
📡 New blogs out: Compartmentalized attacks are no longer limited to financially motivated actors, state-sponsored groups are adopting them too. We propose a new taxonomy for initial access groups to reflect broader motivations and affiliations. (1/3)
Excited to announce that Asheer Malhotra, @ashl3y-shen.bsky.social, @vventura.bsky.social and I just published a new blog on how initial access groups are changing and propose a new taxonomy to support the latest threats that we are seeing. Check it out!
blog.talosintelligence.com/redefining-i...
blog.talosintelligence.com/redefining-i...
Redefining IABs: Impacts of compartmentalization on threat tracking and modeling
Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations.
blog.talosintelligence.com
May 13, 2025 at 1:02 PM
📡 New blogs out: Compartmentalized attacks are no longer limited to financially motivated actors, state-sponsored groups are adopting them too. We propose a new taxonomy for initial access groups to reflect broader motivations and affiliations. (1/3)
In addition, we have also published a blog proposing an extension to the Diamond Model to support more accurate and comprehensive threat modeling support for compartmentalized intrusion sets. Check it out too!
blog.talosintelligence.com/compartmenta...
blog.talosintelligence.com/compartmenta...
May 13, 2025 at 12:52 PM
In addition, we have also published a blog proposing an extension to the Diamond Model to support more accurate and comprehensive threat modeling support for compartmentalized intrusion sets. Check it out too!
blog.talosintelligence.com/compartmenta...
blog.talosintelligence.com/compartmenta...
Excited to announce that Asheer Malhotra, @ashl3y-shen.bsky.social, @vventura.bsky.social and I just published a new blog on how initial access groups are changing and propose a new taxonomy to support the latest threats that we are seeing. Check it out!
blog.talosintelligence.com/redefining-i...
blog.talosintelligence.com/redefining-i...
Redefining IABs: Impacts of compartmentalization on threat tracking and modeling
Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations.
blog.talosintelligence.com
May 13, 2025 at 12:50 PM
Excited to announce that Asheer Malhotra, @ashl3y-shen.bsky.social, @vventura.bsky.social and I just published a new blog on how initial access groups are changing and propose a new taxonomy to support the latest threats that we are seeing. Check it out!
blog.talosintelligence.com/redefining-i...
blog.talosintelligence.com/redefining-i...
Come catch @infosec-nick.bsky.social and I in DC this coming week to talk compartmentalized intrusions!
Are you attending CTA TIPS next week? Edmund Brumaghin and Nick Biasini will dive into how multiple actors collaborate during cyber intrusions and how organizations can adapt to this evolving threat landscape. Register now: www.cyberthreatalliance.org/tips-confere...
May 11, 2025 at 8:10 PM
Come catch @infosec-nick.bsky.social and I in DC this coming week to talk compartmentalized intrusions!
Spam campaign targeting Brazil abuses Remote Monitoring and Management tools blog.talosintelligence.com/spam-campaig...
Spam campaign targeting Brazil abuses Remote Monitoring and Management tools
A new spam campaign is targeting Brazilian users with a clever twist — abusing the free trial period of trusted remote monitoring tools and the country’s electronic invoice system to spread malicious ...
blog.talosintelligence.com
May 11, 2025 at 8:08 PM
Spam campaign targeting Brazil abuses Remote Monitoring and Management tools blog.talosintelligence.com/spam-campaig...
Excited to announce that @infosec-nick.bsky.social and I will be presenting on compartmentalization in cyber threats at the CTA TIPS conference next month! Come check it out!
April 15, 2025 at 2:41 PM
Excited to announce that @infosec-nick.bsky.social and I will be presenting on compartmentalization in cyber threats at the CTA TIPS conference next month! Come check it out!
Reposted by b4n1shed
Come join us at the Ask A Security Expert session at Black Hat Asia on April 4th! I'll be there with Orange Tsai, Ryan Flores, and Dr. Marina Krotofil answering your cybersecurity questions. Submit your topics in advance using the form on the event page. Looking forward to seeing you there!
March 24, 2025 at 4:04 PM
Come join us at the Ask A Security Expert session at Black Hat Asia on April 4th! I'll be there with Orange Tsai, Ryan Flores, and Dr. Marina Krotofil answering your cybersecurity questions. Submit your topics in advance using the form on the event page. Looking forward to seeing you there!
Physical Key Copying Starts With A Flipper Zero hackaday.com/2025/03/25/p...
Physical Key Copying Starts With A Flipper Zero
A moment’s inattention is all it takes to gather the information needed to make a physical copy of a key. It’s not necessarily an easy process, though, so if pen testing is your game, s…
hackaday.com
March 26, 2025 at 12:41 PM
Physical Key Copying Starts With A Flipper Zero hackaday.com/2025/03/25/p...
Introducing: abuse.ch Hunting Platform abuse.ch/blog/introdu...
abuse.ch - Figthing malware and botnets
abuse.ch is providing community driven threat intelligence on cyber threats
abuse.ch
March 17, 2025 at 1:26 PM
Introducing: abuse.ch Hunting Platform abuse.ch/blog/introdu...
Reposted by b4n1shed
We are now hosting the DOGE contact list locally. www.2600.com/content/2600...
2600 TWITTER ACCOUNT FROZEN OVER DOGE CONTACT LIST | 2600
www.2600.com
March 12, 2025 at 7:13 PM
We are now hosting the DOGE contact list locally. www.2600.com/content/2600...
Reposted by b4n1shed
I am really proud and humbled for being accepted at Pivot on. This was a team effort with @ashl3y-shen.bsky.social , @b4n1shed.bsky.social and Asheer Malhotra
"Redefining IABs: Impacts of Compartmentalization on Threat Tracking & Modeling"
Ashley, Shen, Security Researcher, Cisco Talos (@ashl3y_shen , @ashl3y-shen.bsky.social )
Vitor Ventura, Lead Security Researcher, Cisco Talos (@vv_ventura )
13/18
Ashley, Shen, Security Researcher, Cisco Talos (@ashl3y_shen , @ashl3y-shen.bsky.social )
Vitor Ventura, Lead Security Researcher, Cisco Talos (@vv_ventura )
13/18
March 8, 2025 at 8:54 AM
I am really proud and humbled for being accepted at Pivot on. This was a team effort with @ashl3y-shen.bsky.social , @b4n1shed.bsky.social and Asheer Malhotra
Reposted by b4n1shed
Honored and excited to be speaking at @pivotcon.bsky.social again this year! 🎉 Huge shoutout to the co-authors @_vventura, @b4n1shed.bsky.social and @asheermalhotra —couldn’t have done this research without you! Looking forward to seeing everyone in Málaga.
This year I must join the Karaoke!😆
This year I must join the Karaoke!😆
"Redefining IABs: Impacts of Compartmentalization on Threat Tracking & Modeling"
Ashley, Shen, Security Researcher, Cisco Talos (@ashl3y_shen , @ashl3y-shen.bsky.social )
Vitor Ventura, Lead Security Researcher, Cisco Talos (@vv_ventura )
13/18
Ashley, Shen, Security Researcher, Cisco Talos (@ashl3y_shen , @ashl3y-shen.bsky.social )
Vitor Ventura, Lead Security Researcher, Cisco Talos (@vv_ventura )
13/18
March 7, 2025 at 7:55 PM
Honored and excited to be speaking at @pivotcon.bsky.social again this year! 🎉 Huge shoutout to the co-authors @_vventura, @b4n1shed.bsky.social and @asheermalhotra —couldn’t have done this research without you! Looking forward to seeing everyone in Málaga.
This year I must join the Karaoke!😆
This year I must join the Karaoke!😆
Just published a new blog on many of the threats and scams targeting sellers on online marketplaces like Ebay, Reverb, etc. along with recommendations for people using these platforms. Check it out! #phishing #infosec
Your item has sold! Avoiding scams targeting online sellers
There are many risks associated with selling items on online marketplaces that individuals and organizations should be aware of when conducting business on these platforms.
blog.talosintelligence.com
February 25, 2025 at 11:39 AM
Reposted by b4n1shed
They posted SECRET//NOFORN documents on their site related to IC headcount.
Those of you reading this who have held a clearance know what a colossal no-no this is.
Those of you reading this who have held a clearance know what a colossal no-no this is.
Elon Musk’s DOGE Posts Classified Data On Its New Website
“People are scrambling” to see if their sensitive information has been accessed by Musk’s programmers, said one federal intelligence employee.
www.huffpost.com
February 14, 2025 at 8:52 PM
They posted SECRET//NOFORN documents on their site related to IC headcount.
Those of you reading this who have held a clearance know what a colossal no-no this is.
Those of you reading this who have held a clearance know what a colossal no-no this is.
Reposted by b4n1shed
Scoop: The databases powering DOGE.gov are insecure, and people outside the government have already pushed their own updates to the site to prove it:
www.404media.co/anyone-can-p...
www.404media.co/anyone-can-p...
Anyone Can Push Updates to the DOGE.gov Website
"THESE 'EXPERTS' LEFT THEIR DATABASE OPEN."
www.404media.co
February 14, 2025 at 6:44 AM
Scoop: The databases powering DOGE.gov are insecure, and people outside the government have already pushed their own updates to the site to prove it:
www.404media.co/anyone-can-p...
www.404media.co/anyone-can-p...