Daniel Gordon
@validhorizon.bsky.social
Thought Trailer, Cyber Threat Intel, DFIR. He/Him. Bucketing, sharing, and bacon-saving as a service. https://validhorizon.medium.com/
Give your team a secure way to do things or they’ll do them insecurely.
Make the secure way straightforward, efficient, documented, and then actually respond to questions, and folks will switch…people mostly want to do the right thing, we just make it hard sometimes
Make the secure way straightforward, efficient, documented, and then actually respond to questions, and folks will switch…people mostly want to do the right thing, we just make it hard sometimes
December 2, 2025 at 6:40 PM
Give your team a secure way to do things or they’ll do them insecurely.
Make the secure way straightforward, efficient, documented, and then actually respond to questions, and folks will switch…people mostly want to do the right thing, we just make it hard sometimes
Make the secure way straightforward, efficient, documented, and then actually respond to questions, and folks will switch…people mostly want to do the right thing, we just make it hard sometimes
Reposted by Daniel Gordon
FINAL DAY!!
Every one of my courses is 25% off until midnight 🚀✨
It's the only sitewide sale we do all year, and the cheapest you'll see these courses.
This discount is for all y'all, so use the code ALLYALL at checkout.
View my courses here: networkdefense.io/
Every one of my courses is 25% off until midnight 🚀✨
It's the only sitewide sale we do all year, and the cheapest you'll see these courses.
This discount is for all y'all, so use the code ALLYALL at checkout.
View my courses here: networkdefense.io/
December 2, 2025 at 3:00 PM
FINAL DAY!!
Every one of my courses is 25% off until midnight 🚀✨
It's the only sitewide sale we do all year, and the cheapest you'll see these courses.
This discount is for all y'all, so use the code ALLYALL at checkout.
View my courses here: networkdefense.io/
Every one of my courses is 25% off until midnight 🚀✨
It's the only sitewide sale we do all year, and the cheapest you'll see these courses.
This discount is for all y'all, so use the code ALLYALL at checkout.
View my courses here: networkdefense.io/
Contagious Interview is the Cheesecake Factory of APTs. Just calm the F down and be good at something instead of trying to do 500 mediocre things at once.
opensourcemalware.com/blog/contagi...
opensourcemalware.com/blog/contagi...
OpenSourceMalware.com - Community Threat Intelligence
Security professionals sharing intelligence on malicious packages, repositories, and CDNs to protect the open source ecosystem.
opensourcemalware.com
December 1, 2025 at 11:58 PM
Contagious Interview is the Cheesecake Factory of APTs. Just calm the F down and be good at something instead of trying to do 500 mediocre things at once.
opensourcemalware.com/blog/contagi...
opensourcemalware.com/blog/contagi...
Gonna assume the answer is “lol” but is anyone using configuration change of an IP address as a trigger to retire it as an IOC? I feel like there’s a business opportunity. Will it make money? No. Can we pretend it uses AI to get VC money? Maybe.
December 1, 2025 at 11:38 PM
Gonna assume the answer is “lol” but is anyone using configuration change of an IP address as a trigger to retire it as an IOC? I feel like there’s a business opportunity. Will it make money? No. Can we pretend it uses AI to get VC money? Maybe.
Me trying to study while North Korean hackers register new domains
December 1, 2025 at 11:19 PM
Me trying to study while North Korean hackers register new domains
I was trying to figure out a way to stretch my brain a little over break and guess what happened!
Congrats to Daniel! Saturday's winner of three free months in my Analyst Skills Vault! networkdefense.co/skillsvault
Each day of the sale, one person who uses this discount code will be randomly selected to win!
Each day of the sale, one person who uses this discount code will be randomly selected to win!
November 30, 2025 at 9:28 PM
I was trying to figure out a way to stretch my brain a little over break and guess what happened!
Reposted by Daniel Gordon
LIFTOFF! All my courses on networkdefense.io are 25% off until Tuesday, 12/2, at midnight ET 🚀
This is the only sitewide sale we do all year, and the cheapest you'll see these courses.
This event is for all y'all, so to get the discount, use code ALLYALL at checkout.
This is the only sitewide sale we do all year, and the cheapest you'll see these courses.
This event is for all y'all, so to get the discount, use code ALLYALL at checkout.
November 28, 2025 at 2:15 PM
LIFTOFF! All my courses on networkdefense.io are 25% off until Tuesday, 12/2, at midnight ET 🚀
This is the only sitewide sale we do all year, and the cheapest you'll see these courses.
This event is for all y'all, so to get the discount, use code ALLYALL at checkout.
This is the only sitewide sale we do all year, and the cheapest you'll see these courses.
This event is for all y'all, so to get the discount, use code ALLYALL at checkout.
Reposted by Daniel Gordon
For software developers: there's currently a highly sophisticated hacking group targeting developers with backdoored coding skills tests. They typically take the form of large source codes specific to your skillset. Please email any suspicious code to me on: [email protected]
1/2
1/2
November 27, 2025 at 6:19 PM
For software developers: there's currently a highly sophisticated hacking group targeting developers with backdoored coding skills tests. They typically take the form of large source codes specific to your skillset. Please email any suspicious code to me on: [email protected]
1/2
1/2
Reposted by Daniel Gordon
The keynote from @dmitri.silverado.org was both a heartfelt apology but also basically this xkcd.com/927/ haha
Standards
xkcd.com
November 20, 2025 at 1:54 PM
The keynote from @dmitri.silverado.org was both a heartfelt apology but also basically this xkcd.com/927/ haha
This is a pretty wild evolution. Both the integration of cyber and kinetic and the fact IRGC and that MOIS might actually be working effectively together.
New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare
November 19, 2025, Amazon Web Services
aws.amazon.com/blogs/securi... @awscloud.bsky.social
November 19, 2025, Amazon Web Services
aws.amazon.com/blogs/securi... @awscloud.bsky.social
New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare | Amazon Web Services
The new threat landscape The line between cyber warfare and traditional kinetic operations is rapidly blurring. Recent investigations by Amazon threat intelligence teams have uncovered a new trend tha...
aws.amazon.com
November 20, 2025 at 11:48 AM
This is a pretty wild evolution. Both the integration of cyber and kinetic and the fact IRGC and that MOIS might actually be working effectively together.
It was a pleasure to be a part of this event along with quite the cast of characters, including some folks who I’ve worked with over the years. Thank you to the organizers and their truly amazing promotional themes! See folks tomorrow at @cyberwarcon.bsky.social
Glory and thanks to all the attendees and speakers at #BSidesPyongyang25.
November 19, 2025 at 12:10 AM
It was a pleasure to be a part of this event along with quite the cast of characters, including some folks who I’ve worked with over the years. Thank you to the organizers and their truly amazing promotional themes! See folks tomorrow at @cyberwarcon.bsky.social
Bsides Pyongyang starts in 15 minutes if the Cloudflare gods cooperate.
youtube.com/@bsidespyong...
m.twitch.tv/bsidespyongy...
youtube.com/@bsidespyong...
m.twitch.tv/bsidespyongy...
BSides Pyongyang
🇰🇵 #BSidesPyongyang2025 :A free community cyber conference on Nov 18 2025 (Missile Industry Day) @ Lazarus HQ Pyongyang Roblox | 30th anniversary 🎂
youtube.com
November 18, 2025 at 3:14 PM
Bsides Pyongyang starts in 15 minutes if the Cloudflare gods cooperate.
youtube.com/@bsidespyong...
m.twitch.tv/bsidespyongy...
youtube.com/@bsidespyong...
m.twitch.tv/bsidespyongy...
I really enjoy when my research on unusual suspected state sponsored hacking groups is useful. *monkey paw curls*
November 17, 2025 at 11:45 AM
I really enjoy when my research on unusual suspected state sponsored hacking groups is useful. *monkey paw curls*
Over the course of my career I’ve found and accomplished some pretty wild stuff. Next week I will be talking, for the first time, about one of the wildest things I ever found. The talk will be geared to analysts and practitioners but pretty sure this will be fascinating for everyone.
Comrades, Only 5 days left until #BSidesPyongyang2025. Join us on 18 November for talks on #CryptoConfiscation #Memecoins #Missiles #Juche #ITWorkers #Cyber.
Don't miss out! Register today!
https://www.eventbrite.com/e/bsides-pyongyang-tickets-1859223941859
#BSPY25
Don't miss out! Register today!
https://www.eventbrite.com/e/bsides-pyongyang-tickets-1859223941859
#BSPY25
November 14, 2025 at 2:57 AM
Over the course of my career I’ve found and accomplished some pretty wild stuff. Next week I will be talking, for the first time, about one of the wildest things I ever found. The talk will be geared to analysts and practitioners but pretty sure this will be fascinating for everyone.
Something is broken in YARA for VirusTotal right now, signatures matching on things for no apparent reason.🫡 to any folks who have to clean up
November 11, 2025 at 4:14 PM
Something is broken in YARA for VirusTotal right now, signatures matching on things for no apparent reason.🫡 to any folks who have to clean up
I know dunking on this is fun and all but if you watch the clip Christo is laughing and mocking this conspiracy theory he heard from Russian intel. I’ve heard stories about the terrible quality of Russian intel but this is bad.
"Famed spy hunter"
November 8, 2025 at 1:43 PM
I know dunking on this is fun and all but if you watch the clip Christo is laughing and mocking this conspiracy theory he heard from Russian intel. I’ve heard stories about the terrible quality of Russian intel but this is bad.
Reposted by Daniel Gordon
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
Crossed wires: a case study of Iranian espionage and attribution | Proofpoint US
Proofpoint would like to thank Josh Miller for his initial research on UNK_SmudgedSerpent and contribution to this report. Key findings Between June and August 2025,
www.proofpoint.com
November 5, 2025 at 1:37 PM
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
Reposted by Daniel Gordon
You need a very special personality type to be a great ft reverser and most people can’t. It’s why they can write their own ticket.
November 1, 2025 at 5:58 AM
You need a very special personality type to be a great ft reverser and most people can’t. It’s why they can write their own ticket.
This will be my third time speaking at Bsides but it’s already the most hilarious
No longer limited by geographical constraints, virtual conferences have opened up new possibilities for reeducation! Join us at #BSidesPyongyang on Nov 18th and discover the thrill of online learning! #BSPY25 #NewFrontiers
October 31, 2025 at 11:37 AM
This will be my third time speaking at Bsides but it’s already the most hilarious
I was recently talking to someone who worked on tracking Chinese botnets. We talked about ways to impact them and settled on “fixing the IoT ecosystem”. Then we had a good laugh and changed the subject because obviously that’s never going to happen.
When you hear “Internet of Things” or “connected”, think:
①useless & works badly at best,
②requires constant updates and Internet access for no reason,
③ceases to work because company decides to stop maintaining,
④gets hacked and serves to attack you/others,
⑤keeps you under constant surveillance.
①useless & works badly at best,
②requires constant updates and Internet access for no reason,
③ceases to work because company decides to stop maintaining,
④gets hacked and serves to attack you/others,
⑤keeps you under constant surveillance.
October 30, 2025 at 11:34 AM
I was recently talking to someone who worked on tracking Chinese botnets. We talked about ways to impact them and settled on “fixing the IoT ecosystem”. Then we had a good laugh and changed the subject because obviously that’s never going to happen.
Get tickets before they run out! (This is a free online event that will not run out)
www.eventbrite.com/e/bsides-pyo...
www.eventbrite.com/e/bsides-pyo...
BSides Pyongyang
온라인으로 열리는 보안 컨퍼런스, 함께 즐기면서 최신 보안 트렌드에 대해 배워보자! | #BSidesPyongyang2025 :A free community cyber conference on Nov 18 2025
www.eventbrite.com
October 25, 2025 at 12:12 PM
Get tickets before they run out! (This is a free online event that will not run out)
www.eventbrite.com/e/bsides-pyo...
www.eventbrite.com/e/bsides-pyo...
Reposted by Daniel Gordon
a useful correction on the timescale and process in that story here! (it does not, however, make the meme any better.)
It did not. The reporter took the date on my original email about the planned malware release and assumed that the graphic was begun at the same time.
I sketched out a rough version of that with the PAO in like 15 minutes of brainstorming on a whiteboard. She then sent it to the graphic contractor.
I sketched out a rough version of that with the PAO in like 15 minutes of brainstorming on a whiteboard. She then sent it to the graphic contractor.
In 2020, U.S. Cyber Command wanted to create a 'meme' to mock Russian hacking attempts. Now, bear in mind that information warfare is part of their brief, and this is well within their skill set.
It took them 22 days to come up with *this*
It took them 22 days to come up with *this*
October 24, 2025 at 4:18 PM
a useful correction on the timescale and process in that story here! (it does not, however, make the meme any better.)