Chi En (Ashley) Shen
@ashl3y-shen.bsky.social
Security researcher @ Cisco Talos. / Ex-Google TAG / Black Hat & HITCON review board / Organiser of Rhacklette.
So excited that I’m going to present my latest research at @districtcon.bsky.social in January! The last round of tickets are going on sale on this Sunday (Nov 16th @12pm EST). Looking forward to see you in DC!
November 13, 2025 at 1:06 PM
So excited that I’m going to present my latest research at @districtcon.bsky.social in January! The last round of tickets are going on sale on this Sunday (Nov 16th @12pm EST). Looking forward to see you in DC!
Reposted by Chi En (Ashley) Shen
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
Crossed wires: a case study of Iranian espionage and attribution | Proofpoint US
Proofpoint would like to thank Josh Miller for his initial research on UNK_SmudgedSerpent and contribution to this report. Key findings Between June and August 2025,
www.proofpoint.com
November 5, 2025 at 1:37 PM
New Iran drop from me tracking an attribution nightmare - UNK_SmudgedSerpent! A little Charming, a little Muddy, and a lot C5. Targeting policy experts with benign conversation starters, health-themed infra, OnlyOffice spoofs, and RMMs. Check out the full story www.proofpoint.com/us/blog/thre...
Gonna be in Belgium for the first time after living in Europe for 7 years. Come catch me if you are at @what-is-sos.bsky.social tomorrow!!!
October 27, 2025 at 11:18 AM
Gonna be in Belgium for the first time after living in Europe for 7 years. Come catch me if you are at @what-is-sos.bsky.social tomorrow!!!
Great work and thanks for referencing our research on redefining IAB! The four-tier classification framework is insightful for identifying collaborative campaigns!
We saw Earth Estries, an advanced #APT intrusion set, sharing its access to Earth Naga (Flax Typhoon). We introduce the term "Premier Pass" to describe this behavior, and propose a four-tier classification framework for collaboration types among advanced groups www.trendmicro.com/en_us/resear...
October 23, 2025 at 10:59 AM
Great work and thanks for referencing our research on redefining IAB! The four-tier classification framework is insightful for identifying collaborative campaigns!
Great investigation from Trend Micro with the contributions from Joey Chen! Threat actor are actively targeting the SNMP protocol on routers for exploitation.
www.trendmicro.com/en_us/resear...
www.trendmicro.com/en_us/resear...
Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits
Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts obse...
www.trendmicro.com
October 15, 2025 at 2:18 PM
Great investigation from Trend Micro with the contributions from Joey Chen! Threat actor are actively targeting the SNMP protocol on routers for exploitation.
www.trendmicro.com/en_us/resear...
www.trendmicro.com/en_us/resear...
Reposted by Chi En (Ashley) Shen
Quite a bit of CN APT activity in europe in the past week
strikeready.com/blog/cn-apt-...
As always, if you're interested in tuning your skills, download the samples here github.com/StrikeReady-...
strikeready.com/blog/cn-apt-...
As always, if you're interested in tuning your skills, download the samples here github.com/StrikeReady-...
CN APT targets Serbian Government
Mustang Panda continues targeting European governments
strikeready.com
October 3, 2025 at 2:30 PM
Quite a bit of CN APT activity in europe in the past week
strikeready.com/blog/cn-apt-...
As always, if you're interested in tuning your skills, download the samples here github.com/StrikeReady-...
strikeready.com/blog/cn-apt-...
As always, if you're interested in tuning your skills, download the samples here github.com/StrikeReady-...
Reposted by Chi En (Ashley) Shen
There's was a mad dash on SOS tickets over the weekend.
SOS is two weeks away, if you've been putting off getting a ticket... your time is now.
stateofstatecraft.com/register
SOS is two weeks away, if you've been putting off getting a ticket... your time is now.
stateofstatecraft.com/register
October 14, 2025 at 3:48 AM
There's was a mad dash on SOS tickets over the weekend.
SOS is two weeks away, if you've been putting off getting a ticket... your time is now.
stateofstatecraft.com/register
SOS is two weeks away, if you've been putting off getting a ticket... your time is now.
stateofstatecraft.com/register
Reposted by Chi En (Ashley) Shen
Another major surveillance provider exposed: First Wap
Its product was used to track some very high-profile figures
www.lighthousereports.com/investigatio...
Its product was used to track some very high-profile figures
www.lighthousereports.com/investigatio...
October 14, 2025 at 8:15 PM
Another major surveillance provider exposed: First Wap
Its product was used to track some very high-profile figures
www.lighthousereports.com/investigatio...
Its product was used to track some very high-profile figures
www.lighthousereports.com/investigatio...
👾 Had a great time at the DC4131 Padawan CTF with the Swiss @defcon.bsky.social community! Back to CTFs after a while teamed up with J & M and knocked out a few challenges. Go, pwnrpuffgirls girl power! 💪 Big thanks to the organizing team. Looking forward to the next one! #CTF
September 15, 2025 at 11:55 AM
👾 Had a great time at the DC4131 Padawan CTF with the Swiss @defcon.bsky.social community! Back to CTFs after a while teamed up with J & M and knocked out a few challenges. Go, pwnrpuffgirls girl power! 💪 Big thanks to the organizing team. Looking forward to the next one! #CTF
Caught a Pokémon at @defcon.bsky.social 😍 Big fan of @lauriewired.bsky.social. It was so interesting to discuss about reverse engineering with her. Please can we all have a card like this?
August 9, 2025 at 5:18 PM
Caught a Pokémon at @defcon.bsky.social 😍 Big fan of @lauriewired.bsky.social. It was so interesting to discuss about reverse engineering with her. Please can we all have a card like this?
At @defcon.bsky.social today. Come find me!
August 8, 2025 at 7:41 PM
At @defcon.bsky.social today. Come find me!
Heading to Hacker Summer Camp next week? 🌵If you’re curious about the journeys behind the hacks, the challenges and the stories that shaped us, come join our panel: "Hacking the Status Quo”. With Valentina Palmiotti (Chompie), Natalie Silvanovich, and Vandana Verma. #BHUSA #blackhatusa
July 31, 2025 at 3:30 PM
Heading to Hacker Summer Camp next week? 🌵If you’re curious about the journeys behind the hacks, the challenges and the stories that shaped us, come join our panel: "Hacking the Status Quo”. With Valentina Palmiotti (Chompie), Natalie Silvanovich, and Vandana Verma. #BHUSA #blackhatusa
Reposted by Chi En (Ashley) Shen
The SOS conference is officially THREE months away! On October 28, we gather to discuss the latest developments in nation-state operations with leading experts!
⏰ CFP Ends September 1st!
🐧 Early Bird Tickets almost sold out!
🕵️ Come talk espionage, sabotage, ORBATs, and more!
stateofstatecraft.com
⏰ CFP Ends September 1st!
🐧 Early Bird Tickets almost sold out!
🕵️ Come talk espionage, sabotage, ORBATs, and more!
stateofstatecraft.com
July 28, 2025 at 4:52 AM
The SOS conference is officially THREE months away! On October 28, we gather to discuss the latest developments in nation-state operations with leading experts!
⏰ CFP Ends September 1st!
🐧 Early Bird Tickets almost sold out!
🕵️ Come talk espionage, sabotage, ORBATs, and more!
stateofstatecraft.com
⏰ CFP Ends September 1st!
🐧 Early Bird Tickets almost sold out!
🕵️ Come talk espionage, sabotage, ORBATs, and more!
stateofstatecraft.com
Excited to see another threat intel focused conference taking place in Europe, and it’s organized by threat analyst in the field! The CFP is opened until Sept 1st. Looking forward to see your amazing research!
#What_is_SOS #StateOfStatecraft
www.stateofstatecraft.com
#What_is_SOS #StateOfStatecraft
www.stateofstatecraft.com
State of Statecraft
A new conversation for a new era.
www.stateofstatecraft.com
July 18, 2025 at 7:44 AM
Excited to see another threat intel focused conference taking place in Europe, and it’s organized by threat analyst in the field! The CFP is opened until Sept 1st. Looking forward to see your amazing research!
#What_is_SOS #StateOfStatecraft
www.stateofstatecraft.com
#What_is_SOS #StateOfStatecraft
www.stateofstatecraft.com
Had a great time on the @malspace.bsky.social podcast with Julien talking about my PIVOTcon presentation from tracking compartmentalized attacks to thoughts on attribution. Fun convo (and I loved the theme song at the end!). 🎶 Thanks for having me!
malspace.com/episodes/mul...
malspace.com/episodes/mul...
Malspace | Multiple Actors, One Breach - Rethinking Threat Models in 2025
In this episode, Julien sits down with Chi En (Ashley) Shen, a distinguished threat researcher at Cisco Talos. Ashley shares her fascinating journey from hacking forums in Taiwan to leading threat ...
malspace.com
July 10, 2025 at 1:05 PM
Had a great time on the @malspace.bsky.social podcast with Julien talking about my PIVOTcon presentation from tracking compartmentalized attacks to thoughts on attribution. Fun convo (and I loved the theme song at the end!). 🎶 Thanks for having me!
malspace.com/episodes/mul...
malspace.com/episodes/mul...
I'm excited to return to Black Hat USA this year and have the opportunity to give away one briefings pass to the conference. If you're a student or someone who could use a little support to attend, I'd love to hear from you. DM me if you're interested!
#BHUSA
#BHUSA
June 10, 2025 at 10:03 AM
I'm excited to return to Black Hat USA this year and have the opportunity to give away one briefings pass to the conference. If you're a student or someone who could use a little support to attend, I'd love to hear from you. DM me if you're interested!
#BHUSA
#BHUSA
Looking forward to my week at @botconf.infosec.exchange.ap.brid.gy ! Please come say hi if you are around! #Botconf2025
May 20, 2025 at 10:38 AM
Looking forward to my week at @botconf.infosec.exchange.ap.brid.gy ! Please come say hi if you are around! #Botconf2025
Reposted by Chi En (Ashley) Shen
Talks from the OffensiveCon 2025 security conference, which took place last week, are now available on YouTube
www.youtube.com/playlist?lis...
www.youtube.com/playlist?lis...
OffensiveCon25 - YouTube
OffensiveCon 2025 Talks
www.youtube.com
May 20, 2025 at 9:09 AM
Talks from the OffensiveCon 2025 security conference, which took place last week, are now available on YouTube
www.youtube.com/playlist?lis...
www.youtube.com/playlist?lis...
📡 New blogs out: Compartmentalized attacks are no longer limited to financially motivated actors, state-sponsored groups are adopting them too. We propose a new taxonomy for initial access groups to reflect broader motivations and affiliations. (1/3)
Excited to announce that Asheer Malhotra, @ashl3y-shen.bsky.social, @vventura.bsky.social and I just published a new blog on how initial access groups are changing and propose a new taxonomy to support the latest threats that we are seeing. Check it out!
blog.talosintelligence.com/redefining-i...
blog.talosintelligence.com/redefining-i...
Redefining IABs: Impacts of compartmentalization on threat tracking and modeling
Threat actors are teaming up, splitting attacks into stages and making defense harder than ever. In Part 1, Cisco Talos examines their tactics and defines their motivations.
blog.talosintelligence.com
May 13, 2025 at 1:02 PM
📡 New blogs out: Compartmentalized attacks are no longer limited to financially motivated actors, state-sponsored groups are adopting them too. We propose a new taxonomy for initial access groups to reflect broader motivations and affiliations. (1/3)
Reposted by Chi En (Ashley) Shen
@greg-l.bsky.social drops knowledge on TA406 (Konni) as North Korea shows new interest in Ukraine, likely to keep tabs on the progress of the war and Russia's ability to keep pace on the battlefield www.proofpoint.com/us/blog/thre...
TA406 Pivots to the Front | Proofpoint US
What happened In February 2025, TA406 began targeting government entities in Ukraine, delivering both credential harvesting and malware in its phishing campaigns. The aim of these
www.proofpoint.com
May 13, 2025 at 9:53 AM
@greg-l.bsky.social drops knowledge on TA406 (Konni) as North Korea shows new interest in Ukraine, likely to keep tabs on the progress of the war and Russia's ability to keep pace on the battlefield www.proofpoint.com/us/blog/thre...
Had an amazing time speaking at @pivotcon.bsky.social last week! Grateful for the chance to share insights and connect with the brilliant minds. PIVOTcon remains my favorite threat intel event in Europe. Huge thanks to the organizers for creating this community and the memorable experience.
May 12, 2025 at 2:16 PM
Had an amazing time speaking at @pivotcon.bsky.social last week! Grateful for the chance to share insights and connect with the brilliant minds. PIVOTcon remains my favorite threat intel event in Europe. Huge thanks to the organizers for creating this community and the memorable experience.
A lot of you have been asking, YES! HITCON 2025 CFP is open! The conference will be host on August 15 - August 16. Submit your talk before June 8th. Looking forward to your submissions! #HITCON #HITCON2025
CFP: cfp2025.hitcon.org/en/
CFP: cfp2025.hitcon.org/en/
HITCON 2025 CFP
HITCON 2025 CFP
cfp2025.hitcon.org
May 9, 2025 at 12:09 PM
A lot of you have been asking, YES! HITCON 2025 CFP is open! The conference will be host on August 15 - August 16. Submit your talk before June 8th. Looking forward to your submissions! #HITCON #HITCON2025
CFP: cfp2025.hitcon.org/en/
CFP: cfp2025.hitcon.org/en/
Reposted by Chi En (Ashley) Shen
Come work with us! We are looking for a creative and self-motivated communications professional to join our team this summer in the role of Digital Communications Specialist. This is a FT, hybrid position based at @uoft.bsky.social in downtown Toronto.
Learn more: citizenlab.ca/2025/05/job-...
Learn more: citizenlab.ca/2025/05/job-...
May 6, 2025 at 9:03 PM
Come work with us! We are looking for a creative and self-motivated communications professional to join our team this summer in the role of Digital Communications Specialist. This is a FT, hybrid position based at @uoft.bsky.social in downtown Toronto.
Learn more: citizenlab.ca/2025/05/job-...
Learn more: citizenlab.ca/2025/05/job-...
Reposted by Chi En (Ashley) Shen
BREAKING: jury awards massive $167 million in punitive damages against spyware company NSO Group.
Precedent-setting win against notorious #Pegasus spyware maker.
Very consequential for victims to see this.
Congratulations to #WhatsApp on sticking this case through since 2019. Some thoughts 1/
Precedent-setting win against notorious #Pegasus spyware maker.
Very consequential for victims to see this.
Congratulations to #WhatsApp on sticking this case through since 2019. Some thoughts 1/
May 6, 2025 at 9:30 PM
We just published our investigation into a Cactus ransomware campaign, uncovering TOYMAKER, an IAB group using a custom backdoor LAGTOY. It’s still challenging to identify compartmentalized attacks. We’ll share our approach and solutions at @pivotcon.bsky.social in 2 weeks! #toymaker
Talos uncovered a major compromise in a critical infrastructure enterprise by an IAB, ToyMaker, and a double extortion gang, Cactus.
Learn how ToyMaker infiltrates vulnerable systems: blog.talosintelligence.com/introducing-toymaker-an-initial-access-broker
Learn how ToyMaker infiltrates vulnerable systems: blog.talosintelligence.com/introducing-toymaker-an-initial-access-broker
April 24, 2025 at 1:26 PM
We just published our investigation into a Cactus ransomware campaign, uncovering TOYMAKER, an IAB group using a custom backdoor LAGTOY. It’s still challenging to identify compartmentalized attacks. We’ll share our approach and solutions at @pivotcon.bsky.social in 2 weeks! #toymaker