John Hultquist
@hultquist.bsky.social
Mandiant Intelligence at Google. CYBERWARCON and SLEUTHCON founder. Johns Hopkins professor. Army vet.
Reposted by John Hultquist
Ready to put your analysis skills to the test? Join us on Nov 18 (pre-CYBERWARCON) for a Synapse challenge using a real-world scenario. There will be snacks and limited-edition challenge coins! vertex.link/events/cyber...
November 6, 2025 at 6:13 PM
Ready to put your analysis skills to the test? Join us on Nov 18 (pre-CYBERWARCON) for a Synapse challenge using a real-world scenario. There will be snacks and limited-edition challenge coins! vertex.link/events/cyber...
Reposted by John Hultquist
Meet our speaker: Kevin Hoganson! He leverages a broad skill set across cyber threat intelligence, digital forensics & incident response.
His talk highlights commercial spyware actors' cleanup of forensic artifacts which prevents meaningful analysis of mobile device infections.
www.cyberwarcon.com
His talk highlights commercial spyware actors' cleanup of forensic artifacts which prevents meaningful analysis of mobile device infections.
www.cyberwarcon.com
October 30, 2025 at 3:59 PM
Meet our speaker: Kevin Hoganson! He leverages a broad skill set across cyber threat intelligence, digital forensics & incident response.
His talk highlights commercial spyware actors' cleanup of forensic artifacts which prevents meaningful analysis of mobile device infections.
www.cyberwarcon.com
His talk highlights commercial spyware actors' cleanup of forensic artifacts which prevents meaningful analysis of mobile device infections.
www.cyberwarcon.com
Reposted by John Hultquist
October 30, 2025 at 3:36 PM
Reposted by John Hultquist
Meet our speaker Dlshad Othman!
He has fifteen+ years of experience in threat intelligence, and has built a career at the intersection of cybersecurity and geopolitics.
He will be joining David Magnotti for their talk "Ping First, Boom Second", which will focus on Iranian cyber threat groups.
He has fifteen+ years of experience in threat intelligence, and has built a career at the intersection of cybersecurity and geopolitics.
He will be joining David Magnotti for their talk "Ping First, Boom Second", which will focus on Iranian cyber threat groups.
October 24, 2025 at 1:04 PM
Meet our speaker Dlshad Othman!
He has fifteen+ years of experience in threat intelligence, and has built a career at the intersection of cybersecurity and geopolitics.
He will be joining David Magnotti for their talk "Ping First, Boom Second", which will focus on Iranian cyber threat groups.
He has fifteen+ years of experience in threat intelligence, and has built a career at the intersection of cybersecurity and geopolitics.
He will be joining David Magnotti for their talk "Ping First, Boom Second", which will focus on Iranian cyber threat groups.
If you’ve been laid off from a cyber threat intel position, and you want a ticket to CYBERWARCON, please reach out.
October 23, 2025 at 1:27 PM
If you’ve been laid off from a cyber threat intel position, and you want a ticket to CYBERWARCON, please reach out.
An opinion piece I wrote for Cipher Brief on the next wave of AI threats. The speed and scale of this activity will change the nature of cybersecurity. In order to compete with adversary use of this technology we must adopt it wholeheartedly into defense. www.thecipherbrief.com/ai-cyberatta...
AI-Powered Adversaries Require AI-Driven Defenses
OPINION — The use of artificial intelligence by adversaries has been the subject of exhaustive speculation. No one doubts that the technology will be abused by criminals and state actors, but it can b...
www.thecipherbrief.com
October 22, 2025 at 7:33 PM
An opinion piece I wrote for Cipher Brief on the next wave of AI threats. The speed and scale of this activity will change the nature of cybersecurity. In order to compete with adversary use of this technology we must adopt it wholeheartedly into defense. www.thecipherbrief.com/ai-cyberatta...
Reposted by John Hultquist
Meet our speaker Caleb Marquis!
His work played a central role in the landmark indictment of North Korean hacker Rim Jong Hyok. He has received the FBI Medal of Excellence and the Department of Justice Attorney General Award for Distinguished Service.
His work played a central role in the landmark indictment of North Korean hacker Rim Jong Hyok. He has received the FBI Medal of Excellence and the Department of Justice Attorney General Award for Distinguished Service.
October 22, 2025 at 7:00 PM
Meet our speaker Caleb Marquis!
His work played a central role in the landmark indictment of North Korean hacker Rim Jong Hyok. He has received the FBI Medal of Excellence and the Department of Justice Attorney General Award for Distinguished Service.
His work played a central role in the landmark indictment of North Korean hacker Rim Jong Hyok. He has received the FBI Medal of Excellence and the Department of Justice Attorney General Award for Distinguished Service.
Reposted by John Hultquist
We're excited to have Eric Kerr join us at CYBERWARCON! His talk, "From Hacker to Help Desk: The Surprising Story of a North Korean Cyber Operator", will cover the activities of Andariel, a North Korean hacking group that steals military & nuclear technology from US & South Korean defense networks.
October 22, 2025 at 5:28 PM
We're excited to have Eric Kerr join us at CYBERWARCON! His talk, "From Hacker to Help Desk: The Surprising Story of a North Korean Cyber Operator", will cover the activities of Andariel, a North Korean hacking group that steals military & nuclear technology from US & South Korean defense networks.
Reposted by John Hultquist
We're proud to announce Ruarigh Thornton is joining us this year at CYBERWARCON! Head of Research and Disruption at PGI, with experience in threats including counter espionage, hostile state information operations + more. He has led 100+ digital investigations.
www.cyberwarcon.com
www.cyberwarcon.com
October 17, 2025 at 2:49 PM
We're proud to announce Ruarigh Thornton is joining us this year at CYBERWARCON! Head of Research and Disruption at PGI, with experience in threats including counter espionage, hostile state information operations + more. He has led 100+ digital investigations.
www.cyberwarcon.com
www.cyberwarcon.com
Reposted by John Hultquist
I won’t be at CYBERWARCON this year so I need someone to give @hultquist.bsky.social a hard time for me. I don’t yet know why he deserves this, but I’m sure a reason will present itself between now and then. The man never disappoints in the shenanigans and tomfoolery department.
October 8, 2025 at 6:54 PM
I won’t be at CYBERWARCON this year so I need someone to give @hultquist.bsky.social a hard time for me. I don’t yet know why he deserves this, but I’m sure a reason will present itself between now and then. The man never disappoints in the shenanigans and tomfoolery department.
Reposted by John Hultquist
Have you ever wanted to see two terminally online nerds really (and I mean *really*) get into the SVR deep lore while continuing the eternal goal of making 2016 last forever?
Gosh does @cyberwarcon.bsky.social have a talk for you!
Gosh does @cyberwarcon.bsky.social have a talk for you!
Oil Into The Fire — CYBERWARCON
www.cyberwarcon.com
October 8, 2025 at 6:09 PM
Have you ever wanted to see two terminally online nerds really (and I mean *really*) get into the SVR deep lore while continuing the eternal goal of making 2016 last forever?
Gosh does @cyberwarcon.bsky.social have a talk for you!
Gosh does @cyberwarcon.bsky.social have a talk for you!
CYBERWARCON is gooooooooo! This year’s agenda is live! Thank you submitters.
Announcing this year's CYBERWARCON speaker lineup and agenda! We've got some fantastic talks this year, and more will be announced soon.
Don't miss your chance to register now! Thank you everyone who submitted to the CFP. The selection was a truly grueling process!
Don't miss your chance to register now! Thank you everyone who submitted to the CFP. The selection was a truly grueling process!
October 8, 2025 at 4:18 PM
CYBERWARCON is gooooooooo! This year’s agenda is live! Thank you submitters.
Reposted by John Hultquist
Announcing this year's CYBERWARCON speaker lineup and agenda! We've got some fantastic talks this year, and more will be announced soon.
Don't miss your chance to register now! Thank you everyone who submitted to the CFP. The selection was a truly grueling process!
Don't miss your chance to register now! Thank you everyone who submitted to the CFP. The selection was a truly grueling process!
October 8, 2025 at 4:08 PM
Announcing this year's CYBERWARCON speaker lineup and agenda! We've got some fantastic talks this year, and more will be announced soon.
Don't miss your chance to register now! Thank you everyone who submitted to the CFP. The selection was a truly grueling process!
Don't miss your chance to register now! Thank you everyone who submitted to the CFP. The selection was a truly grueling process!
Reposted by John Hultquist
October 8, 2025 at 2:59 PM
Reposted by John Hultquist
🚨🚨🚨 Google released a report on "Brickstorm" this morning — a next-level, suspected China-linked campaign targeting U.S. firms. Ultra-stealthy, 400+ day dwell times, focus on stealing IP, finding zero-days, and focused on long-term cyberespionage. cyberscoop.com/chinese-cybe...
Brickstorm malware powering ‘next-level’ Chinese cyberespionage campaign
Mandiant and Google have identified “Brickstorm,” a sophisticated, suspected China-linked hacking campaign targeting U.S. tech firms, legal organizations, and BPOs. The operation often goes undetected...
cyberscoop.com
September 24, 2025 at 2:03 PM
🚨🚨🚨 Google released a report on "Brickstorm" this morning — a next-level, suspected China-linked campaign targeting U.S. firms. Ultra-stealthy, 400+ day dwell times, focus on stealing IP, finding zero-days, and focused on long-term cyberespionage. cyberscoop.com/chinese-cybe...
We are expecting several organizations who use this tool and actively hunt for this threat will find that this actor has been active in their networks for some time.
We are releasing details on BRICKSTORM malware activity, a China-based threat hitting US tech to potentially target downstream customers and hunt for data on vulnerabilities in products. This actor is stealthy, and we've provided a tool to hunt for them. cloud.google.com/blog/topics/...
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | Google Cloud Blog
BRICKSTORM is a stealthy backdoor used by suspected China-nexus actors for long-term espionage.
cloud.google.com
September 24, 2025 at 2:43 PM
We are expecting several organizations who use this tool and actively hunt for this threat will find that this actor has been active in their networks for some time.
We are releasing details on BRICKSTORM malware activity, a China-based threat hitting US tech to potentially target downstream customers and hunt for data on vulnerabilities in products. This actor is stealthy, and we've provided a tool to hunt for them. cloud.google.com/blog/topics/...
Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors | Google Cloud Blog
BRICKSTORM is a stealthy backdoor used by suspected China-nexus actors for long-term espionage.
cloud.google.com
September 24, 2025 at 2:31 PM
We are releasing details on BRICKSTORM malware activity, a China-based threat hitting US tech to potentially target downstream customers and hunt for data on vulnerabilities in products. This actor is stealthy, and we've provided a tool to hunt for them. cloud.google.com/blog/topics/...
Reposted by John Hultquist
This is unironically one of the wildest photos ever taken.
September 23, 2025 at 7:23 PM
This is unironically one of the wildest photos ever taken.
Last week to get your @CYBERWARCON submissions in! Don’t miss out!
September 23, 2025 at 1:08 PM
Last week to get your @CYBERWARCON submissions in! Don’t miss out!
We've got some good submissions flowing into the @CYBERWARCON CFP, but there's still time for more. If you have good content, and you're worried the honorarium won't cover your travel, please submit, and we'll work it out. We do this because we believe this research matters.
September 18, 2025 at 2:18 PM
We've got some good submissions flowing into the @CYBERWARCON CFP, but there's still time for more. If you have good content, and you're worried the honorarium won't cover your travel, please submit, and we'll work it out. We do this because we believe this research matters.
Finland is so small that I once visited and Mikko found me in a bookstore.
Finland is so nerdy that today’s top celebrity news in the largest tabloid concerns a cybersecurity expert (tietoturvaguru) starting a new job at a mobile operator. This is our Kylie Kardashian.
September 17, 2025 at 12:04 PM
Finland is so small that I once visited and Mikko found me in a bookstore.
Reposted by John Hultquist
September 16, 2025 at 12:00 PM
Reposted by John Hultquist
Tech startup idea: instead of starting your car with your key, you get in, turn on the display panel, enter your password, get your phone out, open the authenticator app, enter your pin, enter the timed passcode, then open the start menu, then helpdesk, then "request engine start", then submit a tic
September 5, 2025 at 12:31 PM
Tech startup idea: instead of starting your car with your key, you get in, turn on the display panel, enter your password, get your phone out, open the authenticator app, enter your pin, enter the timed passcode, then open the start menu, then helpdesk, then "request engine start", then submit a tic
Reposted by John Hultquist
Yo! #CYBERWARCON CFP & Reg is LIVE! You know what to do. AI can't do it for you...or wear these socks.
@hultquist.bsky.social @cyberwarcon.bsky.social
@hultquist.bsky.social @cyberwarcon.bsky.social
August 29, 2025 at 7:32 PM
Yo! #CYBERWARCON CFP & Reg is LIVE! You know what to do. AI can't do it for you...or wear these socks.
@hultquist.bsky.social @cyberwarcon.bsky.social
@hultquist.bsky.social @cyberwarcon.bsky.social