Dan 

@[email protected]
178 Followers
202 Following
216 Posts

DFIR / digital archaeologist / codez / vetz / hamz.

I'm an archaeologist who digs through digital dirt to find artifacts of battles with mercenaries fought within corporate empires. I often analyze fragments of rotting logs to reconstruct historical events.


"As long as you are green, you will grow; when you are ripe, you will rot" (4eva a n00b).

Laserkittens! Blockchain tacoz!


All my opinionz are belong to me (and are typically goofy).

#DFIR #BlueTeam #infosec #cybersecurity #ThreatIntel #TTPs #IOCs #ReverseEngineering #reversing #malware #MalwareAnalysis #ransomware #HamRadio #PrivacyLaw #privacy #hacking

#programming :: #python  && #golang  && #csharp && (begrudgingly) #cpp #cplusplus  && (learning) #rust #rustlang 

Bio / Linkzhttps://4n68r.com
Twitterzhttps://twitter.com/4n68r
CountryUnited States of America
RegionNorthwest Indiana (Chicagoland), AKA “Da Region”
Dan 5d ago
Love that the tagline is "for humans and agents." The same abstraction that hides port conflicts from developers hides port-based IOCs from your SOC. Accidentally elegant. https://github.com/vercel-labs/portless
GitHub - vercel-labs/portless: Replace port numbers with stable, named local URLs. For humans and agents.

Replace port numbers with stable, named local URLs. For humans and agents. - vercel-labs/portless

GitHub
Dan 5d ago
Turns out "what if AI gets too smart?" was the wrong question. "What if we just hand it all our keys and walk away?" was sitting right there. Classic enshittification arc: make it frictionless to use, make it catastrophic to secure, act surprised when the two meet. https://honnibal.dev/blog/clownpocalypse
The looming AI clownpocalypse · honnibal.dev

Exploits will soon be cheaper to develop autonomously than they earn. What then?

Dan 5d ago
Reminder that "the cat is out of the bag" hits different when the cat deleted your passkey and now your dead grandmother's photos are gone forever. Great post on PRF misuse from @timcappalli -- https://blog.timcappalli.me/p/passkeys-prf-warning/ #passkeys
Please, please, please stop using passkeys for encrypting user data

Passkeys are the future of authentication, but using them for data encryption is a disaster waiting to happen. Overloading these credentials creates a dangerous blast radius that can lead to the irreversible loss of a user's most sacred memories and documents.

Timbits
Dan Oct 2
hackadayOct 1

AOL has now shut down dial-up service as of September 30.

Let us play the forgotten music...

Dan Sep 16, 2025
The COM marshaled object header (it's always #Caturday )
Dan Jul 8, 2025
Show threadKevin BeaumontJul 8, 2025

I wrote up a thing on how to hunt for CitrixBleed 2 exploitation

https://doublepulsar.com/citrixbleed-2-exploitation-started-mid-june-how-to-spot-it-f3106392aa71

CitrixBleed 2 exploitation started mid-June — how to spot it

CitrixBleed 2 — CVE-2025–5777 — has been under active exploitation to hijack Netscaler sessions, bypassing MFA, globally for a month.

Medium
Dan Jun 20, 2025

Was fun co-presenting at AWS re:Inforce with my colleagues from Unit 42 and AWS earlier this week and hanging out with awesome friends.

If you haven't checked out the Threat Technique Catalog for #AWS at https://aws-samples.github.io/threat-technique-catalog-for-aws/ ... you should!

Threat Technique Catalog for AWS - Threat Technique Catalog for AWS (TTC)

Dan May 22, 2025
volatilityMay 16, 2025
We are very excited to announce that Volatility 3 has reached parity with Volatility 2! With this achievement, Volatility 2 is now deprecated. See the full details in our blog post: https://volatilityfoundation.org/announcing-the-official-parity-release-of-volatility-3/
Announcing the Official Parity Release of Volatility 3!

Visit the post for more.

The Volatility Foundation - Promoting Accessible Memory Analysis Tools Within the Memory Forensics Community
Dan Apr 16, 2025
BrianKrebsApr 15, 2025

I boosted several posts about this already, but since people keep asking if I've seen it....

MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration Program, will expire on April 16. The CVE database is critical for anyone doing vulnerability management or security research, and for a whole lot of other uses. There isn't really anyone else left who does this, and it's typically been work that is paid for and supported by the US government, which is a major consumer of this information, btw.

I reached out to MITRE, and they confirmed it is for real. Here is the contract, which is through the Department of Homeland Security, and has been renewed annually on the 16th or 17th of April.

https://www.usaspending.gov/award/CONT_AWD_70RCSJ23FR0000015_7001_70RSAT20D00000001_7001

MITRE's CVE database is likely going offline tomorrow. They have told me that for now, historical CVE records will be available at GitHub, https://github.com/CVEProject

Yosry Barsoum, vice president and director at MITRE's Center for Securing the Homeland, said:

“On Wednesday, April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE®) Program and related programs, such as the Common Weakness Enumeration (CWE™) Program, will expire. The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource.”

USAspending.gov

Dan Mar 5, 2025
Not every day you see snail mail paper extortion letters claiming to be #BianLian https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-03-04-group-likely-impersonating-BIanLian.md
Unit42-timely-threat-intel/2025-03-04-group-likely-impersonating-BIanLian.md at main · PaloAltoNetworks/Unit42-timely-threat-intel

A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence. - PaloAltoNetworks/Unit42-timely-threat-intel

GitHub