Folks are giving AI way too much credit.
"AI wins CTF"
"Claude hacks government"
Sound as silly as saying:
"Metasploit hacked a hospital!"
or "Hammer builds a house!"
Blaming AI shifts responsibility away from the humans who orchestrate it, and confuses defenders into thinking they're up against some vague AI supervillain.
AI hasn't changed the fundamental problem. Capable attackers are still the threat, not AI. Stop worrying about AI. Instead, change your default passwords and enable MFA
I had a great time on Jim's podcast discussing malware analysis, reverse engineering, working at Dragos, and a little bit of my personal history.
Separate but related, when did VMware and Virtual Box get so terrible on Linux? I used to use them all the time, but with secure boot, installing either of them is not so straightforward. I gave up on VMWare after a few hours of trying to figure out the which combination of software version, user-provided patches, and kernel version to install.
I realized later that I had forgotten to sign keys for secure boot. You'd think the installer would at least give you a warning.
Virtual Box on the other hand, told me I had to sign its kernel modules, had me go through the process, and then failed to install. (via apt). Downloading the deb appeared to fix it, but the actual VM experience wasn't great.
KVM on the other hand, installs (optionally) with the Kubuntu installer, and worked fine out the box.
If you're trying to run Remnux on KVM by loading the OVA:
To get network access: KVM changes the network adapter name, so you've got to change the config in /etc/netplan, replacing the old vmware adapter (like enss0) with whatever the new one is and then reboot. You can use networkctl to find the non-loopback adapter name (like en1ps0)
The Remnux docs also say to run "remnux install" after loading into KVM to install spice and other tools. When I do that, it makes the VM worse: cursor disappears, resolution gets jacked.
Instead, installing spice-vdagent using apt gets you all the nice stuff like dynamic resolution and copy-paste. Afterwards, if you try to use remnux-install, it will again break the vm tools inside the VM. I'm unsure the cause.
I earned my first CVE credit (CVE-2025-7676) for helping with a Windows ARM vuln. So, to commemorate the credit, @reverseics presented me last week with a Trophy of Perpetual Futility, because there’s always more work to do.
https://raw.githubusercontent.com/reidmefirst/vuln-disclosure/refs/heads/main/2025-04.txt
The Dragos 2026 Year In Review Report is live: 3 new threat groups, updates from 3 of our more active threat groups, and (my personal favorite) coverage of a subset ICS-related capabilities that we found last year.
I've spent a lot of time reversing ICS malware. Recently, I've been building it with AI tools. While there's been plenty of commentary and news about AI and malware, I'm excited to share what I learned actually trying to build some at S4x26.
Stage 2, Feb 24, 12pm.
CERT.PL's report on the coordinated attacks against Polish infrastructure. Adversaries used all manner of destructive techniques: firmware corruption, wipers, SSH commands, FTP deletes, factory resets, even booted Tiny Core Linux on KVM to DD-wipe servers.
They targeted a grid connection point, CHP plant, and a manufacturing site. The forensic reconstruction and malware analysis is excellent. Worth a read for the technical depth.
https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/
CERT Polska presents a report on the analysis of an incident in the energy sector that occurred on 29 December 2025. The attacks were destructive in nature and targeted wind and photovoltaic farms, a large combined heat and power plant, and a company from the manufacturing sector. The publication aims to raise awareness of the risks associated with sabotage in cyberspace.
This is the first known attack on DERs. Attackers compromised RTUs at 30 different sites. The report has an overview, defensive guidance, and a comparison to past ELECTRUM ops.
Hats off to CERT Polska for leading the charge, and kudos to our Intel team for the hard work.
