Still

@[email protected]
1.2K Followers
17 Following
414 Posts
‧₊˚ ⋅ Indie Comfy VTuber
⊹˚. Employed Threat Intel Researcher
♡‧₊˚ SV Cover Artist
✧・゚https://azaka.fun
*:・˚ @jamama_666 / @MomoiroKohi / @justNovaj / #artsyaz
Linkshttps://links.azaka.fun/
Verificationhttps://twittodon.com/share.php?t=AzakaSekai_&[email protected]
Twitchhttps://twitch.tv/azakasekai
StillApr 10

> new sample
> 300kb+ for the loader
> the loader is filled with millions of jump tables and CFFs
> "but ok it's just ReadFile and NtAllocateVirtualMemory I can deal with that at runtime"
> realizes I've got over dozens of similar loaders to analyze
> I need to automate this
> LLMs can't be bothered with identifying the decrypting logic due to large amounts of CFFs
> speakeasy breaks because it's speakeasy

alright chat if anyone needs me I'll be crying myself to bed

StillApr 8
ngl I'm kinda afraid to talk about AI in general on my twitter I'm gonna get crucified over there
Show threadStillApr 4
like what kind of problem is this trying to solve when there are 5 million other signed system executables capable of proxy execution
StillApr 4
can someone explain to me the point of this security policy
StillMar 19

I have no idea when Virus Bulletin uploaded our paper - but here it is: our talk from last September at VB2025, where we talked about an APT41-adjacent group started using Google Calendar C2 as part of their espionage operation.

https://www.virusbulletin.com/uploads/pdf/conference/vb2025/slides/Slides-Google-Calendar-as-C2-Infrastructure-A%20-China-nexus-Campaign-with-Stealthy-Tactics.pdf
https://www.virusbulletin.com/uploads/pdf/conference/vb2025/papers/Google-Calendar-as-C2-infrastructure-a-China-nexus-campaign-with-stealthy-tactics.pdf

StillFeb 22
guh I should probably update the profile here
StillOct 5, 2025
Happy mid-autumn festival for those that celebrate it! I'm gonna use the next Monday off to get my sleep schedule fixed 🛏️
Show threadStillJun 3, 2025

The Taiwan Ministry of Digital Affairs (MoDA) has issued a press release today stating that MoDA was made aware of CHT's improper conduct in March, and have since begun migrating to another Root CA provider (possibly Taiwan CA, another major Root CA that had worked with TW govs).

Meanwhile, CHT has also published a statement and attempting to downplay the situation by claiming "only" Chrome is affected and none of the other browsers like Apple's and Microsoft's (curiously, Firefox was not explicitly mentioned), and that they are "attempting to work with Chrome to get Root CA trust back in March 2026."

Source:
https://newtalk.tw/news/view/2025-06-03/974334
https://www.cht.com.tw/home/enterprise/news/latest-news/2025/0602-1810

Show threadStillJun 2, 2025
It appears there have been numerous compliance failures noted on Mozilla's buglist alone in the last few years. It appears some weren't taking too kindly of CHT's certain resolutions and constant mistakes in recent years.
StillJun 2, 2025

Effective July 31st, two major Root CAs used by Chunghwa Telecom will no longer be trusted on Chrome 139 and higher. Chunghwa Telecom is the largest telecommunication company responsible for Taiwan's network infrastructure, and their root CA is used to sign certificates used by major Taiwanese government websites.

Google cited "compliance failures, unmet improvement commitments and the absence of tangible, measurable progress in response to publicly disclosed incident reports."