From 'Principles of Categorization.' Rosch describes 'cognitive economy' where we use categories to simply the process of information gathering, but the higher the resolution of the category (think granny smith vs. apple vs. fruit) the greater the cost on our finite cognitive…

Check this Microsoft x PwC research collab, coming to #LABScon23

labscon.io/speakers/adrie…
labscon.io/speakers/bendi…

Thank you Phil Stokes ⫍🐠⫎ for this awesome macOS research and TTP-focused YARA ruleset github.com/SentineLabs/ma…

(and props for putting all the #yararules in one single file, this facilitates a much easier analyst user experience)

Things ebb and flow, but this week I am reminded of my good fortune, and I am feeling especially grateful to be part of an amazing team full of impassioned, clever and humble analysts, engineers and hackers.

quick #youtube video on forwarded exports in #pe files 👇

🔍 youtu.be/VBnjgaQs-SM

Writing better Yara rules in 2023...

hexacorn.com/blog/2023/08/2…

Adaptation requires deliberate, consistent exposure. That thing you want to be stronger, faster, better at? Build a routine and train on it regularly. I've gotten pretty good at stuff I do every day: guitar, YARA, pullups, etc. The compounding effect of regular training is huge.

Today is the last day to get our YARA course at its discounted launch rate.

A lot of my work involves shuttling data around to and from various APIs, and so often I run into the same issues with them that I think it’s slowly but surely killing me. So for my own catharsis, here’s a short list of the most common offenses.

Great opportunity to work on detections at an epic scale across a variety of data, threats, technologies, plus Jack is pretty cool

How most ransomware incidents actually work 🔻
Access brokers sell access to compromised networks to ransomware-as-a-service affiliates, who conduct the intrusions.
Ransomware-as-a-service affiliates prioritize targets based on intended impact or perceived profit
Intrusion…