Beware of pigs flying drones:

https://x.com/nexta_tv/status/2019764986080342443?s=20

@drajt @Enthalpiste @codebyjeff @pluralistic Just throwing it out there, but there is a UK government petition that would mandate any MPs need to pass the citzenship test to keep their job. I dont see it ever becoming law, but I'd love if enough people signed that it got to the debate and they had to weasel their way out of it while still maintaining that it is an effective test for new citizens. https://petition.parliament.uk/petitions/755094

This year's T-Level mentee enjoys chips off hardware hacking and DMA attack. This will be fun.

Seen an interesting trend in UK FSI over the last months, with multiple requests for specific support in hampering network-centric aspects of discovery, lateral movement, C2 and exfiltration. I wonder what it's attributed to.

#threatintel, #fsi

Interesting links of the week:

Strategy:

* https://x-c3ll.github.io/posts/Rant-Red-Team/ - @XC3LL talks red teaming trends
* https://arstechnica.com/security/2026/01/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security/ - finally settled, the poor testers with a faulty get out of jail card

Threats:

* https://stratcomcoe.org/pdfjs/?file=/publications/download/Social-Media-Manipulation-FINAL-FILE.pdf?zoom=page-fit - STRATCOM talks influence operations
* https://github.com/blackorbird/APT_REPORT/blob/master/summary%2F2026%2F2025%20Global%20APT%20Threat%20Research%20Report.pdf - threat research report from Qihoo 360
* https://www.greynoise.io/blog/unmasking-cisas-hidden-kev-ransomware-updates - @greynoise discuss hidden signals in KEV
* https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/ - @rapid7's excellent analysis of notepad++
* https://community.plone.org/t/plone-security-advisory-20260116-attempted-code-insertions-into-github-pull-requests/22770/7 - another supply chain woopsie
* https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/ - reporting on the .pl power problems
* https://zenodo.org/records/18444900 - content based risk analysis of Moltbook (not for the faint-hearted)

Detection:

* https://zeek.org/2026/01/how-to-use-ja4-network-fingerprints-in-zeek/ - @zeek discuss how to leverage JA4
* https://blog.jmhill.me/deploying-an-opencti-osint-stack-for-cybersecurity-research/ - @jmhill describes how to deploy OpenCTI
* https://www.huntress.com/blog/ldap-active-directory-detection-part-four - the latest of @huntress's excellent blogs on what an attack on LDAP can actually look like
* https://leanpub.com/suri_operator - @da_667's survivors guide to @suricata

Bugs:

* https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/ - @index continue their streak of popping fun bugs in the wild
* https://zeroleaks.ai/reports/openclaw-analysis.pdf - nice technical write up on OpenClaw

Exploitation:

* https://scriptjunkie.us/2026/01/tracking-signal-identifiers/ - leaking Signal IDs from @sj
* https://splintersfury.github.io/mal_blog/post/netfilter_driver/ - reversing Netfilter
* https://alfiecg.uk/2024/09/24/Kernel-exploit.html - Alfie pops iOS
* https://secure.dev/securing_ggml_rpc.html - attack and defend on GGML

Hard hacks:

* https://hexkyz.blogspot.com/2021/11/je-ne-sais-quoi-falcons-over-horizon.html - an oldie on popping NVIDIA's Falcon

Hardening:

* https://itsfoss.com/news/amutable-linux-security/ - @pid_eins triggers systemctl restart
* https://fosdem.org/2026/schedule/event/EW8M3R-island/ - how to get land locked

#security, #research

Interesting that there is no way to ship books to the UK on NERP CIP. There are current reasons why this is infuriating.

Interesting links of the week:

Strategy:

* https://x-c3ll.github.io/posts/Rant-Red-Team/ - @XC3LL talks red teaming trends
* https://arstechnica.com/security/2026/01/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security/ - finally settled, the poor testers with a faulty get out of jail card

Threats:

* https://stratcomcoe.org/pdfjs/?file=/publications/download/Social-Media-Manipulation-FINAL-FILE.pdf?zoom=page-fit - STRATCOM talks influence operations
* https://github.com/blackorbird/APT_REPORT/blob/master/summary%2F2026%2F2025%20Global%20APT%20Threat%20Research%20Report.pdf - threat research report from Qihoo 360
* https://www.greynoise.io/blog/unmasking-cisas-hidden-kev-ransomware-updates - @greynoise discuss hidden signals in KEV
* https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/ - @rapid7's excellent analysis of notepad++
* https://community.plone.org/t/plone-security-advisory-20260116-attempted-code-insertions-into-github-pull-requests/22770/7 - another supply chain woopsie
* https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/ - reporting on the .pl power problems
* https://zenodo.org/records/18444900 - content based risk analysis of Moltbook (not for the faint-hearted)

Detection:

* https://zeek.org/2026/01/how-to-use-ja4-network-fingerprints-in-zeek/ - @zeek discuss how to leverage JA4
* https://blog.jmhill.me/deploying-an-opencti-osint-stack-for-cybersecurity-research/ - @jmhill describes how to deploy OpenCTI
* https://www.huntress.com/blog/ldap-active-directory-detection-part-four - the latest of @huntress's excellent blogs on what an attack on LDAP can actually look like
* https://leanpub.com/suri_operator - @da_667's survivors guide to @suricata

Bugs:

* https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/ - @index continue their streak of popping fun bugs in the wild
* https://zeroleaks.ai/reports/openclaw-analysis.pdf - nice technical write up on OpenClaw

Exploitation:

* https://scriptjunkie.us/2026/01/tracking-signal-identifiers/ - leaking Signal IDs from @sj
* https://splintersfury.github.io/mal_blog/post/netfilter_driver/ - reversing Netfilter
* https://alfiecg.uk/2024/09/24/Kernel-exploit.html - Alfie pops iOS
* https://secure.dev/securing_ggml_rpc.html - attack and defend on GGML

Hard hacks:

* https://hexkyz.blogspot.com/2021/11/je-ne-sais-quoi-falcons-over-horizon.html - an oldie on popping NVIDIA's Falcon

Hardening:

* https://itsfoss.com/news/amutable-linux-security/ - @pid_eins triggers systemctl restart
* https://fosdem.org/2026/schedule/event/EW8M3R-island/ - how to get land locked

#security, #research

Product idea:

Recognise Connections

Tagline: "Nothing says meaningful thanks more than having a bot write the card..."

Functional requirements:

* Bot scans your emails each month and then decides what/how much to recognise you
* HR wire the agent into Amazon's gift recommendation API

Business outcome:

"This was so good, you deserve a box of tissues."

#microfiction

We will do a spreadsheet style UI, incredibly badly.

Oh dear, more hijinx and misbehaviour in the supply chain:

https://community.plone.org/t/plone-security-advisory-20260116-attempted-code-insertions-into-github-pull-requests/22770

#plone, #threatintel

Another day, another threat model. Credit card company wants to know what they should be on the lookout for by way of discovery, lateral movement and c2 and exfiltration from their micro-segmentation solution as easy wins..

#threatmodelling

When you delete a vendor library to resolve a symbols issue on a commercial Linux product...

And again, OpenClaw's not that much better if you look at it from a more technical standpoint:

https://zeroleaks.ai/reports/openclaw-analysis.pdf

#threatintel, #aislop

One of our AI threat team pointed me at this:

https://zenodo.org/records/18444900

Interesting analysis of Moltshite.

#threatintel, #aislop

"I must admit," said Lady Chatterly, "that your operation of the Wyrmhaven Deep Dungeon is most impressive. However, I am not certain I feel safe investing my money with you - you goblins are so very ugly."

Nyx Gritbottom, head of the Wyrmhaven Deep Dungeon Improvement Committee, drew himself up to his full height of just under four feet. "And you Madam, are drunk. But in the morning I shall be..." His voice trailed off. He frowned. "Wait, I think we started that off wrong...."

#microfiction

A small rant:

The State of Art in Red Team is whatever you want to believe

https://x-c3ll.github.io/posts/Rant-Red-Team/