Pinned
The Cybersecurity Booklist: 11 Must-Reads for 2026 from The Three Buddy Problem Podcast: medium.com/@costin.raiu/t… @ryanaraine @juanandres_gs
Costin Raiu
10.2K posts
Costin Raiu
@craiu
Cybersecurity researcher focused on threat intel & APTs. Breaking down attacks, hunting threats, and crafting YARA rules. Buddy @ Three Buddy Problem
- It is a bit weird so many things went down, airports, hospitals, critical infrastructure - Crowdstrike can't have a footprint this big. The first thing to go down was Azure. Perhaps MS runs Crowdstrike on some of their Azure servers? So CS fails, brings Azure down, then
- Start by disabling iMessage, FaceTime and then enable Lockdown mode. Reboot daily. This takes care of 90% of the things out there.
- Always look at PDF files with a (preferably blue) text viewer, sometimes the metadata has interesting goodies!
- Some people report that the files responsible for the CrowdStrike crashes (Eg. C-00000291-00000000-00000032.sys) are full of zeroes. This is not the case for any of the machines I fixed by hand today. One example is
- 23 years ago, I joined the Kaspersky team. Today, I am 46 and that makes it half my life dedicated to protecting the world. You probably know some of the research we did over the years in GReAT – looking back, I’m very proud of what we accomplished. It has been an incredible
- This is nuts. Solarwinds had a support page (now removed) advising users to DISABLE antivirus scanning for Orion products' folders.
- Out of the 140 known C2 servers we are tracking at OVH that are used by APT and sophisticated crime groups, approximately 64% are still online. The affected 36% include several APTs: Charming Kitten, APT39, Bahamut and OceanLotus.
- Wow, is that a floppy disk reader on this Emotet server in Ukraine? Also love the soldering iron next to it.
- A sample of the iOS malware family described by Google and used in zero days attacks finally hit multi-scanner services today. sha256: 0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560
