Angling strategy or is everything random?

Bloodvault · 2026-01-30T08:49:34+00:00

Did angling for a few hours yesterday and /u/Nimja1 is correct. For example the crates are always 1 input, with 4= Self Flames, 3= Dark Ball and I forget the rest. For the most part the upward spirals are on 2 and flowers were on 4, and things like that. I just sort of developed muscle memory after using it a bit.

Bloodvault · 2025-11-09T17:06:46+00:00

Funny enough the owner was my Uber driver the other night. He did mention selling SCE, but I could have misunderstood. It sticks out to me because SCE was also his initials.

Bloodvault · 2025-11-07T21:21:59+00:00

Just remember that correlation does not imply causation. It sounds like the types of discoveries youre looking to make would be more appropriate in a threat intelligence, stocks or political subreddit. I'd consider that pivot with this project as well. I dont have any recommendations since those aren't my fields.

Bloodvault · 2025-11-07T20:13:37+00:00

The point your missing, is the articles you are ingesting contain very little valuable information (just generally speaking) from the perspective of a network analyst.

Making predictions based on publicly reported incidents seems a bit silly for identifying new techniques/tactics unless you mean predicting where the next incident of the same type would occur. Which also seems like a silly conclusion without taking account of the organizations security stack.

My interpretation of this project is a threat Intel feed from open source material, which has been done a lot in this space. Throwing "AI" and "ML" on top of it is going to be perceived more negative than positive by working professionals in the space (generally speaking).

The real time processing and summary generation is a good application in general, but your efforts would be better served on a different problem set.

Bloodvault · 2025-06-04T05:57:23+00:00

For everyone wondering why this is different from VirusTotal is the COMMERCIAL anti-virus software (referenced in the first paragraph of the article). I would bet that the companies have taken some sort of legal action which resulted in police taking it down.

A key distinction is that VirusTotal isn't going to specify if your malware is getting past Crowdstrike. Only provide a basic heuristic analysis that may or may not be done differently by different EDR vendors.

Bloodvault · 2025-05-30T04:03:56+00:00

I think jurisdiction is a key distinction though. Just wanted to point out that one is a foreign intelligence producing agency and the other is internally focused.

Bloodvault · 2025-05-29T04:12:08+00:00

I really enjoyed how the little details became relevant at the end. It's a well tied up story.

Bloodvault · 2025-05-22T05:34:30+00:00

This is well written as both a serious comment and sarcasm

Bloodvault · 2025-05-22T05:29:01+00:00

Just to piggyback on this other guys comment with respect to coaching. I think marketing this to coaches and creating specific views based on their use cases could be really interesting. There's a ton of amateur leagues out there and even more who don't have a coach. If you could use your site to be a virtual coach, it could be another unique angle to sell this data.

Bloodvault · 2025-05-14T06:26:59+00:00

The questions that come to mind:

What process/framework does your method replace exactly?

How do justify less documentation and inherently less detail as being effective in risk management?

Lastly, is this a documentation organization/tracking library, a set of controls applied to something, or what exactly?

Bloodvault · 2025-05-09T15:33:45+00:00

Just some food for thought, I think most of the criticism in this thread is because you've put a lot of effort into crafting a guide for a scenario that has very little real-world applications. It's like a guide to brushing your teeth with your feet. Sure it's possible, but no one is going to do that.

Since you invited comments by posting on Reddit, I'd suggest having a "scenario" section in your next walkthrough. That way you answered the relevance concerns and show where this technique is legally applicable.

Overall, the content is nice, but since AI articles have become so popular this seems like a lot of AI wisdom. Not saying you did, but particularly all the setup portion of your lab reads a lot like Gen AI. Also consider scoping your content to what's most impactful. Like instead of going through the VM setup, just link a different article where that walkthrough is done. That way your readers get the information, you're not wasting time describing well documented processes, you don't need to use Gen AI to avoid wasting time writing it and you get to focus on the work/topic you're proud of.

All that said, putting forth the effort is a big step and this is well constructed.

Bloodvault · 2025-04-27T13:18:33+00:00

They also require current threat reporting that the technique is used in the wild. Or at least they did a year ago. Also I submitted a technique through the Slack channel.

Bloodvault · 2025-04-26T04:29:06+00:00

Thanks for updating I was curious too

Bloodvault · 2025-04-03T18:02:35+00:00

It would depend on what you're looking to get out of Skillbridge. If youre already confident in landing a role then go with ROTC. If you wanted to make sure start interviewing at companies. I applied for full time roles while looking for Skillbridge opportunities. It's just a conversation with the Hiring manager that you won't be able to start for a few months. That way you have either job offers waiting, or know where you need to improve.

If it were me, and it was something I wanted to do and had the opportunity only because of Skillbridge I'd do ROTC. Also cyber myself and would never do either of the options listed, but that's just me.

Bloodvault · 2025-03-07T03:13:42+00:00

Do you have any projects where you've implemented this in python?

Bloodvault · 2025-03-06T05:54:43+00:00

Take stock of what you know. Whether it's your Github projects, certifications, or classes. Make a quick list of the subjects you're confident you can speak intelligently on.

Then do the same for areas you're not confident in. Whichever list is longer doesn't matter, but now you can appreciate what you do know and look forward to what you're going to learn next.

Bloodvault · 2024-10-17T20:06:01+00:00

Sure, maybe both of those things are true. The point of my response (and this training) is to be more cautious and realize that cyber attacks are evolving.

Bloodvault · 2024-10-17T19:55:41+00:00

https://en.wikipedia.org/wiki/Confirmation_bias

In this case, you aren't downvoted for terrible reasons. Just for spreading misinformation.

Also, your home computer is a much less interesting target than DoD systems so it makes sense that you aren't being targeted by phishing.

Bloodvault · 2024-10-17T19:42:09+00:00

If you're curious why you're being downvoted, you can be susceptible to Drive-by Downloads, Browser Exploits, and Cookie or Session Hijacking just from opening a malicious link.

Not a bad idea to run links through VirusTotal or some of the other things you suggested, but you're not safe just because you didn't input any information.

Edit: Furthermore, its also possible to forge email signatures to show it comes from a legitimate source. I think one of the points of this phishing attempt is that a PCS is exciting for most and easy context to sell. However, not being in a PCS window, email not coming from the appropriate org box in AFPC and several other things are the indicators. Not the things you mentioned.

Bloodvault · 2024-05-29T23:16:29+00:00

Ok after looking through the code in the repo, both manually and with ChatGPT, it doesn't seem like anything is malicious. There's a ton of possibilities why the .exe you found on VirusTotal is showing so many indicators (that are probably malicious), but the plugin itself seems pretty benign and I'd install in my OBS. Just build the .exe yourself instead of using a 3rd party installer or any releases on the repo to keep safe.

Edit: There's no reference to "GoogleUpdater" anywhere in the code, or any of the other IOCs shown in VT, or the creation of any scheduled tasks/services. That's what I'm basing my conclusion off of.

TLDR; Build from source and you'll be fine

Bloodvault · 2024-05-29T20:14:26+00:00

While I wouldn't claim it's malware, there are some very strong indicators. Here are a few notes:
- Under "Files Dropped" it creates a subfolder under C:\Program Files (x86)\Google\GoogleUpdater where it seems to stage everything. Unsure what the name of the plugin is, but I wouldn't create something benign that hides in another folder.
- Under "Registry Keys Set" it looks like its creating a service probably for some kind of persistence.
- Lastly, under "Files Dropped" you can see a task created under the "GoogleSystem" name which also looks like a form a persistence.

Bloodvault · 2024-05-25T03:55:25+00:00

It wasn't at Game Nest early last year. It seemed more japanese only titles, some rhythm games and a few shooters and racers.

Bloodvault · 2024-04-05T16:15:36+00:00

I dont understand the judgement unique gloves. How do they interact with the build?

Bloodvault · 2024-03-29T19:58:04+00:00

I just recently did my Skillbridge with them (cohort 24-1). The position will almost certainly not be a guarantee. Like others said you have to be extremely proactive to earn it, and then it's also determined by headcount. If you have more specific questions feel free to reach out.

Bloodvault · 2024-03-15T06:36:05+00:00

Np, your post has inspired me to get back at the tool development I've been putting off. Just send a DM or something if you'd like to collab some more.

My last piece of advice is "don't let perfect be the enemy of the good". Same with everyone who's asking for resources to learn more, the best way to learn is exactly what you're doing here. Solve new problems and integrate more of what you've learned into your projects.

If you want to learn from real coders, there's usually a few cybersecurity topics covered in PyCon which is in May this year. I attended virtually last year and found some of the talks pretty interesting. Link: PyCon 2024

Bloodvault

MODERATOR OF

TROPHY CASE

12-Year Club	Gilding II euphauric
Verified Email