Andrew Brandt

and process lists and they're trying to build out the capabilities to be stealthy.

It's maybe distracting them from building custom malware or developing new exploits, but they have to spend a little bit of energy on, you know, it puts them on the back foot.

And for the first time, I think this is like one of the cases where you can say, yeah, there were some challenges and we had some bad days early on, but we're forcing the threat actors to have to make moves to counter us.

And actually, that feels pretty good.

So libsofos was the very custom...

Rootkit, it was able to, and again, deleting logs, hiding its presence on the machine, trying to do everything as stealthy as possible, low volume of outbound communication, and persistence.

They're experimenting with everything.

And the

It seems to me that the threat actors have been given carte blanche to just try and experiment with all sorts of different things.

So during this period from late 2020 to the end of 2022, we're seeing a huge variety of different payloads, of exploits.

It's bad.

It's bad out there.

It's kind of like the Wild West and you never know where something's going to come from.

You know, if you can get a boot kit into the Eufy BIOS of a device, there's nothing that you can do in the user land of the operating system

to remove it because it's running at a level beyond which the operating system cannot reach.

This was actually kind of scary to find this experimentation happening on one of the Threat Actor devices.

They were really trying to figure out if they could

get this boot kit to run on a firewall.

And they ended up bricking the firewall.

It didn't work.