Sam Hanson's Avatar

Sam Hanson

@sam-hans0n

Security researcher for Dragos https://sam-hanson.space

119
Followers 272
Following 21
Posts 01.12.2024
Joined
Posts Following

Latest posts by Sam Hanson @sam-hans0n

Preview
Dragos 2026 OT Cybersecurity Report: a Year in Review Get the latest OT threats, vulnerabilities, and lessons learned from real-world incidents in this year’s 2026 OT Cybersecurity Report.

The Dragos 2026 Year In Review Report is live: 3 new threat groups, updates from 3 of our more active threat groups, and (my personal favorite) coverage of a subset ICS-related capabilities that we found last year.

17.02.2026 15:01 πŸ‘ 5 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Video thumbnail

β€œAI will change the average persons life”

The average person using AI:

(h/t Reid Wightman for finding this gem)

20.11.2025 02:07 πŸ‘ 18 πŸ” 6 πŸ’¬ 0 πŸ“Œ 1

Every year at @cyberwarcon.bsky.social there’s an extraordinarily well sourced deeply detailed talk about a topic that I literally know nothing about but is extraordinarily fascinating. Congrats @bees.infosec.exchange.ap.brid.gy for producing this year’s edition.

19.11.2025 19:24 πŸ‘ 10 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0

Not surprised - Jonathan truly knows his shit. Congrats Jonathan!

19.11.2025 20:00 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

Me watching everyone at CYBERWARCON this week

19.11.2025 13:20 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
a man in a basketball jersey is looking at the camera . ALT: a man in a basketball jersey is looking at the camera .

β€œFour of the 16 short links were clicked, three by the senior staff members.”

That’s a pretty good return rate for phishing. Blasting out hundreds of phish, as they did, and you’ll always get someone. But 25% for a given org…

14.11.2025 15:18 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

*sends phish to John Podesta using public account on bitly to hide URL*

β€œholy shit, this guys good…world-class, even.”

Glad they got this asshole

14.11.2025 14:52 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

That’s what we call an OPSEC oopsie

14.11.2025 14:17 πŸ‘ 7 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Had a great time presenting at LSU this week on hunting and analyzing Go and Python malware samples while hunting for ICS malware. For those who couldn't make it, you can catch a recording of this talk from Hou.Sec.Con last month with @sam-hans0n.bsky.social

www.youtube.com/watc...

14.11.2025 14:01 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

A lot of folks have reached out about Socket’s recent report on a supply chain attack using malicious NuGet packages to target Siemens S7 protocol and other PLCs.

This is not a supply chain attack in the traditional sense.
1/6

11.11.2025 17:30 πŸ‘ 3 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0

That game hurt my soul, last Vikings drive was…rough to say the least.

09.11.2025 21:49 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Went to a wedding and danced. Then went to a bar and danced. I didn't care about people watching me dance and people liked that I danced.

Just dance.

26.10.2025 06:50 πŸ‘ 11 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0

See you all tomorrow at #bsidesTC at Open Book in downtown Minneapolis!

16.10.2025 20:13 πŸ‘ 2 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0
DEF CON 33 - Don’t Cry Wolf: Evidence based assessments of ICS Threats - Jimmy Wylie & Sam Hanson
DEF CON 33 - Don’t Cry Wolf: Evidence based assessments of ICS Threats - Jimmy Wylie & Sam Hanson CS Malware is rare. Yet, ICS Malware like FrostyGoop and TRISIS, and related discoveries like COSMICENERGY, were all found on VirusTotal, so analysts still hunt for novel ICS Malware in public malware repositories. In the process, they discover all kinds of tools: research, CTFs, obfuscated nonsense

Our DEF CON33 ICS Village talk is now on YouTube!

@sam-hans0n.bsky.social and I share stories of malware we discovered while searching for ICS threats, and discuss our approach to assessing their reputation.

Don't Cry Wolf: Evidence-Based Assessment of ICS Threats

16.10.2025 19:18 πŸ‘ 6 πŸ” 5 πŸ’¬ 0 πŸ“Œ 1

DEF CON talk now on YouTube! Check it out:

16.10.2025 19:20 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Excited to launch the BSidesTC CTF this evening! Its been a lot of fun planning and designing the challenges with @sam-hans0n.bsky.social. I hope everyone has fun with it and I look forward to seeing how people do!

11.10.2025 03:54 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
BSides:TC 2025 CTF! – Bsides Twin Cities

The BSidesTC 2025 Capture The Flag challenge has officially launched.

Head to our website to download the zipped executable file:

bsidestc.org?page_id=145

Players will need an x86_64 Linux sandbox to start the challenge.
Organizers will be available at the conference to answer any questions.

11.10.2025 03:46 πŸ‘ 3 πŸ” 3 πŸ’¬ 1 πŸ“Œ 1

Dropping very soon!!

11.10.2025 01:08 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

In ICS, malware analysis can feel like archaeology. I started the week with a 13 year old sample and ended the week with @sam-hans0n.bsky.social pinging about an 18 years old sample.

So, save your old Windows ISOs and VMs, you might need them!

10.10.2025 18:40 πŸ‘ 4 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
Post image

β€œWhat made you investigate that specific sample on VirusTotal?”

17.02.2025 17:59 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
PyLingual

Super excited about a new tool, PyLingual, a transformed based Python decompiler. This will be super useful for malware analysis, great work to the teams involved.

pylingual.io/about

Check out their research paper here (also fun to see Dragos cited):

softsec.kaist.ac.kr/~sangkilc/pa...

05.02.2025 02:48 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image
11.12.2024 20:28 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Without the direct ties to an event or IoCs, it can be difficult making that determination.

Is it malware or a red teaming tool?

Is it malware or a research project?

It’s not always obvious. Malware repositories can contain some real gold. But without hard evidence, we can’t make conclusions.

06.12.2024 17:55 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
a black and white photo of a woman standing in front of a mirror with the words `` idk '' written on it . ALT: a black and white photo of a woman standing in front of a mirror with the words `` idk '' written on it .

Another day of β€œis it malware or is it a CTF challenge”

06.12.2024 17:53 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Btw - your cooking pics look incredible. Teach me your ways.

01.12.2024 17:31 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

*infosec.

01.12.2024 17:28 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Agreed. I get astrophotography, infused, and cats. So much better.

01.12.2024 17:26 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

The River of Doubt!

It’s about Theodore Roosevelt expedition after his 1912 election loss. I just finished it today, it’s incredible what he persevered.

01.12.2024 16:01 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

And yes β€œoff the X” is a double entendre. But it feels fitting, cause Twitter became disgusting and dangerous.

01.12.2024 15:56 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Hello Bluesky community! Figured I should do an introduction.

I’m a vuln/malware analyst at Dragos, specializing in malware analysis, vulnerability research, and (some) threat hunting.

Big fan of anything space-related, fitness, and general nerd shit.

Happy to be β€œoff the X”… so to speak πŸ˜ƒ

01.12.2024 15:54 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0