Matt Suiche

Cybersecurity Researcher

Hi there! I’m Matt Suiche, Director of Incident Response R&D at Magnet Forensics (MAGT:TO), an organization aiming to seek justice and protect the innocent, after they acquired my cybersecurity start-up Comae Technologies in 2022. Before founding Comae, I was the Chief Scientist and Co-Founder at CloudVolumes (NASDAQ:VMW). I’m also the founder of the cybersecurity community project OPCDE.

I have always had a passion for learning new things and understanding how they work. I first got acquainted with cybersecurity through reverse engineering as a teenager, which fueled my deep curiosity for tech. Since then, I’ve studied various technologies such as operating systems architecture, programming languages, virtualization, modern web application development, generative art, and multiple domains of privacy and surveillance, forensics, blockchain, community development, etc.


SMBaloo - Building a RCE exploit for Windows ARM64 (SMBGhost Edition)

SMBaloo 🔗A CVE-2020-0796 (aka “SMBGhost”) exploit for Windows ARM64. Because vulnerabilities and exploits don’t need to always have scary names and logos. GitHub Repository: https://www.github.com/msuiche/smbaloo Original post on Comae’s blog: https://www.comae.com/posts/2020-06-25_smbaloo-building-a-rce-exploit-for-windows-arm64-smbghost-edition/ Author: Matt Suiche (@msuiche) Acknowledgments 🔗 @hugeh0ge for his great blogpost and @chompie1337 for her excellent POC! On top of answering my questions on Twitter, their materials were really good and helped me immensely to understand the vulnerability and the exploitation part.

Twitter's Information Operations - An OSINT Analysis

Key Takeaways 🔗 Twitter is doing better than other platforms by releasing datasets, albeit partial, on Information Operations (IO). There is so much more information yet to be disclosed. Recommendations are given. Attribution blindspots seem to be a common problem with social media companies. Aggregated Twitter data and Python scripts are available on Github - and will be kept up-to-date. Beautiful dynamic data visualization for Twitter’s IO datasets, generated in real time from our GitHub datasets.

Facebook's Coordinated Inauthentic Behavior - An OSINT Analysis

Key Takeaways 🔗 A lot of the information shared by social media companies is still incomplete or missing. Further transparency on processes and data is required to increase visibility and awareness of campaigns. Elections have been a key focus of CIB campaigns. CIBs are also currently used in conflict-affected & politically vulnerable countries (e.g. Northern & Eastern Africa), although under-reported by media outlets. The data collected on Facebook’s CIBs is available on GitHub.