Steven Lim @0x534c
#Cybersecurity #Sentinel #DefenderXDR #KQL #KQLWizard github.com/SlimKQL/Huntin… Singapore Joined May 2009-
Tweets339
-
Followers3K
-
Following911
-
Likes213
🚨 The Salesloft-Drift breach exposed Salesforce data across hundreds of orgs via compromised OAuth tokens. Vendors like Cloudflare, Palo Alto Networks, Zscaler, and others have confirmed related incidents. 🔍 To detect similar risks from other third-party integrations,…
🚨 Starting Oct 1, 2025, Azure MFA Phase 2 kicks in: users must authenticate with MFA to perform any resource management ops via CLI, PowerShell, SDKs, REST APIs & more. Managed identities are exempt. Update clients & prep now! 🔐 Details below: azure.microsoft.com/en-us/blog/azu…
OAuth Attacks in Salesforce Palo Alto Networks and Zscaler have confirmed they were targeted in a campaign exploiting OAuth trust to siphon Salesforce data—via compromise of Salesloft Drift, a widely used third-party Salesforce app. trust.salesloft.com/?uid=Drift%2FS… 🛡️ Defender Alert:…
🚨 𝗡𝗲𝘄 𝗶𝗻 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿𝗅 𝗖𝘂𝘀𝘁𝗼𝗺 𝗱𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗿𝘂𝗹𝗲𝘀 𝗷𝘂𝘀𝘁 𝗴𝗼𝘁 𝗮 𝗺𝗮𝗷𝗼𝗿 𝘂𝗽𝗴𝗿𝗮𝗱𝗲: 🔍 Searchable rule library ⚡ Faster rule creation with templates 📈 Enhanced analytics & insights ✅ Streamlined validation &…
🚨 Threat actors hijacked the trusted AI platform Simplified to launch a phishing campaign targeting Microsoft 365 credentials. By impersonating execs and hosting fake login pages on whitelisted domains, they evaded traditional defenses. catonetworks.com/blog/cato-ctrl… 🧪 VT scan: 0/97…
🥷Microsoft Incident Response Ninja Hub This is a compilation of guides and resources that the Microsoft Incident Response team has developed on threat hunting, case studies, incident response guides, and more. 🫡 #cybersecurity #MicrosoftIRhub techcommunity.microsoft.com/blog/microsoft…
🚨 Sliver Backdoor via SimpleHelp RMM Threat actors are actively exploiting vulnerabilities in SimpleHelp RMM to deploy the Sliver backdoor, enabling lateral access into downstream customer environments. This campaign has been ongoing since January 2025 and shows no signs of…
Sentinel TI DNS Tunneling Detection An area where many defenders fail to detect and defend ... detections.ai/share/rule/Q0b… #cybersecurity #sentinel #dnstunneling
Sentinel TI Salty 2FA/Storm-1575 Detection: detections.ai/share/rule/r9a… @anyrun_app Technical Analysis: any.run/cybersecurity-… #cybersecurity #salty2fa #storm1575
Sentinel Threat Intelligence Nation-State Detection detections.ai/share/rule/5nk… #cybersecurity #sentinel #threatintelligence
Found some precious Sentinel Scattered Spider IOC 😂 Enjoy the hunt! #Cybersecurity #Sentinel #ThreatIntelligence
🚨 Phishing alert: Over 115,000 emails exploited Google Classroom to target 13,500 orgs in just one week. Attackers used fake invites & WhatsApp lures to bypass filters via trusted infrastructure. blog.checkpoint.com/email-security… KQL Check: EmailEvents | where Timestamp > ago(30d) |…
🐼 MURKY PANDA exploited trusted cloud relationships by breaching SaaS and cloud providers, then pivoting into downstream customer environments. In one case, they stole an Entra ID app registration secret, authenticated as a service principal, and accessed customer email systems.…
🚫 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗖𝗼𝗽𝗶𝗹𝗼𝘁 𝗔𝗴𝗲𝗻𝘁 𝗔𝗰𝗰𝗲𝘀𝘀 𝗣𝗼𝗹𝗶𝗰𝘆 𝗡𝗼𝘁 𝗛𝗼𝗻𝗼𝘂𝗿𝗲𝗱 Since May 2025, a total of 107 Copilot Agents (Microsoft + External Publisher) have been made available in the Copilot Agent Inventory across all Microsoft 365 tenants. Despite…
🔥Anonymous Blob Access Detection This KQL query identifies potentially exposed Azure Blob Storage containers that have been accessed anonymously from known or suspected malicious IP addresses. It helps detect unauthorized access attempts that may indicate data leakage or…
Blob Threat Hunting Just Got Interesting Just spotted the CloudStorageAggregatedEvents table in Microsoft Defender XDR’s advanced hunting schema! 🎯 This new addition provides visibility into storage activity and related events—perfect for digging into potential blob storage…
New throttling enforcement of MOERA (Microsoft Online Email Routing Address) domains aka "onmicrosoft.com" domain. This would mean it's harder for threat actor to abuse MOERA for phishing campaign. techcommunity.microsoft.com/blog/exchange/… #Cybersecurity #onmicrosoft #enforcement
🚨 SpyVPN Alert FreeVPN.One, a Chrome extension with 100K+ installs & a “Verified” badge, was caught secretly capturing screens & sending data to its servers. koi.security/blog/spyvpn-th… I built a KQL to track screenshot activity via MDE—great for spotting suspicious…
Microsoft Defender XDR will support Streaming API for DataSecurityEvents and DataSecurityBehaviors tables starting late August 2025, enabling real-time insider risk alert data delivery via event hubs. This feature is off by default and requires configuration to begin streaming…
🚨 NPM supply chain attack alert: eslint-config-prettier (3.5B+ downloads, 12K deps) was hijacked via phishing. Malware injected through postinstall scripts. reversinglabs.com/blog/eslint-ha… 🧪 My DefenderXDR analysis shows activity from Jul 18–Aug 4. Defender began blocking the…
Chris Suozzi @chris_suozzi
21 Followers 4K Following
Xploit34 @sm_sunny67076
27 Followers 907 Following 🛡️ Bug Bounty Hunter | 💻 Ethical Hacker | 🕷️ Web App Security | Burp Suite & Recon Addict | Break n build the Code | Tweets = Vulns, Tips & Tricks🔥
Biealcik @Biealcik1798
0 Followers 202 Following
Mohan Reddy @ThenameisM0han
214 Followers 2K Following Inquisitive, Passionate to meet people, Not exploring my interests. Author of https://t.co/brpBLNNjxz
GoldM0n @G0ldm0n
73 Followers 2K Following
simbolonvande @dennyssimbolon
3 Followers 429 Following
Santiago Pontiroli @spontiroli
4K Followers 810 Following I break down #malware so you don’t have to 👾 Lead Security Researcher @Acronis TRU-Labs doing #ThreatIntel #CTI GReAT past, and even greater challenges ahead
Osama Saleh @OsamaSa1986
124 Followers 4K Following
Soju @Soju55767
39 Followers 1K Following
InaBlume @9aP74KT721YkwMR
1 Followers 224 Following
Evleever @Evleever91049
0 Followers 137 Following
André Kachlov @AKachlov7141
1 Followers 119 Following
Christina @christina62cros
254 Followers 3K Following
Tom Neon @TomNeon113595
6 Followers 169 Following
la cosechadora de ver... @animalenlata84
142 Followers 507 Following Inconformable, incapaz de matar indefensos e inocentes, absurdamente crítico, con profundo desprecio por la corrección política. Diga la verdad o no vale nada.
Oliver Šolman @oliversolman
343 Followers 318 Following ...urity is my .... , and ... for f..t of h... or unite
KimberleyHouston @1XZk8uNNFrRFyis
4 Followers 83 Following
Madina rose @Madina_rose11
1 Followers 28 Following
kousivino @kousivino41296
1 Followers 125 Following
𝓚𝓟 @bidhata
425 Followers 560 Following From India, living at Stockholm | Sr. Red Team Op | Malware & Threat Intel | Open Source Evangelist ! Opinions are of my Own.
legallass1003 ❌👑 @legallass10031
494 Followers 6K Following “World peace must develop from inner peace. Peace is not just mere absence of violence. Peace is, I think, the manifestation of human compassion.”
Dony Riyanto @donyriyanto
678 Followers 5K Following Geek. Robotics. Father of 3. A proud Indonesian 🇮🇩
₊˚𝓗𝔦𝔩 ˖�... @S01F0Nx86
48 Followers 168 Following She/Her 🇩🇴| Cybersecurity Student 🥷| Malware Analyst Wannabe 🕷️| F1 NOR | SAI 🏎️
ArifS @Arif_Sptra
0 Followers 20 Following
monkk @Monk_VJ
22 Followers 424 Following 🌴🌳🌲🪺🕊️ | Blue Teamer #Python #Linux 🐧 #DFIR | Practising Red | CEH | eJPT | eCPPT and OSCP on the way
Arco @Arco20490478
3 Followers 269 Following
Damien van der Linden @LindenSec
42 Followers 154 Following Cybersecurity || Microsoft Sentinel/XDR enthousiast || Hobby bughunter
vijay anand @arrow_sEc777
12 Followers 437 Following
Brendan Carroll @bcraernr
0 Followers 174 Following
Corey @Ctrevorwilson
235 Followers 290 Following
RG @rg989807
22 Followers 320 Following
Land_of_Champs7_26 @jcozzarin
87 Followers 798 Following “Success is going from failure to failure without losing enthusiasm.” – Winston Churchill
Ann @WardCrist85200
56 Followers 2K Following
Satish Doreti @satishdoreti
74 Followers 526 Following
Hari k @_kmhari
1 Followers 50 Following
EZ @IAMERICAbooted
2K Followers 1K Following Yesterday is history. Tomorrow is a mystery. Cloud Solutions Engineer at Contoso. Hacktive Directory admin. Posts don't represent my employer(s).
Michael Bargury @mbrg0
8K Followers 484 Following Breaking AI. Hacked Copilot, hijacked ChatGPT. Building @zenitysec.
grayhatwarfare @grayhatwarfare
1K Followers 176 Following
ZoomEye @zoomeye_team
9K Followers 508 Following A cyberspace search engine built for security researcher Daily Tricks || Latest Vulnerability Updates Email: [email protected] https://t.co/AUq5jNpKkl
Kill Switch @KillSwitchX7
2K Followers 3K Following Red Teamer and Threat Hunter | EDR Evasion | MalDev | ExpDev
TomaszKozlowski @KozlowskiTomasz
369 Followers 2K Following profile pic done by Steve Austin(Judge Dredd) for me as a gift Cyber Security Analyst, AI/Blockchain. HTB Academy: https://t.co/JkOGYxoN6s
0xW43L @GhnimiWael
682 Followers 4K Following CTI Researcher | SRT Member @synack | X-Red-Teamer | X-Blue-Teamer | Bug Bounty Hunter | OSEP | eWAPTx | arcX ... Hunt threats, secure systems, learn always.
Nextron Research ⚡�... @nextronresearch
2K Followers 10 Following Nextron Systems Threat Research Team research (att) https://t.co/QTt2X62dXP
I am Jakoby @I_Am_Jakoby
21K Followers 1K Following Powershell Hacker LOLbin specialist Sniper, skydiver wannabe super spy
Costin Raiu @craiu
39K Followers 7K Following Cybersecurity researcher focused on threat intel & APTs. Breaking down attacks, hunting threats, and crafting YARA rules. 🛡️💻 #ThreatIntel #CTI #Crypto #YARA
U.S. Secret Service @SecretService
1.5M Followers 84 Following The Secret Service is mandated by Congress to carry out an integrated mission of protection and criminal investigations.
Fletcher Davis @gymR4T
878 Followers 822 Following Director of Research @BeyondTrust | Former Red Team @CrowdStrike @Mandiant
Sekoia.io @sekoia_io
4K Followers 147 Following A #SOCplatform boosted by #AI and #threatintelligence, combining #SIEM, #SOAR, #Automation in a single solution. Used by End-users, MSSP and APIs
Proofpoint @proofpoint
31K Followers 2K Following Protect people. Defend data. Mitigate human risk. Follow @threatinsight for updates on the threat landscape.
Halcyon @Halcyon
6K Followers 132 Following Halcyon is a data platform that uses AI to make it easy to find and analyze energy information⚡️
simon simonsen @ssimonsen0202
338 Followers 2K Following Without (log)data you’re just another person with an opinion. 4688+cmdLine, or it Did’nt happen. The IT Security guy @meethumio tweets are mine
Mikhail Kasimov @500mk500
5K Followers 596 Following Malicious traffic detection system: @maltrail; Maltrail Demo Page: https://t.co/eimXdZvjWo; Maltrail FAQ: https://t.co/Kne9lewPHT
SV1 @0xSV1
601 Followers 301 Following Detection engineer. 5H3LL member. Voice on @5H3LLCAST @ https://t.co/9aY9dEsKAv.
Benjamin Funke @bjnfne
22 Followers 137 Following Reverse Engineering Working on Detect It Easy / DEV7 / Boozook Ghidra/IDA My GitHub: https://t.co/a0B6lGI8Og
Shreyas Parikh @_rigv
120 Followers 249 Following DFIR | Hunting | BlueTeam | Trying to be a decent human being | Mostly tweeting when feeling okay-ish 💜 | All thoughts and opinions expressed here are my own.
Daniel López @0xDanielLopez
2K Followers 466 Following Cyber Threat Researcher | @CuratedIntel member
Blue Team Village @BlueTeamVillage
17K Followers 155 Following Defensive side of the hacking mirror 🛡 Thanks Blue Sponsor @Graylog2! https://t.co/p5ax1RhuPS & Mastodon: https://t.co/464Coi7X18
Clint Gibler @clintgibler
22K Followers 563 Following 🗡️ Head of Security Research @semgrep 📚 Creator of https://t.co/xwtIAI0CuJ newsletter
Black Hills Informati... @BHinfoSecurity
48K Followers 2K Following Specializing in pen testing, red teaming, and Active SOC. We share our knowledge through blogs, webcasts, open-source tools, and Backdoors & Breaches game.
Cyber News Live @cybernewslive
1K Followers 86 Following Welcome to Cyber News Live where our goal is to create a community and bring public awareness to the cyber industry. #cnl #cybernewslive #cyber #cybersecurity
CTIN @CTIN_Global
2K Followers 5K Following Aggregating CTIN sources with real-time posts on threats | #OSINT #Analytics #ThreatIntel #CyberSecurity - #Human - See also: https://t.co/VsAQaHsUBS
John Hultquist @JohnHultquist
29K Followers 1K Following Chief Analyst, Google Threat Intelligence Group. @CYBERWARCON and @SLEUTHCON founder. Johns Hopkins professor. Army vet.
TrustedSec @TrustedSec
77K Followers 765 Following End-to-end Cybersecurity consulting team leading the industry, supporting organizations, and giving back. #Hacktheplanet Blogs, news, webinars, and tools!
Gray Hats @the_yellow_fall
9K Followers 379 Following Welcome to the Daily Cybersecurity site, your trusted source for cybersecurity news and insights since 2017!
FBI Director Kash Pat... @FBIDirectorKash
1.7M Followers 168 Following Director of the Federal Bureau of Investigation, #9
Barry Anderson @z3ndrag0n
1K Followers 5K Following Husband, Dad, Security Architect. Strong believer in automating things to empower/augment people. SOAR through an Empty Realm - Tao Te Ching. My views. (he/him)
Arda Büyükkaya @WhichbufferArda
5K Followers 1K Following Cyber Threat Intelligence Analyst @EclecticIQ | Threat Hunter | Malware Analyst |. (All opinions expressed here are mine only). 🇹🇷🇳🇱
Alex Fields @vanvfields
1K Followers 860 Following I am a real, actual human being with family, friends, co-workers and acquaintances. Really. Author of https://t.co/wQ2t2hSD1r. Founder of SquareOne Peer Group.
1aN0rmus @TekDefense
4K Followers 1K Following CTO at @permisosecurity Alum: @Mandiant, https://t.co/kqlvYwe86k, USMC
enleak @0xEnleak
863 Followers 708 Following Incident Responder | stares at monitors (yes plural) for a living | CDSA + PNPT + SC200 + CDCP + PSAA + BTL1 | eu gosto #dfir, I’m just trying to learn fr
MSSP Alert @msspalert
3K Followers 188 Following Covering managed security services providers (MSSPs), managed detection & response (MDR) & cybersecurity news. From CyberRisk Alliance.
Bex @4n6Bexaminer
1K Followers 785 Following Digital Forensics | Incident Response | Threat Hunting | @CuratedIntel Member. Thoughts are my own.
Chris Duggan @TLP_R3D
7K Followers 3K Following Head of Threat Informed Defence for a FSTE 100 | Malware Geek | Curated Intel Member | Threat Intelligence Expert Extraordinaire
ANY.RUN @anyrun_app
30K Followers 192 Following Empowering businesses with proactive security solutions: Interactive Sandbox, TI Lookup and Feeds. Sign up for free: https://t.co/8hIX0Qh5ME
Jon Gallant @jongallant
4K Followers 2K Following Azure DevEx Architect. Created Azure Developer CLI (https://t.co/cICbRvRDq0) and Azure MCP Server (https://t.co/P9TVoolfnB) @microsoft / @azure
es3n1n @es3n1n
3K Followers 490 Following (wanna-be) developer, (wanna-be) reverse engineer, occasionally a (wanna-be) ctf player
Trend Zero Day Initia... @thezdi
83K Followers 16 Following Trend Zero Day Initiative™ (ZDI) is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
Felix Jr. @Nulloop
596 Followers 1K Following Sec ops tool-building wizard, thrives on detections and keyboard clacking. + https://t.co/ySAP1WumPB + https://t.co/zVbLmZIE0i
Cyber Security News @The_Cyber_News
21K Followers 259 Following Independent Cyber Security News Platform For Security Professionals to Get the Latest #HackingNews, #CyberCrime, #SecurityBreaches, #Malware & Others...
Jan Geisbauer @JanGeisbauer
2K Followers 650 Following Trying to find a path in the fog. Head of Security @glueckanja & Microsoft Security MVP.
SpiderLabs @SpiderLabs
27K Followers 372 Following The elite security team at @Trustwave. Response & Investigations. Analysis & Testing. Research & Development. Follow for info on the latest #infosec threats.Trends for United States
You might like
