John @BitsOfBinary
#threatintel @PwC_UK. Reverse engineering, threat intelligence, YARA. Amateur jazz pianist. All tweets are my own. He/him. github.com/BitsOfBinary Joined October 2017-
Tweets605
-
Followers2K
-
Following398
-
Likes2K
Amazing work as always @nao_sec ! For folks hunting for this stuff, I've got some YARA rules + these IoCs published here from my @labscon_io talk on IIS malware: github.com/PwCUK-CTO/labs… In particular, the "Malware_IIS_reGeorg_Unique_Strings" rule will be of use for this stuff!
Amazing work as always @nao_sec ! For folks hunting for this stuff, I've got some YARA rules + these IoCs published here from my @labscon_io talk on IIS malware: github.com/PwCUK-CTO/labs… In particular, the "Malware_IIS_reGeorg_Unique_Strings" rule will be of use for this stuff!
High signal phishing cluster IoCs released - github.com/ext-jack/threa…
I did some new research. Enjoy! Detecting a business email compromise (BEC) threat actor - threatintelligence.substack.com/p/detecting-a-…
Following recent reporting by The Citizen Lab and AccessNow on #COLDWASTREL (which we track as White Dev 185), we've put out a blog detailing some further infrastructure of the threat actor, and historic connections to other threat actors: pwc.com/gx/en/issues/c…
Nice research from Check Point. I've blogged about the SessionsIIS backdoor last year, which they mention in their research: pwc.com/gx/en/issues/c… Timely research as well, as I'll also be mentioning these backdoors at @labscon_io next week.
Nice research from Check Point. I've blogged about the SessionsIIS backdoor last year, which they mention in their research: pwc.com/gx/en/issues/c… Timely research as well, as I'll also be mentioning these backdoors at @labscon_io next week.
I'm very excited to be speaking at @labscon_io about IIS malware! The whole agenda looks incredible, so I'm honoured to be able to present, and looking forward to seeing everyone who will be attending 😁
I'm very excited to be speaking at @labscon_io about IIS malware! The whole agenda looks incredible, so I'm honoured to be able to present, and looking forward to seeing everyone who will be attending 😁 https://t.co/l4kwxIE93R
For anyone using Binary Ninja and wanting to use Mandiant's ShellcodeHashes IDA plugin-I ported a basic version of the IDA plugin to Binary Ninja: github.com/PwCUK-CTO/Bina… Known limitations - No GUI, no support for searching memory constants - but it works well for most use cases
Analyzing data leaks is a very interesting Intel challenge, especially when you’re dealing with a foreign language 🤓 The I-SOON leak, which contains mostly PNG files of screenshots of documents, is a good example 🔎 Last night, I created a Notebook to automatically process and…
Invaluable advice right here. The more YARA rules I write, the more I prefer having shorter, less complex ones. That doesn't mean you can't have a complicated condition or set of strings, but imo it's a good idea to have one "idea" per rule, where possible
Invaluable advice right here. The more YARA rules I write, the more I prefer having shorter, less complex ones. That doesn't mean you can't have a complicated condition or set of strings, but imo it's a good idea to have one "idea" per rule, where possible
I've consolidated all my #100DaysofYARA posts from 2023 into one blog post. I've also included the rough breakdown of the posts in case you want to jump to specific sections. bitsofbinary.github.io/yara/2023/01/0… (hopefully all the old links should still work 🤞)
I'm looking forward to seeing what people do for #100DaysofYARA! I'm not planning to do much for it this year - remember that it's good to take a break from infosec stuff at times 👍 But if you're new to YARA, or want to learn new stuff, it's a good chance to give it a go!
🚨 Job alert 🚨 A few open roles on the PwC #threatintel team for folks who love tracking APT actors, crime delivery botnets, building analysis tools and UI interfaces. Technical intel analyst (more in thread 👇): ninjajobs.org/job/66476970cb…
Bit off topic for me, but for my threat intel friends, you might enjoy this game! Lots of deductions needed to try and figure out who everyone is - one of my favourite puzzle games!
Bit off topic for me, but for my threat intel friends, you might enjoy this game! Lots of deductions needed to try and figure out who everyone is - one of my favourite puzzle games!
Florian Roth ⚡️ @cyb3rops
207K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Thomas Roccia 🤘 @fr0gger_
32K Followers 2K Following AI Security x Threat Intel · Sr. Threat Researcher @Microsoft · Creator of #Unprotect & #NOVA · Malware Warlock · Python 🧡 · Prev @McAfee_Labs · Views mine 😈
💻 Sherrod DeGrippo... @sherrod_im
36K Followers 7K Following Weird security voyeur. Vibe merchant. CISO of your 🩷 Official USPS fan account. 🎉 Host of THE Microsoft Threat Intelligence Podcast. I like crime actors.
Will @BushidoToken
36K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
Stephan Berger @malmoeb
28K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Andrew Thompson @ImposeCost
39K Followers 1K Following Head of Research and Discovery (RAD) @Google Threat Intelligence Group via @Mandiant acquisition. Posts are attributable to me—not my employer. Former @USMC.
Andrew Northern 𓅓 @ex_raritas
5K Followers 1K Following 🔮 Principal Researcher at Censys 🔮 | formerly Proofpoint | Knowledge Piñata 🪅 | Attack Chain Connoisseur | Epicurean
Steve YARA Synapse Mi... @stvemillertime
17K Followers 1K Following threat intelligence @google writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
John Hultquist @JohnHultquist
29K Followers 1K Following Chief Analyst, Google Threat Intelligence Group. @CYBERWARCON and @SLEUTHCON founder. Johns Hopkins professor. Army vet.
Josh Stroschein | The... @jstrosch
12K Followers 1K Following Reverse engineer at FLARE/@Google | @pluralsight author | 😱 1M+ views on YT | 🎙️ Host of Behind the Binary podcast 👇
Jazi @h2jazi
8K Followers 529 Following Threat Intel researcher! Technical tweets only; not reflective of employer's views. No endorsement of political groups/entities.
Kris McConkey @smoothimpact
5K Followers 837 Following #threatintel and #dfir lead @ PwC. Blue team forever. Christian, husband, dad, coffee addict, bad photographer, awful cyclist. Tweets my own, not PwC's.
Seongsu Park @unpacker
12K Followers 1K Following Zscaler APT Research | Formerly Kaspersky GREAT | Threat Intelligence Hustler | Tweets are my own | Keybase: @seongsupark | Mastodon: @[email protected]
Tyler McLellan @tylabs
3K Followers 587 Following Intrusion aficionado. @Google/@Mandiant Advanced Practices
Félix Aimé @felixaime
6K Followers 2K Following Threat Intel. stakhanovite ⛏️ and proud dad. Former @Kaspersky & @CERT_FR. Principal CTI researcher at @sekoia_io, focused on state-sponsored / hybrid stuff.
Silas Cutler (p1nk) @silascutler
13K Followers 2K Following You may know me from your logs Research @Censys Advisor #DEVSEC Built @Only_Scans, @mal_share, #KeyDrop
Clandestine @akaclandestine
50K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
Matthew @embee_research
14K Followers 2K Following Security Researcher, Creating and Sharing Educational Content.
Rahul R @0x_Deed_Beef
0 Followers 496 Following
Justin @BitDissonance
0 Followers 148 Following
C:\hristian Mehlmauer @firefart
3K Followers 3K Following I hacked the planet - opinions are my own - Mastodon: https://t.co/FTAelGh7DO
Bob Plankers @plankers
5K Followers 1K Following Security, resilience, common sense. Builds things. Grows things. Writes things. Gives talks about all that. “Funny.” (looking, I assume, they didn’t elaborate)
cyberresponder @Malwarenailed
267 Followers 3K Following tweets and opinions are my own. dfir/threat hunting/malware research
Pratyush P @pratyushp99
0 Followers 346 Following A chubby and bubbly ENFP | Your next door Cyber Guy | Pursues Cyber security for brain and literature for heart | A human golden retriever
Ranjeet Mewada @ranjeetmewada
220 Followers 1K Following Information Security Consultant #OSCP #RedTeam #CRTE
eversinc33 🤍🔪�... @eversinc33
6K Followers 1K Following computers be computin | https://t.co/Eiur8iOJQ4
Norbert @NB1r0
63 Followers 3K Following
Ethan Aviel Leon @EthanAvielleon
6 Followers 469 Following 🛡️ Freelance Pentester & Security Consultant | 🔍 Bug Bounty Hunter | 🏅 HOF: Netflix, Mastercard, United Nation, OLX, Under Armour | 🎥 YouTuber |✍️ Blogger |
0xW43L @GhnimiWael
681 Followers 4K Following CTI Researcher | SRT Member @synack | X-Red-Teamer | X-Blue-Teamer | Bug Bounty Hunter | OSEP | eWAPTx | arcX ... Hunt threats, secure systems, learn always.
Furkan Öztürk @furk4n0zturk
1K Followers 655 Following Cyber Threat Intelligence Analyst | Co-Founder @CTIAcademy | Cyber Security
Sebastian Stephens @USASebastianT
7 Followers 107 Following
tonghuaroot @tonghuaroot
455 Followers 3K Following Staff Security Engineer. Cyber Security enthusiast, not Hacker. Focus on Application Security, Penetration testing. #OSCP #OSEP #RedTeam #AppSec #WebSec
clibm079 @clibm079
162 Followers 655 Following 🧬 Independent Malware Analyst & Researcher ✍️ Notes (Philosophy & Poetry) — The Path of Clarity & Poems of Malware Analysis
2n11 @2n11nd
1 Followers 224 Following
Dan @arat_irigat
2 Followers 82 Following
raven @raven04969
8 Followers 96 Following
MSE @DigitalMistica
351 Followers 4K Following 🌐 I made this account to warn others and share my experience with a potential Trojan that auto-downloaded from the TikTok Seller website. 🆘
ODNT @s3clearn
4 Followers 283 Following
Heather Wang @n0tqm
1 Followers 106 Following
Rohit (@[email protected]... @s4dr0t1
176 Followers 2K Following security engineer | metalhead | otaku | perpetually curious | resident @CRED_club
801d1Y0pp05!73 @801d1y0pp087498
0 Followers 53 Following
Sleeper Hub @SleeperHub
4 Followers 223 Following
MERCA404 @Merca404
5 Followers 217 Following
Aron Lee @AronLee00
2 Followers 91 Following
CyberMB @CyberSecMB
1 Followers 67 Following
Darren Webb ☠🕷 @spyd3r
1K Followers 7K Following Computational demonologist. The following tweets are classified SECRET GOLD JULY BOOJUM. 101 824 5150
kimbo4 @Be4orn
111 Followers 4K Following
Ian Cook @cioaonk
608 Followers 2K Following aka ohCoz Ohio Native, Cyber Research & general internet shenanigans
gray man @Man2Gray
2 Followers 315 Following
ghvzvh @ghvzvh9998
0 Followers 55 Following
rip @bigmetalpiston
27 Followers 3K Following DFIR, Malware analysis & AI red teaming, what more could you ask for?
annumeena @annumeena19
85 Followers 6K Following
vx-underground @vxunderground
377K Followers 295 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Florian Roth ⚡️ @cyb3rops
207K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
blackorbird @blackorbird
36K Followers 672 Following Peace and Love. Just Analysis/Hunter. #APT #threatIntelligence #Exploit #CTI Need Job
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
ESET Research @ESETresearch
35K Followers 30 Following Security research and breaking news straight from ESET Research Labs.
Thomas Roccia 🤘 @fr0gger_
32K Followers 2K Following AI Security x Threat Intel · Sr. Threat Researcher @Microsoft · Creator of #Unprotect & #NOVA · Malware Warlock · Python 🧡 · Prev @McAfee_Labs · Views mine 😈
ςεяβεяμs - м�... @c3rb3ru5d3d53c
25K Followers 243 Following 💕 Malware Hunter Killer 💕 #binlex & #mwcfg Developer 📽️ YouTuber 👩💻 She/Her 💍@DravenSwiftbow Support my work 👇 ☕️ https://t.co/NoM1TXq00P
💻 Sherrod DeGrippo... @sherrod_im
36K Followers 7K Following Weird security voyeur. Vibe merchant. CISO of your 🩷 Official USPS fan account. 🎉 Host of THE Microsoft Threat Intelligence Podcast. I like crime actors.
Will @BushidoToken
36K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
Unit 42 @Unit42_Intel
64K Followers 82 Following The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
Stephan Berger @malmoeb
28K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Andrew Thompson @ImposeCost
39K Followers 1K Following Head of Research and Discovery (RAD) @Google Threat Intelligence Group via @Mandiant acquisition. Posts are attributable to me—not my employer. Former @USMC.
Andrew Northern 𓅓 @ex_raritas
5K Followers 1K Following 🔮 Principal Researcher at Censys 🔮 | formerly Proofpoint | Knowledge Piñata 🪅 | Attack Chain Connoisseur | Epicurean
Ivan Kwiatkowski @JusticeRage
11K Followers 75 Following Security @Meta. Maintainer of Manalyze, Gepetto, and writer. Trolling on a purely personal capacity.
Steve YARA Synapse Mi... @stvemillertime
17K Followers 1K Following threat intelligence @google writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
Jiří Vinopal @vinopaljiri
10K Followers 469 Following Threat Researcher at Check Point @_CPResearch_ #DFIR #Reversing - All opinions expressed here are mine only. https://t.co/iWvwWF1AnN
John Hultquist @JohnHultquist
29K Followers 1K Following Chief Analyst, Google Threat Intelligence Group. @CYBERWARCON and @SLEUTHCON founder. Johns Hopkins professor. Army vet.
Josh Stroschein | The... @jstrosch
12K Followers 1K Following Reverse engineer at FLARE/@Google | @pluralsight author | 😱 1M+ views on YT | 🎙️ Host of Behind the Binary podcast 👇
Mohamed Ashraf @X__Junior
1K Followers 479 Following Detection @nextronsystems, Challenges Developer @CTFCreators, CTF Player @F1R3F411. Interested in #RE #Malware #Cryptography #WindowsInternals #DFIR.
Steve Stone @stonepwn3000
1K Followers 455 Following @sentinelone | Fmr. @Mandiant, @IBM, @rubrik, USG | TV/VCR repair, views are my own. Also [email protected]/stonepwn3000.bsky
Nextron Research ⚡�... @nextronresearch
2K Followers 10 Following Nextron Systems Threat Research Team research (att) https://t.co/QTt2X62dXP
Chris Duggan @TLP_R3D
7K Followers 3K Following Head of Threat Informed Defence for a FSTE 100 | Malware Geek | Curated Intel Member | Threat Intelligence Expert Extraordinaire
Adel Ka @0x4D31
4K Followers 2K Following security engineer @OpenAI | ex-google. views are my own, not my employer's!
Marc-Etienne M.Lévei... @marc_etienne_
3K Followers 666 Following Security stuff @Google (Previously @ESETresearch). Montréal security: @NorthSec_io // @MontreHack. Father of two. VE2XME https://t.co/ahEQ1MJEaF
Martin Wendiggensen @Dr_Machinavelli
308 Followers 409 Following PhD candidate @alperovitch; MAIR @SAISHopkins ; trying my luck with Statecraft AI (https://t.co/rEzb3PuGaN); formerly @MZESUniMannheim & @NATO
__mat__ @matthieu_faou
2K Followers 387 Following Malware researcher at @ESETResearch @[email protected]
English, Ryan, 1ea @EnglishRyno
366 Followers 399 Following Security researcher at Lumen’s Black Lotus Labs. tweets/opinions are my own
Alex Delamotte @spiderspiders_
1K Followers 1K Following Threat Researcher @ SentinelLabs. Unabashed Futurist. Probably a Shiny Pokémon in human-like form. Opinions are mine.
Michael 🆘 @matonis
1K Followers 1K Following Statements, initiatives are my mine alone. Organizer of State of Statecraft (SOS) - @what_is_sos October 28, 2025 in Brussels Belgium
Dakota Cary @DakotaInDC
3K Followers 1K Following China-Focused Consultant @sentinelone | Nonresident Fellow @ACGlobalChina | Adjunct @Georgetown | Unprofessional Cook | ❤️💜💙
Austin Larsen @AustinLarsen_
1K Followers 1K Following Principal Analyst @Google Threat Intelligence Group
Sophos X-Ops @SophosXOps
73K Followers 323 Following A task force composed of our SophosLabs, SecOps, and SophosAI teams working together towards one goal: protecting our customers.
Jen Miller Osborn @jadefh
2K Followers 2K Following Head of Intelligence R&D at NetWitness. Co-founder of Unit 42 - Palo Alto Networks and NCIJTF, co-creator of ATT&CK, USAF vet. She/Her.
John Scott-Railton @jsrailton
162K Followers 2K Following Chasing digital badness. Sr. Researcher @citizenlab @UofT @munkschool. Fmr.Ed. @SecPlanner. Tweets mine. Other platforms @jsrailton too.
Validin @ValidinLLC
2K Followers 409 Following Validin is a next generation internet intelligence platform.
Sohan @SohanLokula
28 Followers 267 Following
Zscaler ThreatLabz @Threatlabz
7K Followers 46 Following Threat intelligence and security research from @zscaler
Mikhail Kasimov @500mk500
5K Followers 596 Following Malicious traffic detection system: @maltrail; Maltrail Demo Page: https://t.co/eimXdZvjWo; Maltrail FAQ: https://t.co/Kne9lewPHT
Alexander Leslie @aejleslie
4K Followers 479 Following Cybercrime & Hacktivism @RecordedFuture | @Georgetown, @AmericanU Alum. | @CuratedIntel Member | #ChiefsKingdom | Same handle on the other sites.
LABScon 2025 @labscon_io
2K Followers 979 Following Agenda: https://t.co/iP4vNvCl9I Speakers: https://t.co/kLR0P3APZt Code of conduct: https://t.co/PcVjNbORRm
Casey Knerr @casey_knerr
459 Followers 7 Following
Is Now on VT! @Now_on_VT
4K Followers 800 Following Stay ahead of cyber threats. Get real-time alerts on notable APT/FIN/ORB indicators from VirusTotal. A threat intel project by @craiu.
Charles Price @linuxisp
338 Followers 446 Following Threat Analyst @ Microsoft Threat Intelligence Center #MSTIC | previously UK Gov and Zycomm/W3Z | IPv6 nerd | Ham M0DMF | Views my own.
Pantelis @PantelisStoufis
869 Followers 348 Following Infosec @Apple | PGP: 0x62B08390 | Opinions are my own, unless retweeted
Arda Büyükkaya @WhichbufferArda
5K Followers 1K Following Cyber Threat Intelligence Analyst @EclecticIQ | Threat Hunter | Malware Analyst |. (All opinions expressed here are mine only). 🇳🇱
Steven Adair @stevenadair
3K Followers 412 Following President @Volexity | Malware Analyst's Cookbook | https://t.co/K1nPkanWYC
Mitch Clarke @snozberries_au
370 Followers 303 Following Mandiant incident response lead, United Kingdom and Ireland
Dodo on Security 🇵... @dodo_sec
2K Followers 1K Following Brazilian Security Analyst | Malware Analysis | Responsible for the Slowest Algo in HashDB | Can barely reverse Hello World | PTC
Crocodyli @crocodylii
2K Followers 1K Following
JP Denis @jipidini
29 Followers 292 Following
Tom Hegel @TomHegel
7K Followers 771 Following Threat Research Lead @SentinelOne, Advisor with @ValidinLLC
Brendan Chamberlain @infosecb
999 Followers 678 Following Threat Detection Engineer | detection & response | automation | macOS security | awesome-detection-engineering, LOOBins, Rulehound
neeraj @knight0x07
1K Followers 820 Following Security Researcher @SentinelOne | Malware Loving Homo Sapien | I do xchg eax,eax | Tweets are my own
InfoSecProf @_John_Doyle
2K Followers 940 Following Cyber threat intelligence | Mandiant | SANS FOR578 instructor | Member of @curatedintelligence | Arcane Trickster | Ex-CIA | Posts represent my personal views
Aaron Stephens @x04steve
3K Followers 523 Following
Marc R @Seifreed
17K Followers 3K Following 🌍 Geopolitics & Cyber Intel | 🧠 Reverse Engineering Pro | 🔎 Geostrategy Analyst | 💻 Combatting Cybercrime & APT | 🚀 All tweets are my own!Trends for United States
You might like
