Didier Stevens @DidierStevens
5-to-9 security researcher, Microsoft MVP, ISC Handler. Mostly IT security. & programming. & (hardware) hacking. & maldocs PDF/DOC. Avatar: https://t.co/AtaPkdT5g3 DidierStevens.com Belgium Joined October 2008-
Tweets13K
-
Followers35K
-
Following5K
-
Likes1K
New blog post! Title: Covert TLS n-day backdoors: SparkCockpit & SparkTar | by NVISO Incident Response Link: wp.me/p84lDr-4w7 #Forensics #ReverseEngineering #CVE #Ivanti #PulseSecure
IPv4-mapped IPv6 Address Used For Obfuscation i5c.us/d30466
Just a reminder that the Off By One Security stream with @DidierStevens is TOMORROW & not FRIDAY this week. 11AM PT. "Cobalt Strike from a Blue Team Perspective." youtube.com/watch?v=ZtenI_… I'm a bit worried that Didier is going to show us how far from ninjas we really are!
Just a reminder that the Off By One Security stream with @DidierStevens is TOMORROW & not FRIDAY this week. 11AM PT. "Cobalt Strike from a Blue Team Perspective." youtube.com/watch?v=ZtenI_… I'm a bit worried that Didier is going to show us how far from ninjas we really are!
Off By One Security streams are back! Join me Thursday, the 7-DEC at 11AM PST with the amazing @DidierStevens, who will give us awesome insight (and likely some new tools) on Cobalt Strike from a Blue Team Perspective! AKA: Improve your red team chops! youtube.com/watch?v=ZtenI_…
Wireshark 4.2 released: wireshark.org/docs/relnotes/…
New blog post! Title: XOR Known-Plaintext Attacks | by @DidierStevens Link: wp.me/p84lDr-4eA #BlueTeam #KPA #cryptanalysis
New blog post "Quickpost: PDF/ActiveMime Maldocs YARA Rule" blog.didierstevens.com/2023/08/29/qui…
New blog post "Quickpost: Analysis of PDF/ActiveMime Polyglot Maldocs" blog.didierstevens.com/2023/08/29/qui…
Brute-Force ZIP Password Cracking with zipdump.py i5c.us/d29948
Deobfuscating a VBS Script With Custom Encoding i5c.us/d29940
YARA 4.3.2 release bugfix github.com/VirusTotal/yar…
YARA 4.3.0 released: github.com/VirusTotal/yar…
Whilst #microsoft is about to fix the #OneNote emedded file feature, I took a look at how #threatactors can abuse embedded URLs to deliver their malicious content/#malware. Check it out! wp.me/p84lDr-3LR #threathunting
@sans_isc And some #YARA rules to detect #aCropalypse PNG images 👉🏽 github.com/0xThiebaut/Sig…
2 weeks ago I flew to Lapland with all my @NVISOsecurity colleagues for our annual offsite, this time to be held in Sweden. I measured radiation at cruising altitude in our Smurf airplane. :-)
My #nviso peeps :-) #offsite #lapland @NVISOsecurity
YARA: Detect The Unexpected ... i5c.us/d29598
Amazing post by @DidierStevens. If you’re new to creating YARA rules, this is a perfect example of how versatile they are to scan for suspicious files!
Amazing post by @DidierStevens. If you’re new to creating YARA rules, this is a perfect example of how versatile they are to scan for suspicious files!
oledump & MSI Files i5c.us/d29584
New blog post! 📝 Title: OneNote Embedded file abuse | by @DhaeyerWolf Link: wp.me/p84lDr-3G8 #OneNote #Maldoc #Malware #Phishing #ThreatHunting
Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsAli Hadi | B!n@ry @binaryz0ne
29K Followers 569 Following DFIR and Adversary Simulation | DFIR @ ProtonMail | Perfect Stranger | Stronger Together |Grzegorz Tworek @0gtweet
29K Followers 1K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-Alexandre Borges @ale_sp_brazil
23K Followers 111 Following Vulnerability Researcher and Exploit DeveloperThomas Roccia 🤘 @fr0gger_
25K Followers 2K Following Sr. Threat Researcher @Microsoft, Malware Warlock, Threat Intel, Python🧡- Former @McAfee_labs, Goon @Defcon, Creator of #UnprotectProject - Tweets are my ownChris Sanders 🔎 �.. @chrissanders88
32K Followers 505 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSMAndrew Thompson @ImposeCost
34K Followers 1K Following Head of Research and Discovery @Mandiant/@GoogleCloud. Understanding and countering adversaries. Posts attributable to me—not my employer.hasherezade @hasherezade
84K Followers 842 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)Katie Nickels @likethecoins
54K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]ςεяβεяμs - м�.. @c3rb3ru5d3d53c
20K Followers 235 Following 💕 Malware Hunter Killer 💕 #binlex & #mwcfg Developer 📽️ YouTuber 👩💻 She/Her 💍@DravenSwiftbow Support my work 👇 ☕️ https://t.co/SfTI8uJa23Will Dormann @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. @[email protected]Michael Koczwara @MichalKoczwara
18K Followers 2K Following Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/vixTz8xKuF https://t.co/VQWaze6gaFSamir @SBousseaden
24K Followers 1K Following Detection Engineering | Elastic Security Mastodon: @[email protected]rootsecdev @rootsecdev
23K Followers 1K Following Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.Karsten Hahn @struppigel
22K Followers 703 Following Malware Researcher at G DATA. Ransomware hunter. he/him 🦔🌈🏳️⚧️Mike Felch (Stay Read.. @ustayready
15K Followers 2K Following Pentester / Red Team | Hacking since Renegade BBS backdoors | Dev since vb3 | Content since '99-'03 ezines | Prior CrowdStrike / BHIS | In Christ's gripWill @BushidoToken
29K Followers 3K Following Threat Intel & Hunting @Equinix | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | @darknetdiaries #126: REvilBlueSkjaldborg @BlueSkjaldborg
81 Followers 567 Following Tales for the Skjaldes ⚠️ From high level to low level and back. Everything regarding #blueteam. 🆙️XAIMeme @N0Raitor
1 Followers 43 Followingtsr @tsr1654079
3 Followers 120 FollowingHouse of INT3 @houseofint3
18 Followers 199 FollowingNika @Nika1372104
8 Followers 316 FollowingInfrason1c @infrason1c
1 Followers 74 FollowingRey Marquez Jr. @CyberVanTil
21 Followers 135 FollowingM3nj3 @M3nj3130311
6 Followers 213 FollowingJonatan G. @jo_gwadloup
49 Followers 477 FollowingTeflon Jon (TJ) @Teflon_Jon2021
812 Followers 4K Following Cannabis Consultant by Day and Computer and Mobile Phone Hacker by Night...threatntl @threatntl
42 Followers 242 FollowingSwastik Thorat @swastikthorat45
100 Followers 1K Followinglllnx0724 @lllnx0724
10 Followers 200 FollowingRareHills 🏔️⛰�.. @RAREHILLZ
2K Followers 5K Following 🏔@Rarehills 🚫 Just a Brand We Ä Defi Lyfestyle! •#WEB3 Ärtist Ädvocate •@Solana #NFT Änalyst's 🔝Tier 💎DMNDHÄNZIN -Merch: Get Ur🔻HÄNDZ ÖN @HÄNZÖNDiego L. @diegojtk
2 Followers 60 Followingprakeerthpokuru @prakeerth
108 Followers 852 Following0x3e7 @s0x3e7
1 Followers 102 Followingresonance-assisted @OfPassage
10 Followers 102 Followingeveryall @Everyall0101
5 Followers 150 FollowingChaos_Support @Cha_os_Sup_port
9 Followers 48 FollowingsleepinGiant @mustfatayyar
225 Followers 338 FollowingJust Plain Chris @darthbogey
20 Followers 620 Following Retired US Air Force; very avid golfer; total bookworm; history buff; #Python and #Linux user; huge fan of NY Mets, SC Gamecocks, Star Wars.0xasdf @_0xasdf
0 Followers 133 FollowingPablo @PabloJFR
60 Followers 312 Following - Intento siempre aprender el lenguaje de las máquinas, a veces me hablan y me dicen que están bajo ataque. Cosas mías.Shump @ShumpCity
29 Followers 149 FollowingProcessGeek @processgeek
2K Followers 3K FollowingMV @iwant2learndfir
0 Followers 133 Followinghighjack @hiighjack
37 Followers 409 Following 決して降伏しない I like to hack websites, mobile apps, compiled apps and computers. #OSCP / #OSCE / #OSWE / #BSCP #CRTO in progress...FatzQatz @FatzQatz
17 Followers 36 Following As a hobbyist in malware analysis, I enjoy uncovering cyber threats for fun.justhereforknowledge @hereforknow902
0 Followers 61 FollowingI//uS!0nS @c03rci0n
86 Followers 796 FollowingXrg375 @ASettingPlace
0 Followers 256 Followingrobinson @rsecke
35 Followers 524 Following cyber consultant @FTICyber / interned @anduriltech, @WillkieFarrhamsterruby @hamsterrubyy
0 Followers 478 FollowingSemperFortis999 @SemperFortis999
230 Followers 700 FollowingThirdpartyMichelle @ThirdpartyM
0 Followers 83 Followingemre @emre33656424
1 Followers 20 FollowingFlorian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsAli Hadi | B!n@ry @binaryz0ne
29K Followers 569 Following DFIR and Adversary Simulation | DFIR @ ProtonMail | Perfect Stranger | Stronger Together |Grzegorz Tworek @0gtweet
29K Followers 1K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-Alexandre Borges @ale_sp_brazil
23K Followers 111 Following Vulnerability Researcher and Exploit DeveloperThomas Roccia 🤘 @fr0gger_
25K Followers 2K Following Sr. Threat Researcher @Microsoft, Malware Warlock, Threat Intel, Python🧡- Former @McAfee_labs, Goon @Defcon, Creator of #UnprotectProject - Tweets are my ownChris Sanders 🔎 �.. @chrissanders88
32K Followers 505 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSMAndrew Thompson @ImposeCost
34K Followers 1K Following Head of Research and Discovery @Mandiant/@GoogleCloud. Understanding and countering adversaries. Posts attributable to me—not my employer.hasherezade @hasherezade
84K Followers 842 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)Katie Nickels @likethecoins
54K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]Will Dormann @wdormann
26K Followers 1K Following I play with vulnerabilities and exploits. @[email protected]Samir @SBousseaden
24K Followers 1K Following Detection Engineering | Elastic Security Mastodon: @[email protected]Karsten Hahn @struppigel
22K Followers 703 Following Malware Researcher at G DATA. Ransomware hunter. he/him 🦔🌈🏳️⚧️Mike Felch (Stay Read.. @ustayready
15K Followers 2K Following Pentester / Red Team | Hacking since Renegade BBS backdoors | Dev since vb3 | Content since '99-'03 ezines | Prior CrowdStrike / BHIS | In Christ's gripVincent Yiu @vysecurity
27K Followers 202 Following Follow me for Cybersecurity #Thought #Leadership. Director Red Team. Help organizations safeguard their businesses from the bad guys.Adam @Hexacorn
24K Followers 1K Following Red Brain, Blue Fingers [email protected] https://t.co/Bm0C9KQDDY RIP TwitterVirus Bulletin @virusbtn
59K Followers 1K Following Security information portal, testing and certification body. Organisers of the annual Virus Bulletin conference. @[email protected]Jiří Vinopal @vinopaljiri
8K Followers 428 Following Threat Researcher at Check Point @_CPResearch_ #DFIR #Reversing - All opinions expressed here are mine only. https://t.co/iWvwWF1AnNStef 🎈 @Stef_van_Dop
1K Followers 1K Following KPN REDteam, hacker, etc. @[email protected] https://t.co/j2IXa5du3j… fuck elon musk.RussianPanda 🐼 �.. @RussianPanda9xx
8K Followers 351 Following Senior Threat Intelligence Researcher at @esthreat | Threat Hunter | Malware Addictneeraj @knight0x07
946 Followers 705 Following Security Researcher | Malware Loving Homo Sapien | I do xchg eax,eax | Tweets are my ownHari Charan @grep_security
561 Followers 143 Following threat research • threat Intelligence • cloud security• supply-chain security & random stuff | Director of security research @Loginsoft_Inc Opinions are my own~=ABK=~ @abionic
411 Followers 148 Following Yet Another Tech Pun-dit | #buildinpublic https://t.co/BPpBD0pAvU | https://t.co/z8kHTmDUaE | https://t.co/N01boNBIm3Aaron Kaplan (@aaronk.. @_aaron_kaplan_
808 Followers 2K Following All opinions are mine and not necessarily those of my employer. mastodon: @[email protected]𝘋𝘦𝘢𝘥𝘉�.. @DeadBroccoli
62 Followers 751 FollowingDFN-CERT | @dfncert@i.. @DFNCERT
2K Followers 35 Following THIS ACCOUNT IS NO LONGER ACTIVE! Serving the german NREN since 1993 RFC 2350 https://t.co/xPqFqKz0uy Imprint https://t.co/TEI3q3waTIUnlock Your Brain, Ha.. @UYBHYS
2K Followers 1K Following The Wild Wild #infosec Conference organisée par @AnDaolVras & @DIATEAM_labs 8e édition : les 8 & 9 novembre 2024 à #Brest ! #secnum #UYBHYSEuz | Matthieu 🐙 @_Euzebius
2K Followers 2K Following Gamer, hacker. Purple teamer at 💜. Infosec swiss army knife. Love pentest, threat hunting, IR. HTB 🇫🇷 ambassador : euz. I didn't choose InfoSec, it chose me.Jeroen Vandeleur @VdlJeroen
36 Followers 42 Following As a manager of Cloud Security team within NVISO I am responsible for the management of long and short term engagements within the "Cyber Resilience" service br[email protected].. @Xtemporality
206 Followers 314 Following Reverse Engineer && Digital Investigator; Opinions are my own.Chris Hammerschmidt @chrshmmmr
2K Followers 4K Following founder at https://t.co/9H2IIe52Qd · building ML for software ops and security · previously at @snt_uni_lu and @TUDelft · ally 🌍👩🔬🌈 · @[email protected]Michalis Michalos @Cyb3rMik3
3K Followers 2K Following SecOps, DFIR & CTI 🛡 | Microsoft Security, #KQL Threat Hunting 🏹 | Father 👭/Hasbund 👫/🍷&⌚️ enthousiast/Explorer ✈️ | Views my own.Alessandro Di Carlo @samaritan_o
2K Followers 1K Following Forensics & Product Manager at @Certego_IRT - @TheDFIRReport Analyst - 3x @SANSInstitute Lethal Forensicator - GCFA - GASFTony Lambert @ForensicITGuy
5K Followers 1K Following Recovering sysadmin that now chases adversaries instead of uptime. Sr Malware Analyst @redcanarythe (ow @TheDarkCow
109 Followers 283 Following The Dark Cow of Mystery and Lord Protector of your Knickers, or by day a sock puppet acknowledging alerts.Kamil Woźniak @kamil_m_wozniak
5 Followers 34 Following TMIET, Senior VP, Certified Professional Cloud Architect, focused on IT business development and cloudVïñ¢êñ† Ðêgr.. @VincentDegr1975
56 Followers 361 FollowingThomas Defise @ThomasDefise
72 Followers 202 Following Cyber Security Cowboy at @bankingcircle - Music enthusiast - Cyclist - Global economy. Opinions are my ownDieter Van Den Bosch @Threat_Exposure
99 Followers 166 Following Security Enthusiast Tweets about Attack Surface Management & critical vulnerabilities as they emerge https://t.co/0wMIkEjHj3 https://t.co/fBPlg40okK…al3x 🐈⬛ @cyb3rkitties
132 Followers 573 Following spreader of virtual kitties. 👾 malware reverse engineering, threat hunting, threat intelligence. climbing stuff sometimes 🧗♀️Daan Raman @ramandaan
53 Followers 205 FollowingDaniel Kelley @danielmakelley
40K Followers 557 Following Reformed Black Hat Computer Hacker • Contributed To 100+ Bug Bounty Programs⚡100K+ Audienceth3y @_th3y
2K Followers 2K Following Pentester | webapp security researcher | OSCP/OSWE | Personal account | opinions are mine 😶Digit Oktavianto @digitoktav
794 Followers 3K Following I'm Not Anti Social, I'm Just Not User FriendlyRenaud Frère @Azotium
65 Followers 227 FollowingSylvia ⚜️ @TangledHistory
912 Followers 832 Following PhD Candidate researching Sexual Violence during the American Civil War @unishefhistory :: Humanist :: Feminist :: she/herCas van Cooten @chvancooten
10K Followers 661 Following Benevolently malicious offensive security enthusiast || OffSec Developer & Malware Linguist || NimPlant & NimPackt author || @ABNAMRO Red Team𝑯𝒐𝒖𝒅𝒊�.. @D3crypTor_X
664 Followers 2K Following Cybersecurity | Won't stop learning & Solana Degen.Angel Gamboa @bigmcthanky
445 Followers 3K Following Infosec Do-er | microwave enjoyer mmmmmmmmmmmmmmPhillip Wylie @PhillipWylie
50K Followers 20K Following Phillip Wylie Show Podcast Host | @schoolpwn & @dcg940 Founder | @pentesterblue coauthor | @TribeOfHackers Red TeamNicky Bloor @nickstadb
2K Followers 715 Following Coder, hacker, infosec researcher, adrenaline junkie. Once hiked Ben Nevis, Scafell Pike, and Snowdon in 22h 48m. Not a snake oil peddler.Guglielmo Scaiola @S0ftwarGs
609 Followers 257 Following Solution Architect @iCubed - I.T. Consultant, Speaker, Trainer, Red-Teamer,PenTester and Security Consultant, former Army Paratrooper. Opinions are my ownArnold Smith - Engine.. @arnold_smith1
1K Followers 868 Following Cloud, Cyber and DevOps Engineer #Code #DevOps #Python #TechWriter #Infosec #Cisco #AWS #Azure #GCP #100DaysOfCode #AlwaysOnTheGrindᗩᒪETᕼE @AletheDenis
20K Followers 1K Following ‘Uh-Lee-th’ | 🦊Red Team @bishopfox | ⚫️ #BlackBadge @DefCon & @tracelabs | 🦋@darknetdiaries 107 | Board @DefconGroups | ☠️ Goon | #DC209 CoFounderAndyWillingham @AndyWillingham
25 Followers 138 Following 20+ Year Security guy. Getting back into Twitter after a long break. Former co-host of SFS Podcast. Christian, husband, father of girls@cyb3rops @mikko @gordonlyon @dakami @craiu @markrussinovich @moxie @pdp @raffaelmarty So hard to say at the beginning, as twitter wasn't around, and the people who come to mind aren't on here. But some who I was inspired by as I discovered infosec: @edskoudis @johullrich @DidierStevens @MalwareJake @LiveOverflow @JohnLaTwC @taviso @ippsec @jeffmcjunkin 1/2
This is a happy day! #FF @NikkiC360 @cybergeekgirl @zbraiterman @Whimmery @Neogenxz @DHAhole @hacks4pancakes @DidierStevens @teddemop @0xTib3rius @stokfredrik @kaahstrongreen @vanderaj @joehelle @BentleyAudrey @RachelTobac @SW_Samii @d0rkph0enix @KennaSecurity @itsmalware
The only thing left is to extract the beacon config. There's no need to reinvent the wheel; we can let the script 1768 .py by @DidierStevens do the heavy lifting. The license-id field is a good start for a Yara rule or clustering infrastructure/activity.
@DidierStevens Tried your Python script, but it failed btw. Just some headsups
Nooit geziene pompconstrucies worden opgestart aan de Ganzepoot in Nieuwpoort. Alles om het peil van de Ijzer enigszins onder controle te houden. #middenkustpolder.
@Stef_van_Dop @DidierStevens super to hear! as a follow up on your slides in HackLU did you manage to improve OCR using GPT4.0 for instance? super cool project, if you have the slides please share (sorry for the lack of search)
@xxByte Thanks for the offer! @DidierStevens was kind enough to share them with me already.
New blog post! Title: XOR Known-Plaintext Attacks | by @DidierStevens Link: wp.me/p84lDr-4eA #BlueTeam #KPA #cryptanalysis
Very interesting post from @DidierStevens about XOR cryptanalysis! Keep up the good work! 🎉🎉
New blog post! Title: XOR Known-Plaintext Attacks | by @DidierStevens Link: wp.me/p84lDr-4eA #BlueTeam #KPA #cryptanalysis
First time I've seen #formbook actually embedded in an rtf: app.any.run/tasks/ca41f860… cc @DidierStevens
There is a hand full of people that have helped me in my career with guidance and mentorship. These are all extremely good folks and I wish I could spend more time with them IRL.. @ErikVaBu @jorgeorchilles @HackingDave @nikhil_mitt @Steph3nSims @DidierStevens @TimMedin
oledumpの開発者、@DidierStevens さんが、JPCERT/CCで公開されたPDFにMalDocを潜ませる件について、分析手法の解説をしてますよ、というご紹介。
Nice quick post and tool update from @DidierStevens about the recent @jpcert_en maldoc samples. blog.didierstevens.com/2023/08/29/qui…
ごめんなさい、こっちが @DidierStevens -san ご本人のツイートです。oledump、いつもお世話になっておりますm(__)m
New blog post "Quickpost: Analysis of PDF/ActiveMime Polyglot Maldocs" blog.didierstevens.com/2023/08/29/qui…
Analysed an impressive initial access unveiled by @jpcert_en,MalDoc embedded in pdf, currently reported being used in the wild since july. Thanks to @DidierStevens #emldump tool and @decalage2 , #oleid and #olevba tools for aiding the analysis. Analysis : mystickev.github.io/maldoc-in-pdf
This is a happy day! #FF @NikkiC360 @cybergeekgirl @zbraiterman @Whimmery @Neogenxz @DHAhole @hacks4pancakes @DidierStevens @teddemop @0xTib3rius @stokfredrik @kaahstrongreen @vanderaj @VanderburgAmber @joehelle @BlackWhiteSec
I had to delete an earlier tweet, sorry. I just found 10+ vulns so far in the pdf previewer used by Outlook, etc....Crazy part is that it was by doing some basic things from @DidierStevens tools here: blog.didierstevens.com/programs/pdf-t… with an interesting corpus (which was the hard part)...