Jose Enrique Hernandez @_josehelps
š”ļø Threat Research Director @Splunk ā¤ļø Scuba Diving š§ Maintainer of #AtomicRedTeam #LOLDRIVERS #LOLRMM #LOLBAS josehelps.com The mothership Joined March 2008-
Tweets5K
-
Followers3K
-
Following2K
-
Likes14K
ā” The Threats Return: Atomics on a Friday š x.com/i/broadcasts/1ā¦
š A Faster, Friendlier Policy Editor Weāve reengineered the Policy Editor to make managing policies smoother than ever. Whatās New: ā Bulk Save SystemĀ ā Stage and commit changes in a single version (no more rule-by-rule thrashing). ā Smarter Save DialogĀ ā Add clear changeā¦
Welp .. if you are a ASA user, I got some bad news for you. cisa.gov/news-events/diā¦
šØ NPM Supply-Chain Attack & new EDR Bypass šØ Over the past 2 weeks, there have been two new developments that's worth attention. 1ļøā£ Shai-Hulud Worm ā self-propagating worm targeting npm 2ļøā£ EDR-Freeze ā freezes AV/EDR processes Sigma rules available. A detailed thread š§µš
9/19/2025: Every week I share a curated list of red team-specific jobs (or similar) that caught my attention or were shared with me by others in the community. My goal is to help job hunters in the offensive security space find a red team-specific role. š Company + Role:ā¦
If youāre still running AppLocker in production, when was the last time you actually audited your policy? Many organizations deployed AppLocker years ago and havenāt looked back, but those same policies often contain critical misconfigurations that create security gaps andā¦
Doubt kills app control projects more than technical hurdles do. Most teams ask: āWhat do we block?ā Hereās a 6-step playbook you can steal to make attackers hate their livesš 1. Discover what actually runs Run audit-only mode in AppLocker/WDAC ā collect logs for a week āā¦
Anyone seen this MS RAT? microsoft.com/en-us/downloadā¦
Curious for those who dare to answer. What you got for app control currently?
Say it with me.. User .. Behavior ⦠Analytics š„
A new project demonstrates how attackers exploit Bring Your Own Vulnerable Driver (BYOVD) techniques to bypass modern defenses. Using the RTCore64.sys driver, adversaries can: ā”ļøĀ BYOVD enables attackers to manipulate kernel-level functions, bypassing security controls. ā”ļøĀ Theā¦
Cisco Talosā latest blog exposes Static Tundra, a Russian state-sponsored group targeting unpatched Cisco devices for long-term espionage worldwide. Apply the patch now and protect your network: cs.co/6018fvA0O
Attackers know how to find your weak and misconfigured Applocker rules. Now you can too.... š§µJust finished putting together a new tool to find weak and misconfigured AppLocker policies. Itās called AppLocker Inspector. Hereās how this tool came to be and what it does thatāsā¦
It's just not a good market for app control bypass research these days, so I moved on to researching other things no one cares about.
It's just not a good market for app control bypass research these days, so I moved on to researching other things no one cares about.
github.com/0x4D31/finch is a really slick tool, super easy to use, flexible configs, great logs - thank you @0x4D31 !
[New Blog š] The Fragile Balance: Assumptions, Tuning, and Telemetry Limits In Detection Engineering If you ever struggle with false positives and the idea of tuning detections. This is for you. Read More - nasbench.medium.com/the-fragile-baā¦
ESXi is a hot target lately. Come check out the work Splunk Threat Research did around catching this activity before it gets out of control. Read more here - splunk.com/en_us/blog/secā¦

Florian Roth ā”ļø @cyb3rops
207K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy āļøš | vi/vim
SwiftOnSecurity @SwiftOnSecurity
405K Followers 9K Following computer security person. former helpdesk.
Kostas @Kostastsale
18K Followers 367 Following @TheDFIRReport | No longer active here ā find me on Bluesky: https://t.co/qHzDSxCRfG. š¬š·šØš¦
mRr3b00t @UK_Daniel_Card
114K Followers 8K Following Department of Cyber WAR CEO of everyone's email servers!
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Dave Kennedy @HackingDave
224K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
Thomas Roccia š¤ @fr0gger_
32K Followers 2K Following AI Security x Threat Intel Ā· Sr. Threat Researcher @Microsoft Ā· Creator of #Unprotect & #NOVA Ā· Malware Warlock Ā· Python š§” Ā· Prev @McAfee_Labs Ā· Views mine š
Michael Koczwara @MichalKoczwara
23K Followers 2K Following Threat Researcher/Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/VQWaze6gaF
Mehmet Ergene @Cyb3rMonk
13K Followers 438 Following https://t.co/uAlYlXIpyV Learn #KQL for #ThreatHunting, #DetectionEngineering, and #DFIR @BluRavenSec | Microsoft Security MVP | #DataScience
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Samir @SBousseaden
25K Followers 1K Following Detection Engineering | Elastic Security Mastodon: @[email protected]
Nasreddine Benchercha... @nas_bench
11K Followers 1K Following Detection @Splunk & @cisco | previously @nextronsystems | @sigma_hq & @magicswordio maintainer | Eternal Learner
Christopher Peacock @SecurePeacock
7K Followers 2K Following #PurpleTeam | Ex @RaytheonTech MSSP, @SCYTHE_IO, & @GD_OTS | Taught at BlackHat & DEFCON | #100DaysofSigma | Keep exploring, keep learning, and stay curious
The Haag⢠@M_haggis
9K Followers 2K Following Threat Researcher | Co-Host of Atomics on a Friday | LOLDrivers & Atomic Red Team Maintainer | I'm Everywhere and Nowhere - BSG.
Olaf Hartong @olafhartong
17K Followers 967 Following @FalconForceTeam | researcher with a camera | Microsoft MVP | Snow man role model
John Hammond @_JohnHammond
300K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyQtS || https://t.co/narO3sz7y6
Jā©āmie Williams @jamieantisocial
10K Followers 7K Following threats && stuff || #UNC1799 forever š¤|| @DistrictHeather ā„ļø + š· **š ššš š šš”ššššššš ššš šš Ö š š**
Will @BushidoToken
36K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
Clandestine @akaclandestine
50K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
D.uck @dai_vicweb
1 Followers 69 Following ćµć¤ćć¼ć»ćć„ćŖćć£ć®åå¼·å§ćć¾ćććēę§ćęęćć ććć
š§¶š§¶ @r5FR7de5o98RYzw
0 Followers 332 Following
Vieamui @Vieamui22783
104 Followers 3K Following
Luke Miller @CloudSecLuke
79 Followers 545 Following Husband, Father | USAF Vet | Security Engineer | Volunteer @OhioCyber | Founder @codebridgecincy ā building bridges in tech & community
Bonnieš¼ļøš¼ļøļæ½... @GazShmo
98 Followers 3K Following Here to share ideas, connect with people, and learn something new every day
Mireille Whitmore @drucrer59961
7 Followers 918 Following
MyrnaWalpole @5m5h9J90rMclp8
17 Followers 487 Following
šµš»āāļøš» @mswelam_
1K Followers 2K Following uncut gems l l DFIR @EG_CERT#cocopollo_author BlackHat MEA2024, 2025
Tinmart @Tinmart_US
0 Followers 44 Following
The Class @destroy2secure
203 Followers 2K Following
Volodymyr Wolfe @pukk1ta
4K Followers 7K Following I solve problems. I know things. #WeAreNAFO #Fellas
AnnabellePriestley @4P3HI7ff4j0uq59
27 Followers 572 Following
curseurs0s @curseurs0s
10 Followers 108 Following
AndrƩ Kachlov @AKachlov7141
1 Followers 122 Following
Zoe Kiehn @ZoeKiehn54026
80 Followers 4K Following
8lU3sH33p @8lU3sH33p
100 Followers 2K Following
Ada @UzairurRehman4
78 Followers 2K Following Nothing should belong to you originally, so itās better to lose a little bit
Darren @dabear1981
167 Followers 1K Following
Lawrence_Sec @Lawrence_Sec
119 Followers 502 Following š¬š§ Threat Research @RecordedFuture https://t.co/yrwObzizEk
tom square @harold9850
5 Followers 167 Following
Seysmey @SeysmeyEtw3
115 Followers 4K Following Fairycore enthusiast š§āļøš | Cottagecore wannabe
TheCyberGuy @CyberIsFuture
4 Followers 38 Following
Lisa A. Kirby @lisakirbyri
66 Followers 131 Following M.S. Cybersecurity March 2019...Looking towards the future!
BSwif @SwifSec
9 Followers 161 Following
kino @rphlrdrgs
47 Followers 639 Following
Snodig @Snodig1
58 Followers 2K Following
dexter @dexter79331247
0 Followers 2K Following
D0r!_!D@h@N @d0r_dhn92836
81 Followers 908 Following Junior Penetration Tester | CyberSecurity Instructor
MakBa @MakBaSec
2 Followers 1K Following
Microsoft EMS @microsoftems
34 Followers 332 Following
TechWizNet (ā,ā) @TechW1zNet
283 Followers 2K Following On the path to becoming a cybersecurity expert. Currently building skills in penetration testing and auditing smart contracts.
OneBadAlien @WilliamTaack
253 Followers 5K Following
Maximilian Schƶneber... @maxschoe149
17 Followers 207 Following
Ethan Word @planedrop
325 Followers 2K Following Systems Engineer | Network Engineer | Content Creator. https://t.co/a5GMwMidzd https://t.co/XNyovaZgI5 https://t.co/SRt0n0S0wC
Leonardo Gil @UnctusM
192 Followers 3K Following Infosec Addict. Ibis, redibis, nunquam per bella peribis.
row @rowwwor
0 Followers 34 Following
Fhloston @Fhloston_
186 Followers 4K Following
Dan @d778941
245 Followers 812 Following MSP Security Engineering Lead. Content posted is on my own behalf, and not that of my employer.
Rusty Miller @RustyMille80805
54 Followers 453 Following
Florian Roth ā”ļø @cyb3rops
207K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy āļøš | vi/vim
vx-underground @vxunderground
377K Followers 295 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
SwiftOnSecurity @SwiftOnSecurity
405K Followers 9K Following computer security person. former helpdesk.
Stephan Berger @malmoeb
28K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Kostas @Kostastsale
18K Followers 367 Following @TheDFIRReport | No longer active here ā find me on Bluesky: https://t.co/qHzDSxCRfG. š¬š·šØš¦
mRr3b00t @UK_Daniel_Card
114K Followers 8K Following Department of Cyber WAR CEO of everyone's email servers!
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Dave Kennedy @HackingDave
224K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
Thomas Roccia š¤ @fr0gger_
32K Followers 2K Following AI Security x Threat Intel Ā· Sr. Threat Researcher @Microsoft Ā· Creator of #Unprotect & #NOVA Ā· Malware Warlock Ā· Python š§” Ā· Prev @McAfee_Labs Ā· Views mine š
Michael Koczwara @MichalKoczwara
23K Followers 2K Following Threat Researcher/Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/VQWaze6gaF
Mehmet Ergene @Cyb3rMonk
13K Followers 438 Following https://t.co/uAlYlXIpyV Learn #KQL for #ThreatHunting, #DetectionEngineering, and #DFIR @BluRavenSec | Microsoft Security MVP | #DataScience
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Chris Sanders š ļæ½... @chrissanders88
34K Followers 489 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSM
Samir @SBousseaden
25K Followers 1K Following Detection Engineering | Elastic Security Mastodon: @[email protected]
Florian Hansemann @CyberWarship
84K Followers 46 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98M
SANS DFIR @sansforensics
109K Followers 98 Following The world's leading Digital Forensics and Incident Response provider. This feed updates you on latest DFIR news, events, and training.
Nasreddine Benchercha... @nas_bench
11K Followers 1K Following Detection @Splunk & @cisco | previously @nextronsystems | @sigma_hq & @magicswordio maintainer | Eternal Learner
Christopher Peacock @SecurePeacock
7K Followers 2K Following #PurpleTeam | Ex @RaytheonTech MSSP, @SCYTHE_IO, & @GD_OTS | Taught at BlackHat & DEFCON | #100DaysofSigma | Keep exploring, keep learning, and stay curious
The Haag⢠@M_haggis
9K Followers 2K Following Threat Researcher | Co-Host of Atomics on a Friday | LOLDrivers & Atomic Red Team Maintainer | I'm Everywhere and Nowhere - BSG.
Olaf Hartong @olafhartong
17K Followers 967 Following @FalconForceTeam | researcher with a camera | Microsoft MVP | Snow man role model
ā ļøš»Andy Piazza... @klrgrz
6K Followers 3K Following Christian. Killer Grizz, Threat Intel & Thrunter. Hack things w/ @bsides_nova. @DEFCON Contests Dept Lead & Black Badge DC32. GSE #344. (VIEWS ARE MY OWN).
Dalton Caldwell @daltonc
68K Followers 895 Following Founder and Partner @Standard_Cap, Partner Emeritus @ycombinator
The Vertex Project @vtxproject
3K Followers 4K Following On a mission to create an intelligence-driven future with Synapse.
Lawrence_Sec @Lawrence_Sec
119 Followers 502 Following š¬š§ Threat Research @RecordedFuture https://t.co/yrwObzizEk
Julian-Ferdinand @JulianVoeg
830 Followers 413 Following Threat Research @RecordedFuture. Formerly @SecReLabs. He/Him. š³ļøāš [email protected]
Kyle Avery @kyleavery_
4K Followers 420 Following
SecurIT360 @SecurIT360
296 Followers 157 Following We measure against industry standards, advise how to align with security standards, and train staff to effectively understand and practice information security
Nick VanGilder @nickvangilder
3K Followers 3K Following Red Team Director | Mission Focused Leader | Combat Veteran | Offensive Security Program Builder | Mentor and Coach
rekdt @rekdt
11K Followers 728 Following // unethical hacker // cybersecurity leader megacorp, usa // ex big tech, else // @redteamvillage_ & @sec_defcon daemon // take īØ sincerely at your own risk
Threat Insight @threatinsight
11K Followers 217 Following @Proofpoint's insights on targeted attacks & the security landscape. Follow us on Bluesky: https://t.co/8OVfhotdeP
Swachchhanda Poudel @_swachchhanda_
95 Followers 371 Following Threat Researcher | Detection Engineer @nextronsystems | #sigma #yara https://t.co/LjJ2sh3CIE
/ĖziĖf-kÉn/ @x33fcon
7K Followers 1 Following When Red meets Blue... The very first security conference for Purple Teams on the planet
Matt Anderson @nosecurething
2K Followers 1K Following Staff Detection Engineer @HuntressLabs Threat Research | Threat Hunting | Malware Analysis
SpacialSec @SpacialSec
865 Followers 51 Following selling office fans and occasionally doing threat intel OFFICIAL SpacialSec⢠discord: https://t.co/7oQPyclziX
Kim Oppalfens (MVP) ļæ½... @TheWMIGuy
5K Followers 221 Following #MemCM #Infosec enthusiast. āNon-limited code execution will almost certainly result in full system compromise over time.ā #WDAC. 20 years of MVP citizenship.
NULL Life CTF Team @NullLifeTeam
1K Followers 158 Following Latin america CTF team | http://t.co/apntwLkiLz
Syntax @syntaxfm
46K Followers 299 Following Tasty Treats for Web Developers with @wesbos @stolinski and @codinggarden Brought to you by @getsentry
Adam Hassan @adamislucky
3K Followers 1K Following Startup investor, SMB founder/operator, large cap SaaS sales, living at the intersection of public safety, technology, entrepreneurship and good vibes.
spencer @techspence
13K Followers 2K Following š”ļøEmpowering defenders & dismantling threats | Ethical Threat | pentester @securit360 | host @cyberthreatpov | SWAG https://t.co/AFJtZQcti7
Ryo Lu @ryolu_
57K Followers 2K Following Head of Design @Cursor_ai. Early @NotionHQ, @Stripe, built startups. I make a world where anyone can make software. Aspiring k-pop idol.
Tyler Shukert @dshukertjr
16K Followers 100 Following DevRel engineer @supabase ā”ļø Follow for Supabase tips!
Dark Web Informer @DarkWebInformer
132K Followers 56 Following Providing intel from the Dark Web & Clearnet: Breaches, Ransomware, Darknet Markets, Threats & more. Follow the X Bot: @DarkWebIntelBot. https://t.co/Fi7VW9lg94
Mckay Wrigley @mckaywrigley
209K Followers 360 Following I build & teach AI stuff. Founder @TakeoffAI where weāre building an AI coding tutor. Come learn to code + build with AI at https://t.co/oJ8PNoAutE.
Francisco SƔa MuƱoz @enonethreezed
923 Followers 617 Following Hunt your mistakes like you hunt threats - Casey Smith
Kevin Kern @kregenrek
19K Followers 477 Following Teaching & building AI apps ā https://t.co/4MQ9vOmIOt ā Newsletter: https://t.co/3KKVcffvCf ā My AI Prompts: https://t.co/6KdZMINT79
God of Prompt @godofprompt
145K Followers 847 Following š Sharing AI Prompts, Tips & Tricks. The Biggest Collection of AI Prompts & Guides for ChatGPT, Grok, Claude & Midjourney AI ā https://t.co/vwZZ2VSfsN
Frey @Freyxfi
5K Followers 67 Following 24 y/o Pentester and MMA Player love to exploit web šøļø | https://t.co/LGRIAkn3dR | LW (9-0-0) š„// And I do everything solo šŗ
Tom Dƶrr @tom_doerr
102K Followers 2K Following Follow for posts about GitHub repos, DSPy, and agents Subscribe for top posts DM to share your AI project (Due to volume of DMs I'll prioritize subscribers)
EvilMogĀ® @mog.evil.a... @Evil_Mog
17K Followers 2K Following Hacker, Team Hashcat, Bishop of the Church of Wifi, Uber Badge Collector. Views != Employers. Not a Ph.D, Recycled Memes,
Robert Sterling @RobertMSterling
207K Followers 3K Following Finance bro. Marine. M&A advisory + fractional CFO: https://t.co/tCFru8OTnU. Cheap consulting: https://t.co/pA6vOQRS6i. Accounting: https://t.co/B0h3FJlIeL.
cyberundergroundfeed @cyberfeeddigest
7K Followers 152 Following I deliver daily #DarkWeb ,#DeepWeb and #CTI feeds,and a bit of geopolitical clashes #Darkweb #Deepweb #Ransomware #Malware #Databreach #CTI #ThreatIntel
Angel Hun @SeraphimDomain
2K Followers 777 Following Blue Team, RE, Independent Researcher, Cyber Weapon. My views are my own.
William Metcalf @node5
1K Followers 391 Following I have been recruited by the Star League to defend the Frontier against Xur and the Ko-dan Armada
Ransom-DB @Ransom_DB
2K Followers 79 Following Professional CTI service for advanced ransomware intelligence. Real-time incident tracking and deep insights to keep you updated with the most known threats.
Nextron Research ā”ļæ½... @nextronresearch
2K Followers 10 Following Nextron Systems Threat Research Team research (att) https://t.co/QTt2X62dXP
Gi7w0rm @Gi7w0rm
18K Followers 801 Following Threat Intelligence Analyst | See my Linktree for other socials | In case I post false intel, contact me! Support me: https://t.co/5WgDqr0K8p šŖšŗš©šŖšŗš¦š
tonghuaroot @tonghuaroot
455 Followers 3K Following Staff Security Engineer. Cyber Security enthusiast, not Hacker. Focus on Application Security, Penetration testing. #OSCP #OSEP #RedTeam #AppSec #WebSec
CRV @CRV
38K Followers 293 Following CRV specializes in early-stage seed and Series A startups. We've invested in over 750 companies including Cribl, DoorDash and Vercel.
Ruben Groenewoud @RFGroenewoud
527 Followers 301 Following A security research engineer at @Elastic focusing mainly on Linux behavior-, signature- and ML-based detection engineering. Github: https://t.co/KKlA2KIjGj
RussianPanda š¼ ļæ½... @RussianPanda9xx
16K Followers 533 Following ŠŠµŠ½Ń ŠøŃŠµŃ ŠŠŠ š | Threat Hunter @HuntressLabs | TRACLabs https://t.co/QNvr2yUuJM | Malware Addict | DFIR
Guilherme Venere @gvenere
342 Followers 450 Following I break things. Threat Researcher @TalosSecurity. I post about games and Security. @[email protected] after the exodus Opinions are my own.