Chris Sanders 🔎 🧠 @chrissanders88
Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSM chrissanders.org/links/ Mayfield KY ➡️ Gainesville GA Joined July 2008-
Tweets14K
-
Followers32K
-
Following506
-
Likes17K
Investigation Scenario 🔎 During a third-party penetration test, someone discovered an internal Apache Tomcat server using default credentials. What do you look for to investigate whether an attacker has used those credentials maliciously? #InvestigationPath #DFIR #SOC
Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Dave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeJake Williams @MalwareJake
131K Followers 2K Following Breaker of software | GSE #150 | CTI/DFIR | @ians_security faculty | Bookings: jake at malwarejake dot com | He/himmRr3b00t @UK_Daniel_Card
92K Followers 7K Following 真理的揭露者 Quis custodiet ipsos custodes fella in cyberspace #nafo undercover #FVEY Lovely Horse #fella #meme #farm #appreciator #cyber #specialistJustin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsMick Douglas 🇺🇦.. @bettersafetynet
26K Followers 571 Following Consultant for InfoSec Innovations | @SANSInstitute Principal Instructor | @IANS_Security Faculty | I like information security. How about you?Ali Hadi | B!n@ry @binaryz0ne
29K Followers 568 Following DFIR and Adversary Simulation | DFIR @ ProtonMail | Perfect Stranger | Stronger Together |Katie Nickels @likethecoins
54K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]Andrew Thompson @ImposeCost
34K Followers 1K Following Head of Research and Discovery @Mandiant/@GoogleCloud. Understanding and countering adversaries. Posts attributable to me—not my employer.Sherrod DeGrippo 🦓 @sherrod_im
31K Followers 7K Following Strawberry Tempest. Weird security voyeur. Vibe merchant. CISO of your heart. Official USPS fan account. 🎉 Host of THE Microsoft Threat Intelligence Podcast.strandjs - strandjs@b.. @strandjs
45K Followers 2K Following I will light the way by the bridges I burn. Retired Senior SANS Instructor IANS Faculty Black Hills Information Security Active CountermeasuresAccidental CISO @AccidentalCISO
54K Followers 2K Following I accidentally became the CISO. I didn't want this job, but the job chose me. I'm scared, and I want to go home.Kostas @Kostastsale
16K Followers 364 Following @TheDFIRReport member | Tweeting and following mostly #ThreatIntel,#malware,#IR & #Threat_Hunting. Opinions are mine only! 🇬🇷🇨🇦Dr. Maik Ro @maikroservice
19K Followers 709 Following Training the next generation of Hackers | 💜-Team Hacker | CRTP, PNPT, eCPPTv2, BTL1, CRTO, CARTP, BTL2 (last one soon™ CRTL) | he/himMehmet Ergene @Cyb3rMonk
11K Followers 422 Following 👉 Learn #KQL for #ThreatHunting, #DetectionEngineering, and #DFIR at https://t.co/uAlYlXIpyV - Founder @BluRavenSec | Microsoft Security MVP | #DataScienceFrank McGovern @FrankMcG
16K Followers 250 Following Cybersecurity @ Fortune 100’s ● @BlueTeamCon Founder ● @MARFORCYBER Cyber Auxiliarist ● Former USMC Intel ● Auto Enthusiast ● Real Estate Owner ● RuckerJust Another Nerd @NicoleBeckwith
41K Followers 8K Following Manager, Threat Operations @kroger 🍓 Intel, Hunting, Detection Engineering, Insider Risk & Fraud. 💻 Fmr LE & DFIR for OH & Secret Service TF. ✝️ #FSDEvilMog @Evil_Mog
15K Followers 2K Following X-Force, Team Hashcat, Bishop of the Church of Wifi, Uber Badge Collector. Views != Employers. Not a Ph.D, Recycled Memes. Multi User Dungeon Shenanigator.rootsecdev @rootsecdev
24K Followers 1K Following Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.Romain @Romain344965
6 Followers 121 FollowingDave Fairbairn @RPM_Dave_88
108 Followers 766 Following father of 3. I.T. professional. gym goer. Kevin Owens look-a-like #kevinowensRareHills 🏔️⛰�.. @RAREHILLZ
2K Followers 5K Following 🏔@Rarehills 🚫 Just a Brand We Ä Defi Lyfestyle! •#WEB3 Ärtist Ädvocate •@Solana #NFT Änalyst's 🔝Tier 💎DMNDHÄNZIN -Merch: Get Ur🔻HÄNDZ ÖN @HÄNZÖNNicole Marie Ortiz @Ncola705
3 Followers 145 FollowingCloudHacks @CloudHacks_
227 Followers 938 Following Providing cloud infrastructure and security solutions.Prabhat Barnwal @PrabhatBarnwal_
33 Followers 814 Following A Technophile. A Great observer. A Life-long learner. You?Gray_Boy @theblackone404
9 Followers 408 Following Ethical hacker | CTF player | Bug Hunter | penetration Tester |cscfufo @cscfufo
27 Followers 2K FollowingEmenike Okorie @Arcl0rd
81 Followers 844 Following B2B Technical writer transitioning to Cybersecurity | S&L-form Video editor - Tik-Tok, FB, IG, & YouTube | Adobe Premiere Pro & RUSH, CapCut, Inshot, Canva0x59901R @0x59901R
38 Followers 499 FollowingJohn Foy @conciergecio
6 Followers 81 Following Mid-market IT Manager/Director/CIO leveraging Cloud and FOSS with a focus on infrastructure "antifragility" (security, resilience, privacy...).KaliHacks @TheKaliHacks
156 Followers 1K Following 🛡️Cyber Security Analyst | Ethical Hacker | Programmer | #CyberWarrior | Let's Connect! 🚀 | ٣١٣ً🏴AURORA 🤙🤙🤙 @FagbemiAbdul
415 Followers 2K Following Cyberseurity Validation Analyst || Azure Cloud Support Engineer || Incident Detection & Responsekenny055 @JeffreySparles
115 Followers 216 FollowingIvan 13 @ivan92031121
4 Followers 183 FollowingElectronicsseeker @libertarian108
9 Followers 1K Following0xMahmud @cybersheikhhh
5 Followers 298 Following !maginary , Muslim , #cybersecurity , #computerscience , security researcherManuel Martín @ElVigilante_com
4 Followers 43 Following Security Operations Specialist 🆘 Barely making it through yet another day, trying to be less stupid than the day before. Lessons almost learnt: https://t.co/Yo7Z46b5TiAndy strozewski @Andy_stroze
213 Followers 163 Followingissa mohammed @issamohamm17941
29 Followers 751 FollowingBlue Sky @Bye00Sky
0 Followers 62 Followingcreamy.eth @nickpcool
16 Followers 201 Following #QueenOfTears#Abhisha #TATAIPL#WELL3 #ShivangiJoshi #TikTok #healixprotocol #GardeningXDharamveer Kotiya @Dharamveer73127
7 Followers 48 FollowingThanks Always @iTimonPumbaa
9 Followers 368 FollowingKushal Awaghad @itzzkushal
22 Followers 125 FollowingDeen @itxDeeni
3K Followers 3K Following Backend/ API Engineer | Technical Writer 👨💻 ⚡️Typescript 🐍Python ☕️Java 🐙Git 🐧Linux ⚓️Scrum ☁️AWS 🐳Docker 🌟GitHub 🏆Agile 📊SEO 🤖AICH.Nesrine 🇩🇿�.. @Ch25Nesrine
33 Followers 201 FollowingTamilselvi @ChellaTamil25
3 Followers 194 FollowingFred_Santos @_fredssantos_
76 Followers 2K FollowingMichele @MicheleAnne_24
1 Followers 124 FollowingErick Gama @ErickGa05577852
12 Followers 184 Followingdig8italX @dig8italX
135 Followers 2K Following dig8italX, the leading artificial intelligence firm that specializes in creating customized AI solutions for businesses.Alexia Ovando @alexia_og14
161 Followers 575 Following ⚽️ Habló de fútbol todo el día ❤️🤍 ✨Que nadie te diga que no puedes✨Angelolol @aangelolol
60 Followers 844 FollowingX0V @X0V00
15 Followers 374 FollowingDan Sanders @SandersEngineer
435 Followers 2K Followingdiarrhea_goat @diarrhea_goat
2 Followers 276 Following Systems eng by day, pentester by night. Sharing what I learn along the way and randomly bitching about IBD.Peter @Petersharmaus
5 Followers 12 FollowingTrex @Ty_016
116 Followers 228 FollowingFlorian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Dave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeJustin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsAli Hadi | B!n@ry @binaryz0ne
29K Followers 568 Following DFIR and Adversary Simulation | DFIR @ ProtonMail | Perfect Stranger | Stronger Together |Katie Nickels @likethecoins
54K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]strandjs - strandjs@b.. @strandjs
45K Followers 2K Following I will light the way by the bridges I burn. Retired Senior SANS Instructor IANS Faculty Black Hills Information Security Active CountermeasuresSANS DFIR @sansforensics
104K Followers 98 Following The world's leading Digital Forensics and Incident Response provider. This feed updates you on latest DFIR news, events, and training.Kostas @Kostastsale
16K Followers 364 Following @TheDFIRReport member | Tweeting and following mostly #ThreatIntel,#malware,#IR & #Threat_Hunting. Opinions are mine only! 🇬🇷🇨🇦Dr. Maik Ro @maikroservice
19K Followers 709 Following Training the next generation of Hackers | 💜-Team Hacker | CRTP, PNPT, eCPPTv2, BTL1, CRTO, CARTP, BTL2 (last one soon™ CRTL) | he/himThe DFIR Report @TheDFIRReport
53K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion. Services: https://t.co/XW613EKt2wNasreddine Benchercha.. @nas_bench
10K Followers 1K Following Detection @nextronsystems | @sigma_hq & LOLDrivers maintainer | Avid learner and passionate about all things #Detection #Sigmaedskoudis @edskoudis
62K Followers 294 Following President SANS Technology Institute College. SANS Fellow. Pen Tests & Inc Handling. Founder & CEO @CounterHackSec. Board of @manasquanbank and @fpatheatre.comChad Tilbury @chadtilbury
23K Followers 624 Following Digital forensics and incident response. Ex-AFOSI, Mandiant, and CrowdStrike. SANS Institute Fellow and co-author of #FOR500 and #FOR508 courses.Samir @SBousseaden
24K Followers 1K Following Detection Engineering | Elastic Security Mastodon: @[email protected]DirectoryRanger @DirectoryRanger
31K Followers 100 Following This account assembles and disseminates information related to Active Directory and Windows security.John Hultquist @JohnHultquist
28K Followers 1K Following Chief Analyst, Mandiant Intelligence @Google. @CYBERWARCON and @SLEUTHCON founder. Johns Hopkins professor. Army vet.SANS.edu Internet Sto.. @sans_isc
116K Followers 86 Following @[email protected] - https://t.co/8IgCGtJnZd - Global Network Security Information Sharing Community -Eric Capuano @eric_capuano
10K Followers 3K Following Director @limacharlieio | Founder @recon_infosec | SANS DFIR Instructor | IANS Faculty | https://t.co/yCVDASYk8s | ⬡Microsoft Threat Inte.. @MsftSecIntel
180K Followers 1K Following We are Microsoft's global network of security experts. Follow for security research and threat intelligence.Mario A Maitland @MarioMaitland_3
10K Followers 454 Following Digital Content Creator For Kentucky Sports Radio & IHeartMedia 🎥 •Talk Radio Host WXLU 93.9 FM 🎙️• Host of @whats_nextpod • University of Kentucky Alum 🎓HackSpaceCon @HackSpaceCon
3K Followers 1K Following Launch with us! Hack Space Con April 10-13th,2024. Tickets Available Now: https://t.co/VtWXzZwbybCaitlin @TheGamblingBird
3K Followers 2K Following Incident response and systems thinking. Birder. Equal parts minx and battle axe. Forever a wild card.Mathias Fuchs @mathias_fuchs
3K Followers 1K Following Something with IR and Intelligence @InfoGuardAG, Certified Instructor and author @SANSInstitute (@SANSEMEA), Former Principal IR Consultant @MandiantLEGO® IDEAS @LEGOIdeas
241K Followers 19 Following Share ideas for new LEGO® products, enter cool contests, and vote for your favorites. @LEGO_GroupJosh Brunty @joshbrunty
2K Followers 2K Following Head Coach @uscybergames | Professor @marshallu | Digital Forensics @marshallu_cfs𝙿𝚛𝚘𝚏. �.. @Identatron
670 Followers 640 Following Experienced #DFIR Investigator & Academic. Casework active across Civil, Criminal, Intelligence, Media, etc. Based @unisouthampton, My Views are my own!!KicksFinder @KicksFinder
491K Followers 2 Following Links to the best sneaker releases, deals and restocks. (Affiliate links)OVW Wrestling @ovwrestling
49K Followers 1K Following LIVE on FITE TV Thursdays 7pm EST - Historic Professional Wrestling organization in Louisville, KY - Catch WRESTLERS on NETFLIX now! #WrestlersNetflixKSR @KSRonX
15K Followers 82 Following KSR on X: University of Kentucky sports news in the most ridiculous manner possible. Some call me Ron.Nikki Siapno @NikkiSiapno
150K Followers 306 Following Engineering Manager at @Canva | Founder of Level Up Coding | — A big thank you to our partner @getpostman who keeps our content free to the communityRegular Obsession @reg0bs
355 Followers 1K Following SOC Tech Lead. Lecturer. Course Author. Security and Data Enthusiast. Coffee Nerd. He/Him.Internal Tech Emails @TechEmails
526K Followers 900 Following Internal tech industry emails that surface in public records. 🔍Sneaker News @SneakerNews
1.5M Followers 142 Following The Authority in Sneaker News. Follow @kicksfinder for release links to all the latest sneakers.Adrian Sanabria (@saw.. @sawaba
10K Followers 2K Following 🎙️ Enterprise @secweekly Podcast, 🤝 Founder @bsidesknoxville, 🗣️ Faculty @IANS_Security, 🍳 Cooking, 🏎️ F1, ⛰️ HikingCraig Chamberlain @randomuserid
3K Followers 2K Following Former Elastic, QRadar. I do detection. I'll find you, it's what I do. It's all I do. Tweets my own @[email protected] | @randomuserid.bsky.socialErica Peterson @ericalikestech
3K Followers 4K Following Sales & Marketing @vtxproject | J.D. Candidate @duqklinelaw | Board Member @kc7cyberNathan Baugh @nathanbaugh27
250K Followers 922 Following Exploring the art & science of story. Writing fiction. Join 84,000 getting better at storytelling every Sunday → https://t.co/vXSuZPW1dCPremium @premium
800K Followers 1 Following Subscribe to get your blue checkmark, no ads in For You, custom navigation, long videos, 25k+ character long posts, bookmark folders and more.Daniel @DanielOfService
270 Followers 371 Following Cybersecurity enthusiast with the main interest in DFIR | Tweet in English and IndonesianVV @_vventura
1K Followers 567 Following THIS ACCOUNT IS NOT ACTIVE. NEW https://t.co/IbsMvvpwZp My opinions are my own not my employerTTI @TikTokInvestors
282K Followers 997 Following We curate funny, interesting, and cringy finance / biz content. We are not affiliated with TikTok. Posts belong to respective owners. Voted #1 hedge fund.PUNS @ThePunnyWorld
658K Followers 5 Following Follow for the most hilarious puns and dad jokes! Not affiliated with any of my tweets.NREA @nrea1
5K Followers 5K Following The National Rural Education Association (NREA) is the oldest established national organization of its kind in the United States.Rural Schools Collabo.. @Rural_Schools
3K Followers 1K Following Building sustainable rural communities through a keen focus on place, teachers, and philanthropy - with rural hubs serving 30+ states.Blake Burge @blakeaburge
416K Followers 147 Following Helping You Learn While I Do The Same | Fan of Bourbon & Books 🥃 📚I Am a Rural Teacher @IAARTCampaign
1K Followers 285 Following Rural teachers from across the US share ideas, stories, and best practices | Submit stories: https://t.co/Lae7L8yWmWDFIR-IRIS @dfir_iris
883 Followers 4 Following Collaborative Incident Response investigation platform, for analysts by analysts. Free and Open Sourcecraig newmark @craignewmark
92K Followers 5K Following craigslist founder & CSR, not management since 2000, https://t.co/MgiGNQGJ9HKen Jennings @KenJennings
465K Followers 559 Following Your Jeopardy! pal. Author of 100 PLACES TO SEE AFTER YOU DIE (https://t.co/pxwTQ2d7lo) and a bunch of other stuff. OMNIBUS co-founder (https://t.co/aURWrO4dAO).Dray Agha @Purp1eW0lf
6K Followers 3K Following Security Operations Center Manager @HuntressLabs || "Competition is the law of the jungle, but cooperation is the law of civilisation” - Kropotkins0cm0nkeysec @s0cm0nkeysec
967 Followers 251 Following Security Operations Manager at Secureworks. I hack things, herd cats, and I eat tacos. My thoughts are my own. Check out my reference guide.Chef José Andrés �.. @chefjoseandres
1.2M Followers 2K Following We all are Citizens of the World. What's good for you, must be good for all. If you are lost, share a plate of food with a stranger...you will find who you are.Jen Easterly🛡️ @CISAJen
61K Followers 422 Following Director, America’s Cyber Defense Agency/Head Goalie, Team Cyber. Combat Veteran. Proud Mom. Rubik’s🧊 Enthusiast. Aspiring Electric 🎸. ❤️/RT ≠ endorsementMuppet History @HistoryMuppet
286K Followers 2K Following FAN PAGE dedicated to continuing the spirit and silliness of Jim Henson! Curated and Operated by @HalfHearted_JG Business: [email protected]@chrissanders88 I am not an expert on the offensive side but I would look for deployment logs of .war files and match with official deployment dates(if available) to find any unofficial/suspicious deployment. Look for deployed files (reverse shell.war). Also look in tomcat auths logs.
@chrissanders88 I see Diogenite basted with a nice little smoked honey mix.
@chrissanders88 Fascinating! I've never heard of that, but it seems to be made primarily to preserve antique metal objects. Will definitely have to look into this! :)
@chrissanders88 As an amateur astronomer, I have a few. Nothing like holding a rock the age of the solar system. How do you keep the iron ones in your collection intact? My humid climate seems to destroy mine after a few years no matter what I do.
Security Onion Conference 2024 Save the Date and CFP! blog.securityonion.net/2024/04/securi… #SecurityOnion #Infosec #Infosecurity #cybersecurity #ThreatHunting #IncidentResponse #Conference #CFP
@chrissanders88 Why aren’t we talking about the three possum moon t-shirt and where we can get one?
Good Will Hunting is suchhhhhh a good movie.
the internet was so much simpler then 🥺
@chrissanders88 Man, you be cheating on the pork briskets.
Chris is a great follow for Incident Response and Investigations. This thread reminded me that I had forgotten the degree to which regsrv32 can be leveraged. Then MITRE refreshed me to my ever-increasing horror: attack.mitre.org/techniques/T12…
In an ideal situation, you'd examine the full command line of the execution. However, I limited the scenario by making those logs unavailable, which is a common scenario on many networks, unfortunately.
@chrissanders88 With no EDR and sysmon, I’d probably start with some of the artifacts of execution. I’d look at ShimCache, Amcache, Prefetch, and RecentApps Registry to try to get a picture on how the executable got there. From there I’d be lookin to see what else the executable could be loading
@chrissanders88 Use netstan -anb to Discover whats the process is doing it
@chrissanders88 Check digital signature of regsvr32.exe, Investigate recently modified files in the AppData\Roaming directory,Check scheduled tasks for suspicious entries, Analyze network activity for unusual connections and Consider memory forensics if possible. TA: APT29 & APT32
@chrissanders88 1. I would scan the file with virus total and annotate the creation date. 2. Look at the Registry for newly altered HKEYs. 3. Check for priv escalation. Threat actor COZYBEAR aka APT29 was known for using this with a technique called squiblydoo. Could also show signs of…
@chrissanders88 Ahhh I didn’t see that. Tracking! I know for sure APT 19 and and the authors of QakBot uses it. I would have to refer to the registry keys (run, RunOnce, MRU) to review the entries. I also can ref query the registry to look for any *.dlls This will all be preliminary.
@chrissanders88 Buying cookies? Why the hell aren’t you making those awesome cookies from the recipe at the back of your book?
This is amazing and I demand other farmer markets become TSwift themed pleaseeeee