Asger.jpg @hackerkartellet
🇩🇰 living in 🇩🇪 Principal IR dude trying to do IR stuff at @InfoGuardAG https://t.co/odU86jtnLL… @hackerkartellet.bsky.social Munich, Bavaria Joined January 2011-
Tweets214
-
Followers654
-
Following983
-
Likes2K
Yesterday, I presented "Anti-Forensic" techniques for Windows and Linux at the Troopers conference in Heidelberg. This morning at breakfast, I was approached by an attendee and asked if I had looked at the zapper tool from The Hacker's Choice. [1] I said no, but of course, my…
We just released MemProcFS-Analyzer v1.2.0 with various enhancements. Check out the changelog for more information. Happy Memory Analysis! #MemProcFS #MemoryAnalysis #DFIR github.com/LETHAL-FORENSI…
Some people commented on my post below, asking, "But isen't the domain legitimate?" Well.. maybe? Take a moment to visit this web page here: wizer-training.com/blog/copy-paste Done? Copy and paste could be abused by attackers, along with a lookalike domain (e.g., g0ogle[.]com), who…
Some people commented on my post below, asking, "But isen't the domain legitimate?" Well.. maybe? Take a moment to visit this web page here: wizer-training.com/blog/copy-paste Done? Copy and paste could be abused by attackers, along with a lookalike domain (e.g., g0ogle[.]com), who…
We just released Microsoft-Analyzer-Suite v1.5.1. This update includes bug fixes and a new version of RiskyDetections-Analyzer. Check out the changelog for more information. Happy M365/Azure Threat Hunting! #M365 #Azure #Entra #BEC #CloudIncidentResponse #DFIR #Microsoft…
Could you all take a moment to check that UAL is enabled on your M365 tenant? The IR team will really appreciate it later!
I am reposting my old post as a reminder to regularly check which UserAgents are logging into your tenant. In more recent instances, we have noticed that TAs are using tools with the following as part of their toolkit: 'node-fetch/1.0 (+github.com/bitinn/node-fe…)' 'GuzzleHttp/7'
I am reposting my old post as a reminder to regularly check which UserAgents are logging into your tenant. In more recent instances, we have noticed that TAs are using tools with the following as part of their toolkit: 'node-fetch/1.0 (+github.com/bitinn/node-fe…)' 'GuzzleHttp/7'
My big boss man is having a party writing awesome blogs. Take a look!
New blog post: Tear Down The Castle - Part 2 dfir.ch/posts/tear_dow… I analyzed 250 PingCastle Reports, grouping the findings along the categories I used for my 10 AD Commandments series. The number of affected domains is stated within each finding, i.e., in how many domains we…
I just released Microsoft-Analyzer-Suite v1.3.0. UserAgent Blacklist added, ClientInfoString and Mailbox Synchronization detection of eM Client (Traitorware) added, and much more. Happy M365 Threat Hunting! @InvictusIR #M365 #Entra #BEC #DFIR github.com/evild3ad/Micro…
New blog post: Tear Down The Castle - Part 1 dfir.ch/posts/tear_dow… I analyzed 250 PingCastle Reports, grouping the findings along the categories I used for my 10 AD Commandments series. The number of affected domains is stated within each finding, i.e., in how many domains we…
New blog post: Analysis of Python's .pth files as a persistence mechanism dfir.ch/posts/publish_… I dig into Pythons Path Configuration Files (.pth) and how an attacker can (mis-)use them for a sneaky persistence mechanism.
Teaser: Microsoft-Analyzer-Suite v1.2.0 will detect the new Device Compliance bypass technique via Microsoft Intune Company Portal Check out: labs.jumpsec.com/tokensmith-byp… quzara.com/blog/bypass-in…
For those using the full User Agent in their queries, detection, hunt, etc ... Time to increment the last number. Or even better, just look for "axios" and see what comes out 😂
Did you know about the Windows Notifications database? While investigating suspicious behavior on a computer, I discovered evidence of a blocked DNS connection within the Notifications database (see attached screenshot). This database could hold valuable information for other…
"A system administrator noticed that the user account kiosk had an active SSL-VPN connection to the corporate network. However, the kiosk user should not have been able to establish such a connection, as access via SSL-VPN is intended to be restricted to specific user groups…
"The attacker successfully gained unauthorized access to the organization’s internal network through an SSL VPN endpoint hosted at vpn.customer.tld. This VPN required only a basic username and password combination, lacking advanced security controls such as multi-factor…
Throwback to a case I had in June
Who actively monitors the Application Event Log for the Event ID 15457, containing the string xp_cmdshell? The screenshot below is from an Incident Response engagement this year from an exploited FortiClient EMS server (CVE-2023-48788). xp_cmdshell spawns a Windows command…
I was looking through older Incident Response reports from our team and came across this paragraph here: "The attackers were able to successfully establish a VPN connection, according to the source IP, which points back to a VPN range. Due to the lack of enabled logging (see…

Johan @Syndikalist
402 Followers 721 Following Mostly RT interesting stuff. RT != Endorsement and all that jazz. #WeAreNAFO
CryptoMarocain🇲�... @cryptomarocain
184 Followers 285 Following hello Paris. CTF player. reverse engineer .
Ninas portela @ninasportela
97 Followers 602 Following midwest | musicians | artists | communities 📸 📝
Wyman Turner-Waelchi @waelchi72430
22 Followers 2K Following
Elena Johnson @ElenaJohns10551
30 Followers 152 Following
$ome0ZE @some0ZE
0 Followers 26 Following
regnobit @regnobit1
8 Followers 382 Following
Hunal @Hunal9999900
63 Followers 1K Following
Dr. Ch33r10 @Ch33r10
12K Followers 7K Following #CTI • #PurpleTeam • Latina 🇲🇽 • Opinions are my own
Snodig @Snodig1
60 Followers 2K Following
draco neo @draconeo25
2 Followers 119 Following
Mauricio Costa Canto @MauricioCo50247
0 Followers 49 Following
Anton @Antonlovesdnb
5K Followers 3K Following Blue Team stuff | Trying to be a decent human being | @munkschool Grad | Hunt & Response @HuntressLabs
Trauataup @Trauataup263
22 Followers 1K Following
bubbling creek @bubbling_creek
279 Followers 3K Following
tech @tech14840
3 Followers 35 Following
ADENIJI @Mr_Dexterousx
13 Followers 196 Following
Neanith @NeanithvoDw2X2
68 Followers 1K Following
Mohit Chaudhary @mkmohit257
261 Followers 3K Following Just a random person trying to achieve something 🙄
lived @chngjzh
33 Followers 1K Following
Darren Webb ☠🕷 @spyd3r
1K Followers 7K Following Computational demonologist. The following tweets are classified SECRET GOLD JULY BOOJUM. 101 824 5150
blueteamblog @blueteamblog
12K Followers 671 Following Check out my blog - https://t.co/sVkckZJoqF Support my site - https://t.co/3id8vdp6ab
REDxRANGER @dx_ranger
53 Followers 134 Following Red Team https://t.co/yKt5faCzXE https://t.co/KxJHnVBGEI
Aura @SecurityAura
6K Followers 651 Following GCIH, GCFE, GDAT | DFIR, TH, DE | @CuratedIntel DFIR https://t.co/BMWUwziTLh https://t.co/MmX2YNVqdk https://t.co/R20zseQfLk
Raven Cloud @BlueteamSecops
943 Followers 3K Following #cibersecurity #DFIR #Blueteam #Threathunting #CTI
Iter Ation @it_er_a_tion
11 Followers 792 Following
Siroasl @Siroasl0Tv
45 Followers 1K Following
Swachchhanda Poudel @_swachchhanda_
89 Followers 371 Following Threat Researcher | Detection Engineer @nextronsystems | #sigma #yara https://t.co/LjJ2sh3CIE
Mukul Sharma @MukulSh88179606
16 Followers 442 Following
Lord Snakewell @lord_snakewell
21 Followers 293 Following Technomancer, wizard, lord of the bling. Block thirst traps, bots, and month old accounts. don't bother
Loughth @LoughthUid
117 Followers 3K Following
Post Palonely @MalonelyPost
37 Followers 22 Following "I might be too strung out on compliments Overdosed on loneliness"
Stephan G @StephanG_AIM
34 Followers 236 Following IT enthusiast | M365 all over | technical & adoption advisor
Nirwri @NirwriNNkn
56 Followers 4K Following
Johan @Syndikalist
402 Followers 721 Following Mostly RT interesting stuff. RT != Endorsement and all that jazz. #WeAreNAFO
Wil @wil_fri3d
487 Followers 121 Following
安坂星海 Azaka ||... @AzakaSekai_
11K Followers 6K Following ‧₊˚ ⋅ Indie Comfy VTuber ⊹˚. Employed Threat Intel Researcher ♡‧₊˚ SynthV Cover Artist / Vocal Manip. 🎨: @jamama_666 / @MomoiroKohi / @justNovaj 🖌️: #artsyaz
Accidental CISO @AccidentalCISO
57K Followers 2K Following I accidentally became the CISO. I didn't want this job, but the job chose me. I'm scared, and I want to go home.
TrustedSec @TrustedSec
77K Followers 765 Following End-to-end Cybersecurity consulting team leading the industry, supporting organizations, and giving back. #Hacktheplanet Blogs, news, webinars, and tools!
Ben @polygonben
919 Followers 903 Following SOC analyst @HuntressLabs | GCFA | Personal opinions and research are my own and don’t reflect my employer
BSides Berlin @SidesBer
598 Followers 1 Following Join us at BSides Berlin at CIC Berlin on November 8 2025 Check out our website for more details: https://t.co/VAErpVcPc5
Nathaniel Fried @nattyfried
4K Followers 1K Following Open Source Intelligence is fun. Co-founder & CEO @0xbowio
LETHAL FORENSICS @LETHAL_DFIR
91 Followers 5 Following Official X account for LETHAL FORENSICS. #DigitalForensics #IncidentResponse #Investigation #Microsoft365 #BEC
angerman @hybrid_angerman
71 Followers 293 Following Infosec enthousiast since 1999, Threat Intelligence & Hunting, Hacking, Sci-Fi, geek, petrol head, husband, dad, hybrid personality, little weird, loves life.
ironquill @WhenOnKStreet
2K Followers 5K Following red team, cats... him/he/y'all. fuck putin. free Palestine.
sapir federovsky @sapirxfed
5K Followers 183 Following Doing things @wiz_io And then doing more things at home | failed research blog: https://t.co/j2HT1Tpscs
Ivan @Ivanklydz
193 Followers 53 Following
CCob🏴�... @_EthicalChaos_
9K Followers 437 Following Ceri Coburn: Hacker | R̷u̷n̷n̷e̷r̷ DIYer| Vizsla Fanboy and a Little Welsh Bull apparently 🏴 Author of poorly coded tools: https://t.co/P6tT2qQksC
Andrew @4ndr3w6S
3K Followers 2K Following Detection Engineering @HuntressLabs | Prev. Practice Lead, TAC (Purple Team) @TrustedSec | @SpursOfficial Super Fan - COYS!
Bert-Jan 🛡️ @BertJanCyber
4K Followers 563 Following CSIRT | https://t.co/Tu1l2ZFe0T | Microsoft Security MVP | Blue & Purple Team | SOC | SIEM | Threat Hunting | Detection Engineering | #KQL |
Analyst1 @Analyst1
1K Followers 267 Following Protect your business from cyber threats with fast and effective threat response solutions. 🛡️
mgeeky | Mariusz Bana... @mariuszbit
14K Followers 812 Following 🔴 Operator, Initial Access afficionado, Researcher, ex-AV engine developer, ex-Malware analyst 🦋 @mgeeky.bsky.social 🫖 green tea lover
ZDFheute @ZDFheute
1.3M Followers 301 Following Hier twittert die ZDFheute-Redaktion | Impressum https://t.co/r1GyevxMXG | Netiquette https://t.co/KCEJf8rOgg
Szabolcs Schmidt @smica83
2K Followers 413 Following Threat Intel Specialist and Incident Responder. Private account. All opinions expressed here are mine only. https://t.co/7dQQO1JwUd
hAPI_hacker @hAPI_hacker
14K Followers 737 Following { "name": "Corey J. Ball", "author": "Hacking APIs", "creator": "https://t.co/y3EHBlzHvJ", "is_admin": true }
Ellis Springe @knavesec
1K Followers 422 Following Adversary Simulation X-Force Red, developer of tools, connoisseur of dogs
Dylan Tran @d_tranman
2K Followers 172 Following salsa sultan, verde villain, condiment connoisseur Adversary Simulation @xforce Red Team @wrccdc Former: @NationalCCDC+@wrccdc & @globalcptc @calpolyswift
x86matthew @x86matthew
21K Followers 189 Following C / asm / system emulation / reverse engineering. @the_secret_club
NanoBaiter @NanoBaiter
135K Followers 169 Following I track down and identify scammers. https://t.co/EPDyCMDyiK
Adam Chester 🏴�... @_xpn_
36K Followers 498 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
Andreas Aaris-Larsen @AarisLarsen
75 Followers 86 Following
UK OSINT Community @OSINT_Community
4K Followers 0 Following #OSINT community building and growing local OSINT capability within the UK.
Visegrád 24 @visegrad24
1.4M Followers 2K Following Aggregating and curating news, politics and current affairs.
P3RPL3X_x25 @P3rpl3xX25
120 Followers 220 Following Senior Threat Hunter, Senior Cyber Security Analyst, Blueteamer and Hacker
RootkitRanger @RootkitRanger
917 Followers 5K Following Incident Response at MDR. DFIR, Threat Hunting, and Threat Intel. 🇺🇦🇺🇸. *Everything said here is my own opinion not that of my employer
Simplicio Sam L. @marsomx_
663 Followers 1K Following 🇮🇹 | IT Engineer with Cyber Security passion | Malware Analysis | Reverse Engineering | CTI - views and opinions are solely my own -
Bundespolizei Bayern @bpol_by
45K Followers 129 Following Hier postet die Bundespolizei in Bayern zu bestimmten Anlässen. Keine Anzeigen! Kein 24/7-Monitoring! Im Notfall 110 wählen! Impressum: https://t.co/TDttOdKW4H
Polizei Bayern @PolizeiBayern
42K Followers 156 Following Offizieller Account der Polizei Bayern. Impressum/Datenschutzerklärung unter: https://t.co/KtjEZ7zx0d
Steve Inman @SteveInmanUIC
3.0M Followers 3K Following MMA/Sports commentator. Narrating random videos from around the world. Backup page @SteveInmanClips 🇺🇸 #FAFO Videos
LeakIX @leak_ix
7K Followers 235 Following Provide comprehensive visibility into internet-facing assets. Looking for vulnerabilities and misconfigurations 24/7 since 2020. https://t.co/MEjkffN1xg
auonsson @auonsson
33K Followers 455 Following Main account: https://t.co/TjSuNxrK31 Pseudonymous osint. Every system is a sensor if you hold it right. Trying to limit myself to Baltics. 🇸🇪
CyberspaceOperator @0x17xx
121 Followers 353 Following Cybersecurity Incident Responder. Cyber Threat Hunter. CISSP. GIAC x3. I love a good pew pew map. Marine Corps veteran.
Jonathan Gonzalez �... @godslittlemacro
2K Followers 2K Following Incoherent rants are my own intellectual property. ex-DFIR, now CTI. It's either memes, infosec, or activism. Unfollow accordingly.
International Cyber D... @IntCyberDigest
5K Followers 3K Following Your weekly go-to cybersecurity newsletter, curated and commented on by our senior analysts. Got tips? Signal: IntCyberDigest.17