Asger.jpg @hackerkartellet
🇩🇰 living in 🇩🇪 Principal IR dude trying to do IR stuff at @InfoGuardAG https://t.co/odU86jtnLL… @hackerkartellet.bsky.social Munich, Bavaria Joined January 2011-
Tweets216
-
Followers651
-
Following983
-
Likes2K
Active Directory hardening is free…outside of your time. Overall - PingCastle Passwords - FGPP, LAPS, Lithnet Permissions - ADeleg/ADeleginator Applocker - Applocker Inspector/Applocker gen ADCS - Locksmith Logon scripts - ScriptSentry GPO - GPOZaurr Baselines - CIS/Microsoft…
Yesterday, I presented "Anti-Forensic" techniques for Windows and Linux at the Troopers conference in Heidelberg. This morning at breakfast, I was approached by an attendee and asked if I had looked at the zapper tool from The Hacker's Choice. [1] I said no, but of course, my…
We just released MemProcFS-Analyzer v1.2.0 with various enhancements. Check out the changelog for more information. Happy Memory Analysis! #MemProcFS #MemoryAnalysis #DFIR github.com/LETHAL-FORENSI…
Some people commented on my post below, asking, "But isen't the domain legitimate?" Well.. maybe? Take a moment to visit this web page here: wizer-training.com/blog/copy-paste Done? Copy and paste could be abused by attackers, along with a lookalike domain (e.g., g0ogle[.]com), who…
Some people commented on my post below, asking, "But isen't the domain legitimate?" Well.. maybe? Take a moment to visit this web page here: wizer-training.com/blog/copy-paste Done? Copy and paste could be abused by attackers, along with a lookalike domain (e.g., g0ogle[.]com), who…
We just released Microsoft-Analyzer-Suite v1.5.1. This update includes bug fixes and a new version of RiskyDetections-Analyzer. Check out the changelog for more information. Happy M365/Azure Threat Hunting! #M365 #Azure #Entra #BEC #CloudIncidentResponse #DFIR #Microsoft…
Could you all take a moment to check that UAL is enabled on your M365 tenant? The IR team will really appreciate it later!
I am reposting my old post as a reminder to regularly check which UserAgents are logging into your tenant. In more recent instances, we have noticed that TAs are using tools with the following as part of their toolkit: 'node-fetch/1.0 (+github.com/bitinn/node-fe…)' 'GuzzleHttp/7'
I am reposting my old post as a reminder to regularly check which UserAgents are logging into your tenant. In more recent instances, we have noticed that TAs are using tools with the following as part of their toolkit: 'node-fetch/1.0 (+github.com/bitinn/node-fe…)' 'GuzzleHttp/7'
My big boss man is having a party writing awesome blogs. Take a look!
New blog post: Tear Down The Castle - Part 2 dfir.ch/posts/tear_dow… I analyzed 250 PingCastle Reports, grouping the findings along the categories I used for my 10 AD Commandments series. The number of affected domains is stated within each finding, i.e., in how many domains we…
I just released Microsoft-Analyzer-Suite v1.3.0. UserAgent Blacklist added, ClientInfoString and Mailbox Synchronization detection of eM Client (Traitorware) added, and much more. Happy M365 Threat Hunting! @InvictusIR #M365 #Entra #BEC #DFIR github.com/evild3ad/Micro…
New blog post: Tear Down The Castle - Part 1 dfir.ch/posts/tear_dow… I analyzed 250 PingCastle Reports, grouping the findings along the categories I used for my 10 AD Commandments series. The number of affected domains is stated within each finding, i.e., in how many domains we…
New blog post: Analysis of Python's .pth files as a persistence mechanism dfir.ch/posts/publish_… I dig into Pythons Path Configuration Files (.pth) and how an attacker can (mis-)use them for a sneaky persistence mechanism.
Teaser: Microsoft-Analyzer-Suite v1.2.0 will detect the new Device Compliance bypass technique via Microsoft Intune Company Portal Check out: labs.jumpsec.com/tokensmith-byp… quzara.com/blog/bypass-in…
For those using the full User Agent in their queries, detection, hunt, etc ... Time to increment the last number. Or even better, just look for "axios" and see what comes out 😂
Did you know about the Windows Notifications database? While investigating suspicious behavior on a computer, I discovered evidence of a blocked DNS connection within the Notifications database (see attached screenshot). This database could hold valuable information for other…
"A system administrator noticed that the user account kiosk had an active SSL-VPN connection to the corporate network. However, the kiosk user should not have been able to establish such a connection, as access via SSL-VPN is intended to be restricted to specific user groups…
"The attacker successfully gained unauthorized access to the organization’s internal network through an SSL VPN endpoint hosted at vpn.customer.tld. This VPN required only a basic username and password combination, lacking advanced security controls such as multi-factor…
Throwback to a case I had in June
Who actively monitors the Application Event Log for the Event ID 15457, containing the string xp_cmdshell? The screenshot below is from an Incident Response engagement this year from an exploited FortiClient EMS server (CVE-2023-48788). xp_cmdshell spawns a Windows command…
I was looking through older Incident Response reports from our team and came across this paragraph here: "The attackers were able to successfully establish a VPN connection, according to the source IP, which points back to a VPN range. Due to the lack of enabled logging (see…

VirginiaLaw @y6qBJ6tVNJW9LZ9
15 Followers 688 Following
Johan @Syndikalist
403 Followers 724 Following Mostly RT interesting stuff. RT != Endorsement and all that jazz. #WeAreNAFO
CryptoMarocain🇲�... @cryptomarocain
184 Followers 284 Following hello Paris. CTF player. reverse engineer .
Wyman Turner-Waelchi @waelchi72430
24 Followers 2K Following
Elena Johnson @ElenaJohns10551
49 Followers 214 Following
$ome0ZE @some0ZE
0 Followers 26 Following
regnobit @regnobit1
7 Followers 383 Following
Hunal @Hunal9999900
60 Followers 1K Following
Dr. Ch33r10 @Ch33r10
12K Followers 7K Following #CTI • #PurpleTeam • Latina 🇲🇽 • Opinions are my own
Snodig @Snodig1
58 Followers 2K Following
draco neo @draconeo25
1 Followers 119 Following
Mauricio Costa Canto @MauricioCo50247
0 Followers 49 Following
Anton @Antonlovesdnb
5K Followers 3K Following Blue Team stuff | Trying to be a decent human being | @munkschool Grad | Hunt & Response @HuntressLabs
Trauataup @Trauataup263
27 Followers 1K Following
bubbling creek @bubbling_creek
286 Followers 3K Following
tech @tech14840
2 Followers 35 Following
ADENIJI @Mr_Dexterousx
13 Followers 197 Following
Mohit Chaudhary @mkmohit257
258 Followers 3K Following Just a random person trying to achieve something 🙄
lived @chngjzh
32 Followers 1K Following
Darren Webb ☠🕷 @spyd3r
1K Followers 7K Following Computational demonologist. The following tweets are classified SECRET GOLD JULY BOOJUM. 101 824 5150
blueteamblog @blueteamblog
12K Followers 671 Following Check out my blog - https://t.co/sVkckZJoqF Support my site - https://t.co/3id8vdp6ab
REDxRANGER @dx_ranger
53 Followers 136 Following Red Team https://t.co/yKt5faCzXE https://t.co/KxJHnVBGEI
Aura @SecurityAura
6K Followers 654 Following GCIH, GCFE, GDAT | DFIR, TH, DE | @CuratedIntel DFIR https://t.co/BMWUwziTLh https://t.co/MmX2YNVqdk https://t.co/R20zseQfLk
Raven Cloud @BlueteamSecops
953 Followers 3K Following #cibersecurity #DFIR #Blueteam #Threathunting #CTI
Iter Ation @it_er_a_tion
11 Followers 796 Following
Siroasl @Siroasl0Tv
40 Followers 981 Following
Swachchhanda Poudel @_swachchhanda_
95 Followers 371 Following Threat Researcher | Detection Engineer @nextronsystems | #sigma #yara https://t.co/LjJ2sh3CIE
Mukul Sharma @MukulSh88179606
19 Followers 454 Following
Lord Snakewell @lord_snakewell
15 Followers 306 Following Technomancer, wizard, lord of the bling. Block thirst traps, bots, and month old accounts. don't bother
Loughth @LoughthUid
114 Followers 3K Following
Post Palonely @MalonelyPost
39 Followers 22 Following "I might be too strung out on compliments Overdosed on loneliness"
Stephan G @StephanG_AIM
33 Followers 239 Following IT enthusiast | M365 all over | technical & adoption advisor
Nirwri @NirwriNNkn
58 Followers 4K Following
Andreas Aaris-Larsen @AarisLarsen
75 Followers 86 Following
Valéry Rieß-Marchiv... @ValeryMarchive
9K Followers 690 Following Rédac' chef @LeMagIT - ministre des #ransomware (proposé) - DM ouverts
Johan @Syndikalist
403 Followers 724 Following Mostly RT interesting stuff. RT != Endorsement and all that jazz. #WeAreNAFO
Wil @wil_fri3d
506 Followers 121 Following
安坂星海 Azaka ||... @AzakaSekai_
12K Followers 7K Following ‧₊˚ ⋅ Indie Comfy VTuber ⊹˚. Employed Threat Intel Researcher ♡‧₊˚ SV Cover Artist ✧・゚https://t.co/h3frxp4AWO *:・˚ @jamama_666 / @MomoiroKohi / @justNovaj / #artsyaz
Accidental CISO @AccidentalCISO
58K Followers 2K Following I accidentally became the CISO. I didn't want this job, but the job chose me. I'm scared, and I want to go home.
TrustedSec @TrustedSec
77K Followers 765 Following End-to-end Cybersecurity consulting team leading the industry, supporting organizations, and giving back. #Hacktheplanet Blogs, news, webinars, and tools!
Ben @polygonben
936 Followers 926 Following SOC analyst @HuntressLabs | GCFA | Personal opinions and research are my own and don’t reflect my employer
BSides Berlin @SidesBer
610 Followers 1 Following Join us at BSides Berlin at CIC Berlin on November 8 2025 Check out our website for more details: https://t.co/VAErpVcPc5
Nathaniel Fried @nattyfried
4K Followers 1K Following Open Source Intelligence is fun. Co-founder & CEO @0xbowio
LETHAL FORENSICS @LETHAL_DFIR
97 Followers 5 Following Official X account for LETHAL FORENSICS. #DigitalForensics #IncidentResponse #Investigation #Microsoft365 #BEC
angerman @hybrid_angerman
71 Followers 293 Following Infosec enthousiast since 1999, Threat Intelligence & Hunting, Hacking, Sci-Fi, geek, petrol head, husband, dad, hybrid personality, little weird, loves life.
k strizzle @WhenOnKStreet
2K Followers 5K Following red team, web app security, digital archaeology, cats... him/he/y'all. fuck putin. free Palestine. ANTI- FASCIST AF.
sapir federovsky @sapirxfed
5K Followers 183 Following Doing things @wiz_io And then doing more things at home | failed research blog: https://t.co/j2HT1Tpscs
Ivan @Ivanklydz
193 Followers 52 Following
CCob🏴�... @_EthicalChaos_
9K Followers 440 Following Ceri Coburn: Hacker | R̷u̷n̷n̷e̷r̷ DIYer| Vizsla Fanboy and a Little Welsh Bull apparently 🏴 Author of poorly coded tools: https://t.co/P6tT2qQksC
Andrew @4ndr3w6S
3K Followers 2K Following Detection Engineering @HuntressLabs | Prev. Practice Lead, TAC (Purple Team) @TrustedSec | @SpursOfficial Super Fan - COYS!
Bert-Jan 🛡️ @BertJanCyber
4K Followers 566 Following CSIRT | https://t.co/Tu1l2ZFe0T | Microsoft Security MVP | Blue & Purple Team | SOC | SIEM | Threat Hunting | Detection Engineering | #KQL |
Analyst1 @Analyst1
1K Followers 267 Following Protect your business from cyber threats with fast and effective threat response solutions. 🛡️
mgeeky | Mariusz Bana... @mariuszbit
14K Followers 823 Following 🔴 Operator, Initial Access afficionado, Researcher, ex-AV engine developer, ex-Malware analyst 🦋 @mgeeky.bsky.social 🫖 green tea lover
ZDFheute @ZDFheute
1.3M Followers 301 Following Hier twittert die ZDFheute-Redaktion | Impressum https://t.co/r1GyevxMXG | Netiquette https://t.co/KCEJf8rOgg
Szabolcs Schmidt @smica83
2K Followers 421 Following Threat Intel Specialist and Incident Responder. Private account. All opinions expressed here are mine only. https://t.co/7dQQO1JwUd
hAPI_hacker @hAPI_hacker
14K Followers 738 Following { "name": "Corey J. Ball", "author": "Hacking APIs", "creator": "https://t.co/y3EHBlzHvJ", "is_admin": true }
Ellis Springe @knavesec
1K Followers 427 Following Adversary Simulation X-Force Red, developer of tools, connoisseur of dogs
Dylan Tran @d_tranman
2K Followers 181 Following salsa sultan, verde villain, condiment connoisseur Adversary Simulation @xforce Red Team @wrccdc Former: @NationalCCDC+@wrccdc & @globalcptc @calpolyswift
x86matthew @x86matthew
21K Followers 189 Following C / asm / system emulation / reverse engineering. @the_secret_club
NanoBaiter @NanoBaiter
134K Followers 170 Following I track down and identify scammers. https://t.co/EPDyCMDyiK
Adam Chester 🏴�... @_xpn_
36K Followers 501 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
Andreas Aaris-Larsen @AarisLarsen
75 Followers 86 Following
UK OSINT Community @OSINT_Community
4K Followers 0 Following #OSINT community building and growing local OSINT capability within the UK.
Visegrád 24 @visegrad24
1.4M Followers 2K Following Aggregating and curating news, politics and current affairs.
P3RPL3X_x25 @P3rpl3xX25
122 Followers 221 Following Senior Threat Hunter, Senior Cyber Security Analyst, Blueteamer and Hacker
RootkitRanger @RootkitRanger
914 Followers 5K Following Incident Response at MDR. DFIR, Threat Hunting, and Threat Intel. 🇺🇦🇺🇸. *Everything said here is my own opinion not that of my employer
Simplicio Sam L. @marsomx_
699 Followers 1K Following 🇮🇹 | IT Engineer with Cyber Security passion | Malware Analysis | Reverse Engineering | CTI - views and opinions are solely my own -
Bundespolizei Bayern @bpol_by
46K Followers 129 Following Hier postet die Bundespolizei in Bayern zu bestimmten Anlässen. Keine Anzeigen! Kein 24/7-Monitoring! Im Notfall 110 wählen! Impressum: https://t.co/TDttOdKW4H
Polizei Bayern @PolizeiBayern
42K Followers 156 Following Offizieller Account der Polizei Bayern. Impressum/Datenschutzerklärung unter: https://t.co/KtjEZ7zx0d
Steve Inman @SteveInmanUIC
3.0M Followers 3K Following MMA/Sports commentator. Narrating random videos from around the world. Backup page @SteveInmanClips 🇺🇸 #FAFO Videos
LeakIX @leak_ix
7K Followers 236 Following Provide comprehensive visibility into internet-facing assets. Looking for vulnerabilities and misconfigurations 24/7 since 2020. https://t.co/MEjkffN1xg
auonsson @auonsson
34K Followers 467 Following Main account: https://t.co/TjSuNxrK31 Pseudonymous osint. Every system is a sensor if you hold it right. Trying to limit myself to Baltics. 🇸🇪
CyberspaceOperator @0x17xx
119 Followers 352 Following
Jonathan Gonzalez �... @godslittlemacro
2K Followers 2K Following Incoherent rants are my own intellectual property. ex-DFIR, now CTI. It's either memes, infosec, or activism. Unfollow accordingly.
International Cyber D... @IntCyberDigest
11K Followers 3K Following Your weekly go-to cybersecurity newsletter, curated and commented on by our senior analysts. Got tips? Signal: IntCyberDigest.17