hcss2013 @hcss2013
Joined April 2013-
Tweets318
-
Followers15
-
Following400
-
Likes4K
@wdormann @Harvesterify @Mandiant Couldn’t resist trying. This is under default UAC settings - not sure why it’s different on your end. IMO, both the Mandiant and Red Canary reports miss a key point by not calling out the UAC bypass that occurs (as shown by printui.exe ending up with high integrity at the end)
Wrote a set of YARA rules to detect the specific web shells dropped during the SharePoint CVE-2025-53770 exploitation. - Cleartext and compiled variants - Forensic artefacts in logs and on disk Hope it helps. Rules will be available in THOR Lite and THOR Cloud Lite shortly.…
Wrote a set of YARA rules to detect the specific web shells dropped during the SharePoint CVE-2025-53770 exploitation. - Cleartext and compiled variants - Forensic artefacts in logs and on disk Hope it helps. Rules will be available in THOR Lite and THOR Cloud Lite shortly.… https://t.co/XiRTIC7ywW
@IAMERICAbooted @rvrsh3ll Using the word "bypass" unnecessarily got to be in the top 10 list of most annoying cyber sec things. Uses device code as it was intended to be used -> MFA BYPASS! Modifies OS security with Admin rights -> Defender BYPASS! Allows vulnerable program to run -> WDAC BYPASS!
You actually don't need 100% coverage of MITRE ATT&CK What you actually need is to maximize prevention, minimize response time and prioritize coverage of your known attack paths.
Your average non-state APT doesn't use browser exploits for initial access. They don't give a shit about the kernel or the EDR, they don't deploy rootkits. They use phishing/breached creds w/ VPN, pwn your ADCS , then delete your backups and deploy ransomware, all loud as fuck
You either detect a procedure or you don’t. I don’t really care about which ATT&CK technique it maps to 🤷♂️ Nine times out of ten, people are just uselessly trying to track coverage at a technique level that doesn’t make sense.
If you're not getting the answers you're looking for, change the questions you're asking... "Is PingCastle detected?" is the wrong question... "Is Active Directory enumeration detected?" is better... "Is high volume enumeration of the Domain Administrators group from a…
NEW LAB: Abu Jibal (APT34 / OilRig) 🔍💻 Iranian APT34 targets the oil and gas sector across the Middle East. Test your blue team skills on: 👀 Password Filter DLL Attacks 👀 RunPE In-Memory Execution 👀 Windows Kernel Elevation 👀 Malicious JavaScript Payloads 👀 Custom…
ClickFix -> Stealer🖱️ 🌐Domain: angrybirds[.]world 📡Payload: mshta https://wl[.]gl/directiontitle # cloudflare id №86154190264592101-49329836503 🛜Real IP -> http://45.67.229[.]40/ 🛜ASN: 44477 - STARK-INDUSTRIES 2⃣nd Stage:…
An ongoing coin-mining malware attack spreads via removable drives. It drops printui.dll into a deceptive folder path: C:\Windows[SPACE]\System32 The malware uses DLL sideloading: 🌐 Drops printui.dll 🌐 Sideloaded by the legitimate printui.exe (Microsoft signed) Persistence…
Today, I'm releasing the first version of a small web 🚀: rosti.bin.re It provides IOCs and YARA rules collected semi-automatically from public blog posts and reports of almost 200 cybersecurity sites. I hope it proves useful to some of you ... 🙏✨ #ThreatIntel
North Korea stole $1.4billion by injecting JavaScript through an AWS S3 bucket to spoof the UI interface during a transaction? It's almost like the entire infosec industry is focusing on hyperbolic amplified APT threats that are "cool" rather the stark realities confronting us.
> be elite TAO operator > never op on holidays or past 5pm (Fort Meade time) > fuck up commands and expose your hostname They're just like us for real
> be elite TAO operator > never op on holidays or past 5pm (Fort Meade time) > fuck up commands and expose your hostname They're just like us for real
You can assess impact via Entra sing-in logs (see picture) or Graph PowerShell: Get-MgBetaAuditLogSignIn -Filter "AuthenticationProtocol eq 'deviceCode'" CA template (Use Upload policy file in CA) here: github.com/nathanmcnulty/… Volexity report: volexity.com/blog/2025/02/1…
Guess what, the Russians embarking on a global campaign to exploit device code auth was not in PI Planning or part of any sprint. But you know what? That got dealt with immediately. THAT is Agile. Jira, Scrum, and Kanban boards are stiff and inflexible, especially when you…
The team has been heads down these last few weeks building and we have just achieved an important landmark: Splunk Enterprise Security Content Update 5.0.0 is now available! What’s new? 🎨 Revamped UI & Home Page – Centralized release notes, analytics counts, and timeline…
.@Volexity recently identified multiple Russian threat actors targeting users via #socialengineering + #spearphishing campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: volexity.com/blog/2025/02/1… #dfir #threatintel #m365security
Cert Central .org is live! We track and report abused code-signing certs. By submitting to the website, you contribute to the DB of >800 certs—a DB you can access and view. Want to get more involved? Check out the Training and Research pages to learn more. 1/2
Most organizations don't need threat hunters, they need do the basics better hunters with the power to go and fix what they find. RDP open to the world? No MFA on your VPN? LAPS not deployed? 3500 people in Domain Admins? 99% of organizations would be in a better place focusing…

Sandra @Sandra458467158
313 Followers 3K Following
Chris Duggan @TLP_R3D
7K Followers 3K Following Head of Threat Informed Defence for a FSTE 100 | Malware Geek | Curated Intel Member | Threat Intelligence Expert Extraordinaire
SandieLada @LadaSandie30561
43 Followers 2K Following
sam scholten @samkscholten
435 Followers 642 Following head of detection @sublime_sec 🕵️ fmr: @proofpoint https://t.co/SL2P9joPu8
LocalhostDaemon @LocalhostDaemon
2K Followers 4K Following
God Gun @GodGun80331460
2 Followers 35 Following Keep a low profile for development - focus on safety, technology never ends!
Benedict Vishal @ilovesecurity
274 Followers 5K Following #Solitude #Afraidofschemers #TwoFace #Saiyan #CaptainTsubasa #Swatcats #HarvestingmyChineseBambooTrees
Elbsides / elbsides@i... @elbsides
517 Followers 607 Following Elbsides 2025 -Computer Security Conference - June 13th, 2025. No longer posting here-follow us on LinkedIn, @elbsides.bsky.social & @[email protected]
M. @keram1828
118 Followers 573 Following Interested in IT Security, renewable energy, new technologies, 3D printing. Passionate cyclist.
VMRay @vmray
4K Followers 2K Following Sandboxing reinvented for the threats of today - and tomorrow. | Imprint: https://t.co/yZtPfo2ySF
Faraday Security @faradaysec
7K Followers 6K Following All in One Security Solution Vulnerability Management Platform + Red Team Services + Research
DigiP ㊙寅 Я не ... @xxDigiPxx
2K Followers 4K Following
Thinkst Canary @ThinkstCanary
13K Followers 10K Following Most companies only realise they are breached when informed by a 3rd party. This is a stupid problem! Thinkst Canary. Know. When it Matters.
Sam Logan @samandfuzzy
31K Followers 260 Following Canadian comic writer and artist! Creator of Sam and Fuzzy and Vote Dog, sometimes writer of Invader Zim comics, drawer of many pets
Tony Lambert @ForensicITGuy
6K Followers 1K Following Recovering sysadmin that now chases adversaries instead of uptime. Sr Malware Analyst @redcanary
Maxie Reynolds @__maxreynolds
3K Followers 84 Following
Yes, But @_yesbut_
731K Followers 1 Following Official YES, BUT series by @like_gudim https://t.co/SubYEcH8wY https://t.co/QieStKVXDA
🦇 Jaclyn 🦇 @QueenKryptid
13K Followers 281 Following She/her 💕 | Streamer 🖥 | ChildFREE ✨️ | 🇵🇷 | https://t.co/mWkFSAE1R7 | -120lbs 💪 All socials are QueenKryptid. ❤️ Fk 47 & his cult ❤️
WeRateDogs @dog_rates
9.1M Followers 13 Following Your Only Source For Professional Dog Ratings Instagram and Facebook ➜ WeRateDogs [email protected] | nonprofit: @15outof10 ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
Mikhail Kasimov @500mk500
5K Followers 596 Following Malicious traffic detection system: @maltrail; Maltrail Demo Page: https://t.co/eimXdZvjWo; Maltrail FAQ: https://t.co/Kne9lewPHT
John Hultquist @JohnHultquist
29K Followers 1K Following Chief Analyst, Google Threat Intelligence Group. @CYBERWARCON and @SLEUTHCON founder. Johns Hopkins professor. Army vet.
Wietze @Wietze
7K Followers 392 Following Threat Detection & Response. Views are my own, unless retweeted. Maintainer of https://t.co/000t7J0NBR & https://t.co/thv6PP5C48 Co-maintainer of https://t.co/rXIxOggXs2
Security BSides @SecurityBSides
57K Followers 875 Following Building communities one event at a time. Thirteen years, over eight hundred events, and we're just getting started. @[email protected]
Maddy 🐝 @Cyb3rMaddy
27K Followers 264 Following Cyber Security Content Creator 🛜 Technical Tutorials 🚨 Security News 📺 100k+ on YouTube 👇
🌲✈GFFan🇨🇦�... @forever_gf618
17K Followers 701 Following I'm ThatGFFAN. I'm a #GravityFalls and #Hilda fan. I love many other shows too. I'm also an #AvGeek, university grad and a proud Canadian/Pakistani 🇨🇦 🇵🇰
Dr. Nicole LePera @Theholisticpsyc
1.0M Followers 322 Following Join my private healing community @selfhealerscirc 👇🏼
Null Pwner @NullPwner
259 Followers 807 Following Turning random hashes into aha-moments. Coffee fueled. Views mine.
EZ @IAMERICAbooted
2K Followers 1K Following Yesterday is history. Tomorrow is a mystery. Cloud Solutions Engineer at Contoso. Hacktive Directory admin. Posts don't represent my employer(s).
Myrtus @Myrtus0x0
8K Followers 707 Following Malware Researcher | Developer | @Cryptolaemus1 | @NVIDIA bsky: [email protected]
crep1x @crep1x
3K Followers 313 Following Lead cybercrime analyst, tracking adversaries activities & infrastructure, at @sekoia_io
SECUINFRA FALCON TEAM @SI_FalconTeam
3K Followers 86 Following Insights from the Digital Forensics/Incident Response and Threat Research Team at SECUINFRA. We regularly publish reports, detection rules and other findings!
Dr Ally Louks @DrAllyLouks
239K Followers 133 Following Smell commentator. Currently teaching at Cambridge. ‘One of those academic types who turn to books as a substitute for social interaction’. 🏳️🌈🦇🌱👃🏻📚
Peter Klapwijk | MVP @inthecloud_247
5K Followers 280 Following Microsoft MVP Security (Intune) & Windows and devices - Senior Modern workplace Consultant at @Wortell - Blogger @ https://t.co/njG1N4cFj3 #MVPBuzz #MsIntune
LP @jotunvillur
3K Followers 1K Following #SecKC | #FSD 🦆 | Not @jfug_ | Hunt, CTI, SecOps | Ultrarunning and powerlfiting | tweets != employers
Arctic Wolf @AWNetworks
4K Followers 519 Following At Arctic Wolf, our mission is to End Cyber Risk through effective security operations.
Stephen Sims @Steph3nSims
24K Followers 832 Following Perpetual Student | SANS Fellow | Musician | Braggart Hater | Gray Hat Hacking | VR | 🏂 | deadcode | https://t.co/CadJehomsU
Off By One Security @offby1security
1K Followers 1 Following This is the X page for the Off By One Security YouTube channel and Discord server. Streams every Friday at 11AM PT. https://t.co/Q8qt342Nhx
Squiblydoo @SquiblydooBlog
4K Followers 76 Following Malware Analysis Creator of Debloat, certReport, and https://t.co/w4rAuuB7O0 Want to chat? Join the Debloat discord: https://t.co/ZcWIqa6ZA9
Soren Iverson @soren_iverson
292K Followers 128 Following New ideas daily. Building @iverson and @stompersapp
Heavyrain @heavyrain_89
355 Followers 201 Following KRCert(KISC) Deputy General Researcher, Threat Intelligence,
Asger.jpg @hackerkartellet
653 Followers 983 Following 🇩🇰 living in 🇩🇪 Principal IR dude trying to do IR stuff at @InfoGuardAG https://t.co/odU86jtnLL… @hackerkartellet.bsky.social
Nextron Research ⚡�... @nextronresearch
2K Followers 10 Following Nextron Systems Threat Research Team research (att) https://t.co/QTt2X62dXP
Isa // Lord of Crows ... @Secondlina
168K Followers 5K Following Isa is my name / bi ace ink goblin (her/they) ♊️ Co-creator of the webcomics Namesake, Crow Time & Trinket (WIP) / Agent: @Grahamophones.
FOFA @fofabot
12K Followers 191 Following Cybersecurity Search Engine Contact Email: [email protected] Telegram: https://t.co/E5EcKr5Kyl
Hannah Lilly @HannahRLilly
2K Followers 344 Following 25 • Author • MA Nature and Travel Writing • BIRD FEEDER publishing in 2027 📚
Crisis of Conscience @crisisofconsc
12K Followers 2K Following TikTok creator. IT Support - L3 Engineer. Gamer. Resto Druid in WoW. Doctoral student in IT. Demon in disguise. I really hate Microsoft Teams.
Baptiste Robert @fs0c131y
257K Followers 5K Following CEO @PredictaLabOff | French Security Researcher, Ethical Hacking, OSINT
Lina @d0rkph0enix
38K Followers 10K Following Infosec dork, boxer, poker player, dog owner/operator, spiller of things. Cars, vidya games, and cooking are my jam. #ChiefsKingdom and Royals fanatic. #SecKC
Reads with Ravi @readswithravi
423K Followers 1K Following “A little bit of DAILY READING goes long way.”📚 📖 ☕️ || Book Review, Lessons, Recomm, & Wisdom || Engineer 👨💻 Solutions Architect - Data Storage
Jai Minton @CyberRaiju
8K Followers 1K Following An Aussie who does cyber things | Threat Hunting Manager @HuntressLabs | Former Principal @CrowdStrike and HuntressLabs
Mark Simos @MarkSimos
6K Followers 379 Following Simplify and clarify • Cybersecurity architecture and strategy • Business + Security Alignment • Make the world better @markasimos.bsky.social
Evild3ad79 @Evild3ad79
1K Followers 408 Following
Invictus Incident Res... @InvictusIR
2K Followers 30 Following Helping organizations respond to cyber incidents in the cloud | 🆘 24/7 support https://t.co/zfF62gimvm | 📚 Academy https://t.co/GH0u8tmjXJ
Matt Zorich @reprise_99
14K Followers 2K Following @Microsoft Security | https://t.co/HWozKuixTi | Tweets are my own
Rita Iglesias @rita_codes
36K Followers 642 Following Software Engineer at @mui_hq👩🏻💻 Actress and violinist sometimes 🎬 Mechanical keyboards 👾 She/Her
Anton @Antonlovesdnb
5K Followers 3K Following Blue Team stuff | Trying to be a decent human being | @munkschool Grad | Hunt & Response @HuntressLabs