j3ster @malware_witcher
do it for the lulz, but if you’re good at something, never do it for free Joined January 2020-
Tweets13
-
Followers13
-
Following299
-
Likes101
.@Volexity offers a case study on real-world #zeroday exploitation of a Sophos XG Firewall via CVE-2022-1040 by #DriftingCloud. Read about man-in-the-middle attacks, stolen session cookies, and how this APT moved beyond the firewall: volexity.com/blog/2022/06/1… #threatintel #dfir
Excellent blog complete with details about the intrusion chain that preceded #HermeticWiper deployment. There are many detectable behaviors in that chain!
Excellent blog complete with details about the intrusion chain that preceded #HermeticWiper deployment. There are many detectable behaviors in that chain!
One of the most important characteristics of good investigative questions is that they are SPECIFIC. That means they point to evidence that you can use to answer them. Let's look at an example. 1/
Detection opportunity #1 for the existing CVE-2021-1675 POCs: spoolsv.exe writing (Sysmon Event 11) and deleting (Sysmon Event 23) .dll files on C:\Windows\System32\spool\drivers\x64\* #printspooler
pulled out the dub at the last minute
pulled out the dub at the last minute
New post on what we've seen from suspected Exchange exploitation and what to do about it. There are 3 sections for different needs. Our goal was to make the remediation advice as accessible as possible, since we know the average admin will likely have to help with this too.
New post on what we've seen from suspected Exchange exploitation and what to do about it. There are 3 sections for different needs. Our goal was to make the remediation advice as accessible as possible, since we know the average admin will likely have to help with this too. https://t.co/SUYhz98MPN
example of process execution flow resulting from a VisualStudio PreBuildEvent (Post as well) command execution github.com/sbousseaden/EV…
Silencing Microsoft Defender for Endpoint using firewall rules medium.com/csis-techblog/…
CTISummit Track 1: Eric Loui & Sergei Frankoff, @CrowdStrike describe SPRITE SPIDER’s current modus operandi, focusing on the adversary’s advanced operational security and uncommon TTPs.
Google Chrome has been blocking Nmap downloads all day because their broken "Safe Browsing" system suddenly labeled a 10-year-old version of our Ncat software as a threat. We will get this resolved with Google, but wanted to let you know that your Nmap downloads are still safe!
New Release of Sysmon Adding Detection for Process Tampering isc.sans.edu/diary/26994
We've been tracking reporting on the recent activity related to UNC2452/Solarigate with an eye to mapping it to ATT&CK and adding new techniques. We've posted and intend to keep up to date on the reports we're tracking but let us know what we're missing. medium.com/mitre-attack/i….
Timeline Explorer 1.3 released! All parsers are now plugins vs built-in. Added View | Messages window, Debug option when parsing, added View | Plugins, + lots of other polish. Note that Layout names have changed, so delete any that do not start with TLEFile* after updating #DFIR
Explore World Now @ExplOversf
25 Followers 190 Following Get ready for an adventure and discover new worlds with our ExploreWorldNow blog. Pick up the breeze and go traveling with us!
Ru Campbell @rucam365
8K Followers 1K Following Microsoft Security MVP • Dad, metal, lifting, wrestling, cars • Author, Mastering Microsoft 365 Defender • @Threatscape • @M365SandCUG • https://t.co/CaVgOm8IvJ
Felipe Rodriguez @FelipeR90679004
3 Followers 75 Following
Autal0s @Autal0s
5 Followers 66 Following
Walkin Pneumonia @WalkinPneumonia
21 Followers 119 Following
Florentina Ferati @tinddra
794 Followers 2K Following InfoSec - DFIR - Internal Threats @Airbnb. Opinions are solely my own. I'm passionate about Technology, Security, Innovation and Human Decency. 🧠
Which Doctor @Whichd0c
94 Followers 577 Following he/him. Threat Hunter. Father. striving to be a good human.
Thinkst Canary @ThinkstCanary
13K Followers 10K Following Most companies only realise they are breached when informed by a 3rd party. This is a stupid problem! Thinkst Canary. Know. When it Matters.
FileswithThreateningA... @IAintShootinMis
391 Followers 1K Following Husband. Father. Teacher. Theoretical Lexicographer. Top30 OpenSOC'21. DFIR. Agorist. GIAC. 🏴🐧✝️ Rom1:16 NoKingButChrist NoCountryButHisKingdom
Cyber Triage @cybertriage
4K Followers 393 Following Digital Forensics and incident response software for endpoint investigation. Built by @sleuthkitlabs and Brian Carrier (@carrier4n6).
Cyber Jobs @CND_Matt
856 Followers 1K Following Doing Cyber Security recruitment differently. Technical security firm & recruitment agents. Ethical, accurate and respected #CyberSecurity #InfoSecJobs #SOC
Ransomware News @RansomwareNews
31K Followers 0 Following This Twitter Bot gets updates from ransomware groups For removal requests DM @vxunderground Feed maintained by @joshhighet
Physics In History @PhysInHistory
1.0M Followers 0 Following Photos from the history of physics | © with mentioned Archives. Shared for educational purposes. Einstein portrait © Ullsteinbild. Subscribe for curated papers.
nyxgeek @nyxgeek
7K Followers 3K Following rebel scum, nerfherder, dogged and relentless. H/P/V/A/C Directory - https://t.co/qn0D9H7IIi
Shodan @shodanhq
109K Followers 2 Following Monitor your external network, search the Internet of Things and perform empirical market research. You can also find us on https://t.co/nPLFbFy8R5
The Cultural Tutor @culturaltutor
1.7M Followers 69 Following I've written a book, and you can get it here:
SocVel @SocVeldotcom
337 Followers 229 Following https://t.co/9JQuIOQ5LA #SocVel Blue Team CTF https://t.co/cRgVbDn4pB Built By @jaco_za
Zach @svch0st
4K Followers 1K Following Everything DFIR @TheDFIRReport | @CuratedIntel | @XintraOrg https://t.co/ggakuKBS0S
Kostas @Kostastsale
18K Followers 367 Following @TheDFIRReport | No longer active here – find me on Bluesky: https://t.co/qHzDSxCRfG. 🇬🇷🇨🇦
Gi7w0rm @Gi7w0rm
18K Followers 801 Following Threat Intelligence Analyst | See my Linktree for other socials | In case I post false intel, contact me! Support me: https://t.co/5WgDqr0K8p 🇪🇺🇩🇪🇺🇦🌈
NSA Cyber @NSACyber
150K Followers 12 Following We protect our nation’s most sensitive systems against cyber threats. Likes, retweets, and follows ≠ endorsement.
Ru Campbell @rucam365
8K Followers 1K Following Microsoft Security MVP • Dad, metal, lifting, wrestling, cars • Author, Mastering Microsoft 365 Defender • @Threatscape • @M365SandCUG • https://t.co/CaVgOm8IvJ
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Brian in Pittsburgh @arekfurt
7K Followers 778 Following Former attorney, current IT & infosec consultant in the 'Burgh. Happy to talk about password spraying one minute and constitutional law the next. Son of #wvu.
@[email protected]... @1njection
8K Followers 4K Following Focused on hacking! Check out my new book on real-time computer conflict and deception below
ςεяβεяμs - м�... @c3rb3ru5d3d53c
25K Followers 243 Following 💕 Malware Hunter Killer 💕 #binlex & #mwcfg Developer 📽️ YouTuber 👩💻 She/Her 💍@DravenSwiftbow Support my work 👇 ☕️ https://t.co/NoM1TXq00P
Volexity @Volexity
8K Followers 7 Following A security firm providing Incident Response, Proactive Threat Assessments, Trusted Advisory, and Threat Intelligence
Huntress @HuntressLabs
37K Followers 536 Following Managed #cybersecurity without the complexity. EDR, ITDR, SIEM & SAT crafted for under-resourced IT and Security teams.
Security Onion @securityonion
19K Followers 0 Following Peel back the layers of your enterprise and make your adversaries cry! FREE and OPEN platform BY defenders FOR defenders!
Hack The Box @hackthebox_eu
231K Followers 230 Following Cyber Mastery: Community Inspired. Enterprise Trusted.
Andrew Northern 𓅓 @ex_raritas
5K Followers 1K Following 🔮 Principal Researcher at Censys 🔮 | formerly Proofpoint | Knowledge Piñata 🪅 | Attack Chain Connoisseur | Epicurean
Łukasz @maldr0id
13K Followers 956 Following Military-grade @Android malware reverse engineer @Google || "Tom Brady of malware strings analysis" - @MalwareTech || Tweets are my own opinions || he/him ✨🌈🦄
4n6lady @4n6lady
62K Followers 669 Following #DFIR & #BlueTeam | IR & Threat Detection | #OSINT enthusiast | waiting for HL3 | AWS CIRT - my views are my own
Sergio Caltagirone - ... @cnoanalysis
16K Followers 1K Following President @AcademyThreat & Tech Director @GblEmancipation; Fmr @Dragosinc, @Microsoft & @NSAGov He/Him NOW AT https://t.co/ZWCsxBUFeG
Greg Linares (Laughin... @Laughing_Mantis
37K Followers 2K Following 20+ yrs in Infosec. Malware Influencer. I turn Malware into Art and Music. Art @MalwareArt. 4x Pwnie Nominee. 𝕍𝕏. GameDev. Autistic.
Dragos, Inc. @DragosInc
27K Followers 5K Following Dragos is an industrial (OT/ICS/IIoT) cybersecurity company on a mission to safeguard civilization.
mr.d0x @mrd0x
45K Followers 297 Following Security researcher | Co-founder https://t.co/QxBlzp9A8w | https://t.co/zqMXQRZjQN | https://t.co/Fq7WSqTBva | https://t.co/eKezFcO6nd
Mikael Thalen @MikaelThalen
30K Followers 865 Following Tech Reporter at Straight Arrow News - [email protected] - [email protected] - Signal: mikaelthalen.12
Mike Padrick @FearlessSec
2K Followers 536 Following Christ follower | Husband and father | ILF Volunteer | martial artist, turned pool man, turned penetration tester | CARTP | eCPPTv2 | OWSP | CVEx2
Ryan "Chaps" Chapman @rj_chap
8K Followers 3K Following DFIR & malware analyst. @sansforensics FOR528 Author & FOR610 Instructor. @CactusCon crew. Husband & father. Comments = own.
Autal0s @Autal0s
5 Followers 66 Following
pwneip @pwnEIP
7K Followers 621 Following Principal RTO | @SANSInstitute Instructor & #SEC565 #RedTeam Ops author | @RedTeamVillage_ lead, fmr @Bishopfox @usairforce. Tweets are my own, memes are stolen
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / Antiquarian @ IBM X-Force / Team 501 / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
Dr. Nestori Syynimaa @DrAzureAD
20K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)
🆁🅴🅶🅶🅸�... @Ring0x0
6K Followers 586 Following Master of Disaster #soc #infosec #opsec #dfir #malware #threathunting. Opinions are my own and not those of my employer
Lawrence Abrams @LawrenceAbrams
18K Followers 835 Following Ransomware, Online Security, and Malware. Owner, Editor in Chief of @bleepincomputer. DM on Signal: LawrenceA.11 * https://t.co/LXVRoICs8Z
Charlie Clark @exploitph
5K Followers 1K Following
John Lambert @JohnLaTwC
43K Followers 802 Following Corporate Vice President, Security Fellow, Microsoft Security Research, johnla(AT)https://t.co/3dGtq71Nby
Microsoft Security Re... @msftsecresponse
145K Followers 215 Following We are the Microsoft Security Response Center. To report security vulnerabilities or abuse in Microsoft products, visit https://t.co/kxEbdfMny1.
Windows Update @WindowsUpdate
83K Followers 510 Following Sharing the latest Windows as a service updates. For immediate assistance, please reach out to @MicrosoftHelps.
Fabian Wosar @fwosar
11K Followers 21 Following Slayer of ransomware, lover of cats and polar bears. Not to be taken too seriously. All posts are my own.
Mauricio Velazco @mvelazco
5K Followers 2K Following Security Research @Microsoft || Purple Team || NoobTrends for United States
You might like
