TXForensicator @DForensicator
Dallas, TX Joined August 2014-
Tweets85
-
Followers8
-
Following122
-
Likes578
#YARA is a tool (but also a language and even more) helping malware researchers to identify and classify malware samples (virustotal.github.io/yara/). We benefit from YARA at Avast, but we also give back to the community. Here you can find some of our recent contributions (🧵👇)
Step 1. Play #PowerShell CTF Step 2. Upload to Pastebin, hope @pmelson sees it Step 3. Profit! Remember kids, anything that can be written to a file using Set-Content's -Value flag or Out-File's -InputObject flag can be cast to a variable, and that's super handy when reversing.
1\ #MalwareAnalysis Evasion Technique: Detection of security tools by locating DLLs loaded by processes. Most security tools inject their DLLs into running processes to “monitor” behaviour. Malware calls these APIs to detect this: > GetModuleHandleW > GetModuleHandle
New release: #TinyTracer (2.0) - allows to trace also indirect calls to local functions: github.com/hasherezade/ti…
Recently @NinjaParanoid and I had some short discussion about #EDR bypasses. In this thread🧵 I'd like to share my view on EDR bypasses and it's various types from both offensive & defences sides. There are three types of EDR bypasses:
Now, CTO, short for Call Tree Overviewer, which is an IDA Pro plugin, has been released officially. Check the web page on github. #idapro #reversing #malware #dfir github.com/herosi/CTO And check my presentation on #vblocalhost as well. vblocalhost.com/presentations/…
Tune into @Jean_Maes_1994 #BruCON Livestream talk "Defeating EDRs using Dynamic Invocation in C#" starting at 10 a.m. ET! ⏳ Streaming – BruCON 2021 hubs.la/H0Z26170
The only thing better than releasing Yara rules with a talk is releasing a script to generate Yara rules🥳 Thanks @0xkyle! github.com/target/halogen
Reverse engineering cheat sheet #DFIR #CyberSecurity
Bump OOXML Remote Templates (Template Injection) methodologies. These are fun and interesting to bubble up using YARA rules. The methodology transcends many threat actors, malware families, exploits, it is broadly applicable and in most cases very sketchy if not overtly evil...
Bump OOXML Remote Templates (Template Injection) methodologies. These are fun and interesting to bubble up using YARA rules. The methodology transcends many threat actors, malware families, exploits, it is broadly applicable and in most cases very sketchy if not overtly evil...
As of today, you can find our #FalconFriday detection rules in the #Azure #Marketplace! Love our #FalconFriday detection content? Want to know how our advanced detection engineering services can boost your SOC's capability immediately? Let's connect! azuremarketplace.microsoft.com/en-us/marketpl…
This open source tool allows one to leverage the Ghidra decompiler under IDA Pro and IDA free: github.com/airbus-cert/Ya…
OffensivePipeline: OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises #pentest #redteam #infosec github.com/Aetsu/Offensiv…
I am working on making #PEsieve parameters less overwhelming and more accessible. In upcoming version they will be presented in a shorter way. You can also search a parameter by a keyword:
@gladiatx0r Made a C# port of that SilentProcessExit lsass dumper you were talking about on @curi0usJack's stream 2 weeks ago. No more uploading to disk 🥳. Thought you might find it useful: gitlab.com/KevinJClark/cs…
Interesting discovery, if you type "chrome://device-log/" in Google Chrome you get a list of all the USB devices that have been recently plugged in your computer, serial numbers and all..
I've just published my quick analysis for 2569cc660d2ae0102aa74c98d78bb9409ded24101a0eeec15af29d59917265f3 shared at malwareresearchgroup.slack.com kienmanowar.wordpress.com/2021/09/06/qui… Tks to @hasherezade for sharing useful #tiny_tracer tool and #FLARE team with nice #shellcode_hashes_search_plugin
By creating the key "telnet.exe" in the "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths" registry and setting the "Default" key to any executable. We can call it by running the command: rundll32.exe url.dll,TelnetProtocolHandler
A really really long list of beginner Reverse Engineering resources I have found 🧵 (if you know others please post them below thankyou!) #infosec
Sodirsmi @Sodirsmi7qg
48 Followers 5K Following
Dennis Devey @deveynull
787 Followers 2K Following @roppersacademy educator, ex boat driver, surfer, packet monkey, he/him
Roppers @RoppersAcademy
3K Followers 2K Following We teach free computing and security courses with the goal of introducing as many beginners to Capture the Flag competitions as we can.
CyberFacxts @CyberFacxts
1K Followers 4K Following Increasing your Security Awareness through daily Information Technology updates, news, tips, & tricks! Message me for consultation services.
Joe @jinx_soda
557 Followers 485 Following #AdvancedPractices Threat Analysis 🦅 @Mandiant Tweets are my own
Scott Isbell @scottisbell_
283K Followers 254K Following 🇺🇸 Wu-Tang Management Recording Artist - Actor - Michael Jackson 🇺🇸
Roppers @RoppersAcademy
3K Followers 2K Following We teach free computing and security courses with the goal of introducing as many beginners to Capture the Flag competitions as we can.
Sysinternals @Sysinternals
19K Followers 154 Following Created by Mark Russinovich and Bryce Cogswell and later acquired by Microsoft, Sysinternals utilities help you troubleshoot and manage your Windows systems.
SpecterOps @SpecterOps
39K Followers 397 Following Creators of BloodHound | Experts in Adversary Tradecraft | Leaders in Identity Attack Path Management
Blue Team Con @BlueTeamCon
11K Followers 6 Following Blue Team Con is an annual cybersecurity conference built for defenders, inclusive of anyone interested in safeguarding organizations. | 4-7 September 2025
Jai Minton @CyberRaiju
8K Followers 1K Following An Aussie who does cyber things | Threat Hunting Manager @HuntressLabs | Former Principal @CrowdStrike and HuntressLabs
Reverse Engineering a... @re_and_more
15K Followers 521 Following RE and More by Alexey Kleymenov (https://t.co/s1pWjL46AW). Private classes and group workshops in malware analysis and reverse engineering. #infosec #malware
Frida @fridadotre
14K Followers 2K Following Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
Matt Grandy @Matt_Grandy_
436 Followers 234 Following
Evolve Security & Evo... @TheEvolveSec
801 Followers 457 Following We're a technical #cybersecurity services firm + home to #1 ranked Evolve Academy. We're focused on the human element #cybersecurity and closing the talent gap.
Olaf Hartong @olafhartong
17K Followers 965 Following @FalconForceTeam | researcher with a camera | Microsoft MVP | Snow man role model
John Lambert @JohnLaTwC
43K Followers 800 Following Corporate Vice President, Security Fellow, Microsoft Security Research, johnla(AT)https://t.co/3dGtq71Nby
MalShare @mal_share
7K Followers 12 Following Public/Free #Malware sample repository #OpenSource: https://t.co/QGwuRxEDcs
TrustedSec @TrustedSec
77K Followers 765 Following End-to-end Cybersecurity consulting team leading the industry, supporting organizations, and giving back. #Hacktheplanet Blogs, news, webinars, and tools!
OWASP® Foundation @owasp
213K Followers 532 Following We improve the security of apps with community-led open source projects, 260 local chapters, and tens of thousands of members worldwide. Famous for OWASP Top 10
AshF0x // Peer @0xAshFox
7K Followers 853 Following Just a guy trying to get into CyberSecurity. Teaching myself with books and the internet 💻 #nahomie. I stream pretty often too.
Jurriaan Bremer @skier_t
4K Followers 510 Following @RecordedFuture, @hatching_io, @eb_CTF. Join us on our malware sandboxing cloud, https://t.co/52BGPxSrsH!
@[email protected]... @christruncer
11K Followers 463 Following Deputy Chief, Red Team, CISA && BJJ && Veil Framework / Open Source Dev, @christruncer.bsky.social
OffSec @offsectraining
325K Followers 119 Following Empowering the world to fight cyber threats with indispensable cybersecurity skills and resources. Build the path to a secure future with OffSec.
Didier Stevens @DidierStevens
33K Followers 5K Following 5-to-9 security researcher, Microsoft MVP, ISC Handler. Mostly IT security. & programming. & (hardware) hacking. & maldocs PDF/DOC. Avatar: https://t.co/AtaPkdT5g3
Aaron Stephens @x04steve
3K Followers 524 Following
Van @Wanna_VanTa
4K Followers 393 Following Research & Discovery Lead @Mandiant @googlecloud Specialties: researching adversary tradecraft, hardstuck masters TFT, and losing sneaker raffles.
Andrew Thompson @ImposeCost
39K Followers 1K Following Head of Research and Discovery (RAD) @Google Threat Intelligence Group via @Mandiant acquisition. Posts are attributable to me—not my employer. Former @USMC.
Eric Zimmerman @EricRZimmerman
19K Followers 892 Following KAPE, EZTools, forensics, X-Ways. Certified SANS instructor. FFL Please consider supporting me: https://t.co/pIjxED3CMx
Brian Carrier @carrier4n6
9K Followers 107 Following CEO at Sleuth Kit Labs. Builds incident response (Cyber Triage) and Digital Forensics software (Autopsy and @sleuthkit)
SANS DFIR @sansforensics
109K Followers 98 Following The world's leading Digital Forensics and Incident Response provider. This feed updates you on latest DFIR news, events, and training.
SANS.edu Internet Sto... @sans_isc
116K Followers 86 Following @[email protected] - https://t.co/8IgCGtJnZd - Global Network Security Information Sharing Community -
Red Canary, a Zscaler... @redcanary
30K Followers 1K Following 24/7/365 threat detection and response across your cloud, identity, endpoints and everything in-between. We got you: https://t.co/pFNwBJN3d5
blueteamblog @blueteamblog
12K Followers 671 Following Check out my blog - https://t.co/sVkckZJoqF Support my site - https://t.co/3id8vdp6ab
Alex Matrosov @matrosov
19K Followers 2K Following 🔬Founder & CEO @Binarly_io, #codeXplorer, #efiXplorer, @REhints and "Rootkits and Bootkits" book. Previously worked at Nvidia, Cylance, Intel, ESET, Yandex.
offensivecon @offensive_con
26K Followers 2 Following OffensiveCon Berlin is a technical international security conference focused on offensive security only. Organised by @Binary_Gecko. Stay tuned #OffensiveCon26.
REcon Brussels @reconbrx
2K Followers 253 Following REcon: Annual reverse engineering and security conference held in Brussels. Sister event of @reconmtl
TheHive @TheHive_Project
10K Followers 17 Following Scalable Security Incident Response Platform for SOC, CSIRT and CERT teams, by @StrangeBee
MISP (@misp@misp-comm... @MISPProject
23K Followers 95 Following MISP - Threat Sharing. An open source software and standards to share, create and validate threatintel and intelligence. Mastodon @[email protected]
ReversingLabs @ReversingLabs
7K Followers 852 Following ReversingLabs is the trusted name in file and software security. RL - Trust Delivered.
Rolf Rolles @RolfRolles
14K Followers 357 Following Static reverse engineering, deobfuscation, program analysis and formal verification, training, mathematics, compilers, functional programming, etc.
Igor Skochinsky (@Igo... @IgorSkochinsky
4K Followers 292 Following software developer at Hex-Rays*, hobby reverse engineer. Advanced cleartext hacker. 日本語おk *For Hex-Rays support/inquiries: https://t.co/rxVwo1npoQ
Hex-Rays SA @HexRaysSA
8K Followers 132 Following We are a hi-tech company focusing on binary software analysis. Our main products are IDA Pro and the Hex-Rays Decompiler. Discourse: https://community.hex-rays
Nicolas Brulez @nicolasbrulez
18K Followers 582 Following Reverse Engineering Rockstar and Virus HEXorcist. CEO at #HEXorcist. Armadillo co-dev. 1st REcon trainer since 2005. Video Courses: https://t.co/YWsZN9U5LUTrends for United States
You might like
