Invictus Incident Response @InvictusIR
Helping organizations respond to cyber incidents in the cloud | 🆘 24/7 support via https://t.co/ZXx5E5altB | 📚 https://t.co/GH0u8tmjXJ invictus-ir.com Joined May 2021-
Tweets284
-
Followers2K
-
Following29
-
Likes344
Don’t wait too long, seats are filling up quickly. More info and registration 👇🏼
Major update to our training: We've added a live lab where you'll get access to a hosted Azure Virtual Desktop to solve the challenges. Everyone who purchased the course in the last 12 months have access. Register: academy.invictus-ir.com/advanced-incid…
It's CTF challenge time @brucon Spring Training! Everyone is battling for the chance to take home the Invictus challenge coin 🏅
@SANSInstitute #DFIR WEBCAST | May 8th, 10AM ET Join @KorstiaanS as he dives into the latest @Microsoft 365 updates, including the Unified Audit Log, & the introduction of Microsoft Graph Activity Logs & EnrichedO365AuditLogs. Register here: sans.org/u/1vCh
📣 New blog on acquiring the Unified Audit Log through the Microsoft Graph API 🔨 The Microsoft Extractor Suite is also updated to include acquisition of the UAL through the Graph 📚 Full blog invictus-ir.com/news/using-mic…
🥇 🥈 🥉 Exciting news for the CTF winners of our cloud incident response training: you now have the chance to earn the prestigious Invictus challenge coin as a reward! Training overview and registration links 👇 invictus-ir.com/news/training-…
🎉 We are looking forward to this, hope to see you there!
We just published our (current) training schedule for 2024 and an update on AWS IR training, registration links and more information in the blog invictus-ir.com/news/training-…
This is the current Top 3 for our Microsoft Cloud Incident Response training. Our vetting procedures might not be airtight 😜 Get in on the action: academy.invictus-ir.com
🚨 Check out our new blog with need to know information for DFIR experts that use the Unified Audit Log (UAL). invictus-ir.com/news/what-dfir… Topics include 👇🏻 1. Premium Audit Operations in the UAL 2. Graph API for the UAL 3. Retention period 4. Search-UnifiedAuditLog weirdness…
We proudly present you... The curious case of DangerDev@protonmail[.]me Follow the story of an AWS incident response from beginning to the end. Lots of interesting actions and a threat actor with AWS skills.. invictus-ir.com/news/the-curio…
Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇SwiftOnSecurity @SwiftOnSecurity
403K Followers 9K Following computer security person. former helpdesk.Mehmet Ergene @Cyb3rMonk
11K Followers 421 Following 👉 Learn #KQL for #ThreatHunting, #DetectionEngineering, and #DFIR at https://t.co/uAlYlXIpyV - Founder @BluRavenSec | Microsoft Security MVP | #DataScienceMatt Zorich @reprise_99
11K Followers 2K Following @Microsoft GHOST 👻 | https://t.co/HWozKuj5IQ | Tweets are my ownMatthew @embee_research
12K Followers 1K Following Malware Researcher & Reverse Engineer | Creating and Sharing Educational Cyber ContentDray Agha @Purp1eW0lf
6K Followers 3K Following Security Operations Center Manager @HuntressLabs || "Competition is the law of the jungle, but cooperation is the law of civilisation” - KropotkinRyan "Chaps" Chapman @rj_chap
7K Followers 3K Following DFIR & malware analyst. @sansforensics FOR528 Author & FOR610 Instructor. @CactusCon crew. Husband & father. Comments = own.Fabian Bader @fabian_bader
7K Followers 651 Following #Security #Azure #AAD #MDE #M365 #AD #PKI Microsoft MVP Tweets and opinions are my own @[email protected]Phill Moore @phillmoore
8K Followers 3K Following This Week in 4n6 // ThinkDFIR // SANS // CyberCX (DFIR) https://t.co/vLyL2sxTuy I might not know much, but I do know how to Google Tweets are mineDFIR Diva @DfirDiva
21K Followers 5K Following Jr IR Analyst trying to learn all the things | DFIR Blog for Beginners | Founder @GetYourStart | https://t.co/7cHco4FjUS | @[email protected]Shayna Stodden @stod_sha
50 Followers 5K FollowingCrystal Leyvas @crysta_leyva
18 Followers 3K FollowingMarkus Einarsson 🇸.. @einarssonm
596 Followers 485 Following Blue teamer, defensive security, digital forensics, incident response, personal productivity, GTD, FIRE, paperless, metalhead. https://t.co/yOP2co2drBKelli Mcree @KelliMcree30333
96 Followers 5K FollowingBrian Maloney @bmmaloney97
1K Followers 594 Following "Distrust and caution are the parents of security." - Benjamin FranklinSebas Nick @Nick127546Nick
33 Followers 441 Followingnop3 @n0p3zed
0 Followers 99 FollowingFlorianw85 @florianw8557091
128 Followers 514 FollowingTech Group Kenya @JacobChrispinus
52 Followers 468 Following Tech Group Kenya 🇰🇪 Connecting tech lovers across Kenya. We host events, workshops, and projects to inspire, educate, and empower. #TGKaurelien amiard @aurelien530000
10 Followers 3K FollowingRahul @Rahul05350668
94 Followers 3K FollowingJonas Brauchle @brauch_jo
7 Followers 29 FollowingAnnett Fleischer @FleischerA73108
0 Followers 43 Followingmin0s @qu1rr3ll
3 Followers 19 FollowingStream @x415952
1 Followers 11 FollowingAhmed Elakwah أحم�.. @4kwah
87 Followers 845 Following محتوى عن أمن المعلومات و البرمجة لحد ما يجيبو مدرس برمجةRoss Worden @ross_worden
46 Followers 885 FollowingManoel Abe @manoelabe08
31 Followers 2K Following 🚀 Entrepreneur 💼 Auditeur en Cybersecurite 🛡️ 👥 Community Manager 📱 💻 Web Developper 🌐 📊 Coach Digital 📈Omer Baig @obaig11
173 Followers 520 Following NFL, Cyber Security & #DFIR Enthusiast. Opinions expressed are mine, mine to me.Sahar Mohammed Kalaf @SaharKalaf
2 Followers 76 Followingstee lo @trust1n
20 Followers 232 FollowingA @cussiee
60 Followers 1K Following Threat Hunter. ⚽ & 🏈 & 🏎️ & 🎧 not a bot (isn't this exactly what a bot would put in his bio? 🤔🤭Pua @MrSecOps
16 Followers 73 Followinggauthier l @lawnyg
20 Followers 477 Following Cybersecurity consultant at Microsoft. Tweets are my own.Irina Chatagnier @irin_chatagnie
76 Followers 5K FollowingVeki @vekivac
45 Followers 266 FollowingBlueSkjaldborg @BlueSkjaldborg
85 Followers 570 Following Tales for the Skjaldes ⚠️ From high level to low level and back. Everything regarding #blueteam. 🆙️Zaria Hoemann @hoem_zar
40 Followers 5K Following(◔‿◔) @MuntherKhalfan
73 Followers 2K FollowingKhaled Esheh @KhaledEsheh
59 Followers 2K FollowingEspartan @eltitomorrins
4 Followers 123 Followinghcss2013 @hcss2013
16 Followers 368 Followingserdar hızal @serdar_jackson
39 Followers 429 FollowingInfoSec Hitchens @InfoSecHitchens
27 Followers 94 Following Reborn from digital oblivion, I fuse Hitchens' sharp wit with deep InfoSec insights. Piercing, incisive cyber security discourse awaits.Nicolai van Veen @Nicolai_85747
8 Followers 676 Following Interested in Cybersecurity, Tech, Gaming, OSINT, Politics and (Military) History. ❤️ pannenkoeken and motorcycles. I am here to learn.erm4 @er1cm4
19 Followers 71 FollowingJohn Sanders @Sandman46615
149 Followers 1K FollowingYore Mam @mam_yore39850
8 Followers 22 Following- @Eduardo_Reta_Ed
114 Followers 2K Followingdig_for_president @Mattew_DIG
172 Followers 2K FollowingAmitai Cohen 🎗️ @AmitaiCo
1K Followers 576 Following ✦ researching threats @wiz_io 🐞 maintaining vulns @cloudvulndb 🎙️ casting pods @ https://t.co/9Jsah9BjbO 🦣 https://t.co/Qass9GdKfXLiam @liammnusnu
880 Followers 5K Following (Senior) Cyber Threat Intelligence analyst, and general info sec. Happiest in wireshark, or a terminal. 🏴Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇vx-underground @vxunderground
292K Followers 211 Following The largest collection of malware source code, samples, and papers on the internet. Password: infectedSentinelOne @SentinelOne
52K Followers 1K Following ONE autonomous platform to prevent, detect, respond, and hunt. Do more, save time, secure your enterprise: https://t.co/N75g1HAnCs 🐱💻SANS DFIR @sansforensics
104K Followers 98 Following The world's leading Digital Forensics and Incident Response provider. This feed updates you on latest DFIR news, events, and training.Fabian Bader @fabian_bader
7K Followers 651 Following #Security #Azure #AAD #MDE #M365 #AD #PKI Microsoft MVP Tweets and opinions are my own @[email protected]Phill Moore @phillmoore
8K Followers 3K Following This Week in 4n6 // ThinkDFIR // SANS // CyberCX (DFIR) https://t.co/vLyL2sxTuy I might not know much, but I do know how to Google Tweets are mineChad Tilbury @chadtilbury
23K Followers 624 Following Digital forensics and incident response. Ex-AFOSI, Mandiant, and CrowdStrike. SANS Institute Fellow and co-author of #FOR500 and #FOR508 courses.Black Hat @BlackHatEvents
403K Followers 2K Following The World's Premier Technical Cybersecurity Conference Seriesfwd:cloudsec @fwdcloudsec
4K Followers 73 Following Non-profit cloud security conference. June 17-18, 2024 in Arlington, VA. September 17, 2024 in Brussels, Belgium.Aura @SecurityAura
4K Followers 542 Following GCIH, GCFE | Manager | DFIR, Threat Hunting, Detection Engineering | @CuratedIntel Contributing DFIR Member https://t.co/foDR8PkDI7Beau Bullock @dafthack
17K Followers 683 Following Hacker, trainer, and guitarist | Black Hills InfoSec #RedTeam | @BreakForge Training | Produces music to hack to at @N0BANDW1DTHBertJanCyber @BertJanCyber
3K Followers 514 Following SOC Lead | https://t.co/Tu1l2ZFe0T | Microsoft Security MVP | Blue & Purple Team | SOC | SIEM | Threat Hunting | Detection Engineering | #KQL |Binalyze @binalyze
4K Followers 2K Following The official Twitter account for Binalyze, leading the way with our Simply DFIRent software solution. Supporting and empowering DFIR specialists worldwide.BruCON @brucon
10K Followers 2K Following Belgian Information Security Conference | #BruCON0x10 (16th edition) Spring Training 17-19 April 2024 | Training 16-18 Sept - Conference 19-20 Sept 2024J. Burns Koven @JBurnsKoven
1K Followers 815 Following CTI @Chainalysis | Former intel officer | Views are my ownMarco Lancini @lancinimarco
6K Followers 411 Following 💼 Principal Security Engineer 📚 Writing https://t.co/TrQKzxfnYg 💬 I tweet about Cloud Security and technical leadership ✍🏻 Subscribe to https://t.co/MR69KiF8RHTimo Müller @mtimo44
82 Followers 102 FollowingMandiant @Mandiant
125K Followers 4K FollowingJaron Bradley @jbradley89
3K Followers 300 Following MacOS Intrusion Analyst, APT Smiter , Haole. Author of OS X Incident Response Scripting and Analysis Owner of https://t.co/oApHpiRaQ0Renzon @r3nzsec
3K Followers 831 Following Technical Director, Incident Response @Unit42_Intel | Co-Founder @guidemtraining | Contributor/Analyst @TheDFIRReport | CTF member @_hackstreetboysJ. A. Guerrero-Saade @juanandres_gs
15K Followers 255 Following AVP of SentinelLabs @ SentinelOne. Distinguished Fellow @ Hopkins SAIS Alperovitch Institute. LABScon Founder, Cyber Paleontologist, Fourth-Party Collector.Hatching @hatching_io
6K Followers 59 Following Cybersecurity specialists focused on malware sandboxing. Hatching Triage Unlimited, free, and state-of-the-art sandboxing at https://t.co/Z0pc40OMYOCurtis @cybershtuff
452 Followers 280 Following Threat Intelligence | ثريت انتل | OSINT | All views my ownPierre @pigerlin
688 Followers 131 Following Analyst @TheDFIRReport | Passionate about all things DFIR 🇳🇱SANS Institute @SANSInstitute
188K Followers 376 Following SANS is the most trusted and by far the largest source for information & cyber security training, certification and research in the world.Korstiaan @KorstiaanS
390 Followers 327 Following Founder of Invictus Incident Response @InvictusIR | DFIR enthousiast | https://t.co/qgFI02Nro1#BHUSA Training "Advanced Cloud Incident Response in Azure and Microsoft 365" offers a comprehensive guide to incident response in the Microsoft Cloud, covering various topics essential for handling threats and attacks. Register here >> bit.ly/3UlA6I5
IN ONE WEEK! @SANSInstitute #DFIR WEBCAST will air May 8th, 10AM ET Join @KorstiaanS & discover how the @Microsoft 365 updates are reshaping the realm of forensics & incident response in the cloud Register here: sans.org/u/1vCh
@SANSInstitute #DFIR WEBCAST | May 8th, 10AM ET Join @KorstiaanS as he dives into the latest @Microsoft 365 updates, including the Unified Audit Log, & the introduction of Microsoft Graph Activity Logs & EnrichedO365AuditLogs. Register here: sans.org/u/1vCh
All the queries from the KQL book that we wrote are now available on the books official repo for you to explore and use. If you buy the book, you will get all the context with them, like why we favour some operators over others, but have a read either way! aka.ms/KQLMSPress/Git…
@InvictusIR have you seen the UAL entries for the operation "AttachmentAccess"? Not seeing any documentation for this one but seeing it logs with a "RESTsystem" user agent.
💥 Interesting Cloudtrail event names to keep close Given the rapidly growing number of AWS services and their corresponding Cloudtrail event names, tracking what is essential for security might be frustrating. 👏 Shout out to the guys at @InvictusIR for providing a…
Just added additional PowerShell scripts (e.g. OAuthPermissions-Analyzer) to my Microsoft-Analyzer-Suite. Automated Processing of Microsoft 365 Logs and Microsoft Entra ID Logs extracted by Microsoft-Extractor-Suite. @InvictusIR #M365 #BEC #DFIR github.com/evild3ad/Micro…
#BruCON0x10 spring training is ready to be kicked off tomorrow! #HackingForBeer 🍺
DON'T MISS IT! @SANSInstitute #DFIR WEBCAST with @KorstiaanS at 10AM ET Discover how the @Microsoft 365 updates are reshaping the realm of forensics & incident response in the cloud equipping organizations with robust security strategies. Register here: sans.org/u/1vCh
💡 Just discovered this nice combination for authenticating MS Graph PowerShell with an access token, for example copied from an intercepted request in Azure portal Connect-MgGraph -AccessToken (Read-Host -AsSecureString) Thanks to @mariussmellum ➡️ youtu.be/jMOFWVOm-Y4?t=…
Had a blast at SANS DFIR NetWars in London last week, topping the leaderboard among 60+ participants! Great host as usual @kevinripa Thanks for an amazing event and loved meeting the instructors @4enzikat0r @iamevltwin @SANSEMEA
@SANSInstitute #DFIR WEBCAST | May 8th, 10AM ET Join @KorstiaanS as he dives into the latest @Microsoft 365 updates, including the Unified Audit Log, & the introduction of Microsoft Graph Activity Logs & EnrichedO365AuditLogs. Register here: sans.org/u/1vCh
What DFIR experts need to know about the current state of the Unified Audit Log invictus-ir.com/news/what-dfir… >> Nice synopsis to get you up to the state of the art!
I will be discussing new log sources and acquisition methods for M365 forensics. See you there 🫡
.@SANSInstitute #DFIR WEBCAST | May 8th, 10AM ET Join @KorstiaanS for an in-depth webcast as we explore the recent advancements in logging and auditing within Microsoft 365 environments. Register here: sans.org/u/1vCh
@InvictusIR UALGraph-Analyzer is planned. OAuthPermissions-Analyzer is next! 😉
Check out my new project Microsoft-Analyzer-Suite (Community Edition). A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID extracted by Microsoft-Extractor-Suite. @InvictusIR #M365 #BEC #DFIR github.com/evild3ad/Micro…
The first batch of tickets for fwd:cloudsec Europe will open in just 1 hour! (9:00 CEST) Get ready: for the first European edition, spots are limited! A second batch of tickets will be available at 19:00 CEST.
Even if you’re not rolling incident response in your M365 env. & just want to peak under the covers. @InvictusIR has a wicked module / set of powershell scripts for you - IR scripts by IR people for IR people. github.com/invictus-ir
The CFP for fwd:cloudsec Europe is now open! We're looking for practitioner-focused cloud security content, and we encourage all practitioners to submit, whatever your role or level of experience. The CFP will close on June 28th. Read more: fwdcloudsec.org/conference/eur…