Bohan Zhang @bohansec
Threat Intelligence Analyst @esthreat 🚀🚀| Blue Teamer bohansec.com Joined August 2014-
Tweets4K
-
Followers2K
-
Following4K
-
Likes11K
New blog is out on #NightshadeC2! Newly discovered botnet with capabilities like reverse shell, password/cookie theft, remote control, and more. Loader relies on UAC Prompt Bombing to force victims into excluding payload in Windows Defender! esentire.com/blog/new-botne…
Palo Alto reports being affected by SalesLoft supply chain breach "Salesforce-Connected Third-Party Drift Application Incident Response" paloaltonetworks.com/blog/2025/09/s… Unit42 report: unit42.paloaltonetworks.com/threat-brief-c… Salesloft IOCs: trust.salesloft.com/?uid=Drift%2FS…
A new update on StealC V2 infostealer was announced in the last days Full release statement can be found below 👇:
A new update on StealC V2 infostealer was announced in the last days Full release statement can be found below 👇: https://t.co/oZb7cvB6bd
🚨 WinRAR CVE-2025-8088: The invisible persistence SOCs can’t afford to miss Attackers are abusing Alternate Data Streams (ADS) to perform path traversal during archive extraction. By appending colon symbol (:) in file names, they sneak hidden objects into system folders…
The "Malware Analysis – Intermediate Level" training by @struppigel is 60% off right now Knowing the quality of his other content, I’d say this one’s definitely worth checking out …nalysis-for-hedgehogs.learnworlds.com/course/interme…
Integrating Code Insight into Reverse Engineering Workflows blog.virustotal.com/2025/08/integr…
New blog on #Sinobi ransomware! They used an MSP's compromised SonicWall SSL VPN creds for initial access. Decryption is impossible w/o the attacker's private key, unless of course you hooked CryptGenRandom😜 esentire.com/blog/threat-ac…
#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6
iOS 18.6.1 0-click RCE POC github.com/b1n4r1b01/n-da…
Kicking myself that I never thought of this. The name of the file is the actual payload. This Threat Actor gets +2 cats.
Kicking myself that I never thought of this. The name of the file is the actual payload. This Threat Actor gets +2 cats.
Seeing a (potential new?) python-based backdoor we're tracking as #PyNightshade for the second time delivered via #ClickFix that uses sockets for C2. Supports several commands from C2, including: remote shell, uploading files from the victim host, and self-deletion. It uses RC4…
🚨🇺🇸 Alleged Sale of VPN Access to U.S. Law Firm & Legal Services Firm (<$5M Revenue) 📌 United States • Industry: Law Firms & Legal Services • Threat Actor: ProfessorKliq • Network: Clearnet, Dark Web • Access Type: VPN (SonicWall) • Rights: Domain User • Revenue: <$5…
ICYMI: Was just perusing the latest CrowdStrike 2025 Threat Hunting report (crowdstrike.com/en-us/resource…) and check this wild timeline for Scattered Spider - from account takeover to Entra ID bulk user export in <5 minutes 👀
The Lumma infostealer isn’t just #malware, it’s an ecosystem. Our latest Insikt research reveals how affiliates use new tools, MaaS platforms, and underground networks to fuel fraud and evade detection. Full report👇 bit.ly/3Hl1nrZ #ThreatIntelligence #Cybersecurity
There are plenty of malware‑analysis tools - but pe‑sieve (@hasherezade) + YARA Forge (@cyb3rops) is one of the sharpest offline combos to identify malware families. Dump → PE‑sieve Scan → YARA Forge ID → Malware family Step‑by‑step walkthrough in the video below 👇
"Scattered Lapsus$ Hunters (UNC3944)", have released an alleged SAP7 0day exploit onto Telegram. I can't confirm or deny if it's an actual 0day, I have no way to test or confirm anything. However, it is fully weaponized. I've uploaded it to VXUG vx-underground.org/tmp
A new lateral movement PoC was published on GitHub: SpeechRuntimeMove (COM Hijacking via SpeechRuntime DCOM) We added the repo to our stack to build, test, and analyze The sample uploaded to VirusTotal is already covered by at least 5 of our generic rules (VT only shows up to 5…
🚨 How #Rhadamanthys Stealer Slips Past Defenses using ClickFix ⚠️ Rhadamanthys is now delivered via ClickFix, combining technical methods and social engineering to bypass automated security solutions, making detection and response especially challenging. 👾 While earlier…
👨💻 Hackers are abusing a Windows flaw (CVE-2025-26633) to drop malware—masquerading as IT staff on Microsoft Teams and tricking users with rogue MSC files. The group? EncryptHub, a Russian crew blending social engineering with zero-days. Details → thehackernews.com/2025/08/russia…
meg west @cybersecmeg
151K Followers 937 Following Tweets about #dogs & travel & fitness & cybersecurity, oh my! Opinions are my own. 📧: [email protected]
Lina @d0rkph0enix
37K Followers 10K Following Infosec dork, boxer, poker player, dog owner/operator, spiller of things. Cars, vidya games, and cooking are my jam. #ChiefsKingdom and Royals fanatic. #SecKC
Lisa Forte @LisaForteUK
55K Followers 4K Following Cyber Security - Partner @redgoatcyber - Climber / Caver. she/her
Phillip Wylie @PhillipWylie
52K Followers 20K Following xIoT Security Evangelist @phosphorusinc | Offensive Security Expert | Phillip Wylie Show Podcast Host @thehackermaker | @pentesterblue coauthor
Rana Khalil 🇵🇸 @rana__khalil
56K Followers 843 Following AppSec Team Lead | OSCP | CEO & Instructor of @ranakhalilacad
Ashley - Serious Secu... @Infosec_Taylor
40K Followers 2K Following I made a Mastodon account! @[email protected]
Michael Koczwara @MichalKoczwara
23K Followers 2K Following Threat Researcher/Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/VQWaze6gaF
Matthew @embee_research
14K Followers 2K Following Security Researcher, Creating and Sharing Educational Content.
Max_Malyutin @Max_Mal_
13K Followers 310 Following Threat Researcher, Blue Team, DFIR, Malware Analysis, and Reverse Engineering. “⚔️What do we say to God of malware, Not today⚔️”
CyberDiobi @OfficialDiobi
25 Followers 86 Following CybersecurityAnalyst | Web3 | Copywriter | Brand designer | U need multiskill guy to replace 5 staff. *For free.* #open_to_work #Softskill #hardSkill
Shirley @shirleydonohue8
309 Followers 3K Following
Yqucui @Yqucui368
78 Followers 2K Following
Kalanchoe @Kalanchoe_122
648 Followers 941 Following Success doesn't come from luck, but from effort.
Qanon @qanonfree
4 Followers 4K Following
hell-00 @he1100_1100
669 Followers 7K Following
Hussein Sherafat @Hussein_Sherafa
233 Followers 6K Following
Michale Zemlak @MichaleZem6337
79 Followers 4K Following
Norbert @NB1r0
58 Followers 3K Following
Bloreale @Bloreale163145
108 Followers 3K Following
RuanRun @RuanRrje
4 Followers 74 Following
Emilie Kreiger @EmilieKrei79519
30 Followers 2K Following
Matthew Flynn @LoveFromFLYNN
840 Followers 3K Following You only live once 🤘 Holding a Nationially recognized trophy for innovation in marketing and sales / Former chairman of board @Hilton / Former IT for @Apple
Brando Daugherty @BrandoDaug84026
71 Followers 3K Following
Nicolas Octaviani @bassfaerie
16 Followers 295 Following
Firienoo @Firienoo902185
47 Followers 625 Following
Susie Klein @SusieKlein51875
1 Followers 169 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,0 00. If interested, please contact https://t.co/iY0qRNANyy
Charmarkeh youssouf @charmarkeh_ys
2K Followers 2K Following
Null Pwner @NullPwner
259 Followers 808 Following Turning random hashes into aha-moments. Coffee fueled. Views mine.
John Sanders @Sandman46615
124 Followers 2K Following
𝙽𝙴𝚃𝚁𝙴�... @netresec
9K Followers 815 Following Experts in Network Forensics and Network Security Monitoring. Creators of #NetworkMiner, #CapLoader, #PacketCache, #PolarProxy and #RawCap.
Franklin Oyelami @DrFranklincyber
1 Followers 57 Following works at whitvid security sales Executive
Mike Matthew @MikeMatthew_20
190 Followers 481 Following
Joe Mamba @QBohli
4 Followers 356 Following
IT Consultant |Cloud ... @Michael48770938
344 Followers 900 Following 👉 “💻 Remote IT Support | Google Workspace & Office 365 | Helping businesses stay secure & productive | Hire me on Upwork ⬇️” #upwork #IT #job #freelance
Shina Mashiro @ShiinaaM
401 Followers 3K Following Microsoft Sentinel Enthusiast | 4n6 Investigator | Cloud Security | 🇮🇩 S.Kom
ZaraChristie @236d7kLt5V1N5
86 Followers 2K Following
thenovicereverseengin... @Dnoviceanalyst
16 Followers 373 Following
Bhargav Rathod @malwr4n6
367 Followers 3K Following All things DFIR & Malware Analysis | macOS/iOS DFIR & Malware Research | Security Analyst @ Salesforce | OC-DFRWS | GIAC - GREM, GIME & Advisory Board Member
Sa9lo @S49L0
0 Followers 2K Following
Expansive Labs @ExpansiveLabs
1 Followers 20 Following Empowering Data, Advancing Health, Shaping the Future. https://t.co/Y1TjBpdZQs
وليد الحسين @waledalhusain97
19 Followers 491 Following
cyberdef049899909 @cyberdef0481677
0 Followers 176 Following
Theetue @Theetue134582
103 Followers 6K Following
PhantomPanda @Phantom_Panda__
6 Followers 374 Following
alden @birchb0y
3K Followers 2K Following sr threat researcher @ huntress • re/malware enjoyer • macOS security
Veronika @Veronika91429
0 Followers 12 Following
spider @LulleLullu63135
133 Followers 3K Following
vx-underground @vxunderground
368K Followers 290 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Dave Kennedy @HackingDave
223K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
John Hammond @_JohnHammond
298K Followers 3K Following Cybersecurity Researcher @HuntressLabs || Just Hacking Training @JustHackingHQ w/ @ethicalhacker || https://t.co/UtsNJiyQtS || https://t.co/narO3sz7y6
TryHackMe @RealTryHackMe
282K Followers 103 Following An online platform that makes it easy to break into and upskill in cyber security, all through your browser.
meg west @cybersecmeg
151K Followers 937 Following Tweets about #dogs & travel & fitness & cybersecurity, oh my! Opinions are my own. 📧: [email protected]
SwiftOnSecurity @SwiftOnSecurity
405K Followers 9K Following computer security person. former helpdesk.
4n6lady @4n6lady
62K Followers 669 Following #DFIR & #BlueTeam | IR & Threat Detection | #OSINT enthusiast | waiting for HL3 | AWS CIRT - my views are my own
Intigriti @intigriti
193K Followers 658 Following Bug bounty & VDP platform trusted by the world’s largest organisations! 🌍
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Nicole Beckwith @NicoleBeckwith
42K Followers 7K Following Director, Security Operations @kroger 🍓 Intel, Hunting, IR, Detection Engineering, Insider Risk, Fraud & Forensics 💻 Fmr LE & DFIR for OH & Secret Service TF.
Lina @d0rkph0enix
37K Followers 10K Following Infosec dork, boxer, poker player, dog owner/operator, spiller of things. Cars, vidya games, and cooking are my jam. #ChiefsKingdom and Royals fanatic. #SecKC
Florian Roth ⚡️ @cyb3rops
206K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
gabsmashh @gabsmashh
107K Followers 3K Following security strategist | 2L JD Candidate | NYU alum | UMGC adjunct professor | USMC & USCG auxiliarist
TCM Security @TCMSecurity
207K Followers 360 Following Come learn to hack at TCM Security Academy! Veteran owned. Quality results.
Ali Hadi | B!n@ry @binaryz0ne
33K Followers 565 Following DFIR and Adversary Simulation | DFIR @ ProtonMail
HackerRats - Uncle Ra... @theXSSrat
154K Followers 945 Following Alone we survive, together we prosper. Are you with me? https://t.co/AfnDsVhqqA
Ben Sadeghipour @NahamSec
233K Followers 1K Following Cofounder @hackinghub_io | Advisor @CaidoIO. I hack companies and make content about it. #NahamCon organizer. ex @hacker0x01🇮🇷
PentesterLab @PentesterLab
190K Followers 0 Following We make learning web hacking and security easier. Online systems, code review, videos & courses that can be used to understand, test and exploit bugs!
OccupytheWeb @three_cube
247K Followers 3K Following Pentester, Forensic investigator, and former college professor. Trained hackers at every branch of US military and intelligence. Visit me at https://t.co/G478wufszw
db @whokilleddb
1K Followers 500 Following Maldev @bhinfosecurity | Finding increasingly stupid ways to do simple things
Josh Reynolds (jmag) @JershMagersh
2K Followers 428 Following Malware analysis and reverse engineering. Sometimes I write code to do these things. Founder @InvokeReversing. Tweets are my own.
EQ Bank @EQBank
4K Followers 2K Following Over 500k Canadians earn high interest and pay ZERO fees on everyday banking. 💰 Discover what less take, more make could do for your money. #MakeBank
CODE WHITE GmbH @codewhitesec
7K Followers 41 Following Red Teaming. Security Research. Continuous Penetration Testing. Threat Intelligence.
watchTowr @watchtowrcyber
9K Followers 13 Following watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
Invoke RE @InvokeReversing
2K Followers 93 Following Empowering you to take on today's toughest threats.
Austin Larsen @AustinLarsen_
1K Followers 1K Following Principal Analyst @Google Threat Intelligence Group
Nextron Research ⚡�... @nextronresearch
2K Followers 10 Following Nextron Systems Threat Research Team research (att) https://t.co/QTt2X62dXP
Expel @ExpelSecurity
13K Followers 281 Following The leading MDR provider trusted by some of the world’s most renowned brands to expel adversaries, minimize risk, & build security resilience. https://t.co/uTjUcRDveB
andrew danis @andrewdanis
2K Followers 915 Following DFIR | threat intel | detection engineering. @halo player for @Vyrus_eSports. vocalist. views are my own.
Brian Armstrong @brian_armstrong
1.6M Followers 780 Following Co-founder & CEO at @Coinbase. Creating more economic freedom in the world. ENS: barmstrong.eth Co-founder @researchhub @newlimit
flux @0xfluxsec
1K Followers 941 Following Cyber professional (red team), security and systems programming | Rust | https://t.co/QIih2B7vya | https://t.co/VC3xsm0Wvq
Jonathan Peters @cod3nym
773 Followers 101 Following Threat Researcher | Detection Engineer @nextronsystems @nextronresearch #Yara enthusiast | C# Developer
Huntress @HuntressLabs
37K Followers 536 Following Managed #cybersecurity without the complexity. EDR, ITDR, SIEM & SAT crafted for under-resourced IT and Security teams.
club1337 @club31337
2K Followers 71 Following Threat Intelligence & Security Research • Telegram: https://t.co/dyJBoFbrgr
FreedomHack✊�... @freedomhack101
365 Followers 5 Following All my link : https://t.co/ygcojWcGjF Thank you for all following. ㅤ
SecAI @SecAI_AI
590 Followers 112 Following Innovative threat intelligence-driven and AI-powered company aiming at cyber threat detection and response. 🏢 https://t.co/0FL345uw8M 🔎 https://t.co/5mM9C3Boux
Null Pwner @NullPwner
259 Followers 808 Following Turning random hashes into aha-moments. Coffee fueled. Views mine.
NexusFuzzy 💩 @NexusFuzzy
2K Followers 316 Following Infostealer hunter by night, threat actors’ headache 24/7. I track C2s, ruin botnets, and make cybercriminals rethink their life choices
NoPhishInHere @NoMorePhis
161 Followers 4 Following Bot Account Created by: @RacWatchin8872 Phishing Reports Github: https://t.co/DSO9VLbMhS
ransomfeednews @ransomfeednews
3K Followers 61 Following Ransomfeed empowers businesses and individuals with #datadriven insights on #ransomware threats | #ransomfeed
Cookie Connoisseur @browsercookies
2K Followers 93 Following Ex-Unit 350: Elite cookie ops. Perfect bake temp. No ties to Unit 8200.
𝙽𝙴𝚃𝚁𝙴�... @netresec
9K Followers 815 Following Experts in Network Forensics and Network Security Monitoring. Creators of #NetworkMiner, #CapLoader, #PacketCache, #PolarProxy and #RawCap.
Silent Push @silentpush
2K Followers 377 Following Preemptive cyber defense with Indicators of Future Attack™. Know First.
Operation Zero @opzero_en
6K Followers 0 Following The only Russian-based zero-day vulnerability purchase platform.
Bhargav Rathod @malwr4n6
367 Followers 3K Following All things DFIR & Malware Analysis | macOS/iOS DFIR & Malware Research | Security Analyst @ Salesforce | OC-DFRWS | GIAC - GREM, GIME & Advisory Board Member
Lukasz Olejnik @lukOlejnik
18K Followers 269 Following Security & Privacy. Data Protection. Research. Engineering. Analyst. Policy. W3C. Consultant. Author. Ph.D, LL.M. @warstudies
Mark Carney @MarkJCarney
532K Followers 778 Following Prime Minister of Canada and Leader of the Liberal Party | Premier ministre du Canada et chef du Parti libéral
PRODAFT @PRODAFT
9K Followers 11 Following Proactive Defense Against Future Threats | Pioneering #CyberSec and #ThreatIntelligence in Europe & MENA since ’12. CTI Platform: #USTA Risk Intel: #BLINDSPOT
John Althouse @4A4133
3K Followers 221 Following Founder & CTO at FoxIO Inventor of the JA4+ network fingerprinting suite. Also, JA3/S (TLS) HASSH (SSH) CYU (QUIC) JARM (TLS Servers)
alden @birchb0y
3K Followers 2K Following sr threat researcher @ huntress • re/malware enjoyer • macOS security
2ero @BaoshengbinCumt
3K Followers 944 Following #APT Hunter #CTI Twitter only represents my personal opinion
Traceix @usetraceix
17K Followers 416 Following Correlate binaries by behavior | Demo: https://t.co/elkZk1VrrC | Discord: https://t.co/jcZBvfLOic | Product of Revix Labs LLC
Ched "cheddar" 🧀�... @CheddarB0b42
2K Followers 3K Following day: helping students | night: homelab mad scientist | TryHackMe extremist (according to L-nkedIn automation) | personal views only https://t.co/lCaJ3wtNXe
malware_traffic @malware_traffic
2K Followers 0 Following
Shanholo @ShanHolo
2K Followers 362 Following Another blue team member…..#CSIRT #DFIR #Malware #4n6 #ThreatIntel and following the white rabbit...Trends for United States
You might like
