Ian Howard @ih_forensics
#DFIR type person. Views are my own. England, United Kingdom Joined March 2016-
Tweets290
-
Followers196
-
Following394
-
Likes2K
🧵1/2 Defenders, looking to spot or simulate adversaries scanning your network shares? Building on the excellent work of @TheDFIRReport, we are releasing our latest blog, "Sharing is Not Caring: Hunting for Network Share Discovery" Blog: splunk.com/en_us/blog/sec… #threathunting
The #WindowsForensicAnalysis poster has been revised to support modern Windows investigations! Use it as a cheat sheet of WinXP - Windows 11 operating system artifacts & a means to discover important artifacts. Download now! 👉sans.org/u/1nNm @chadtilbury @4enzikat0r
Real talk: Running SOC at scale - super fucking hard. I can't do it. I've watched people labor for it. In all noise, antivirus alerts are the most important signal you'll ever get. Even if it's mostly adware. That AV cleaned something means an attacker with shell will try again.
Reverse Engineering a #CobaltStrike #malware sample and extracting C2's using three different methods. We'll touch on #cyberchef, #x64dbg and Speakeasy from fireeye to perform manual analysis and emulation of #shellcode. A (big) thread ⬇️⬇️ [1/23]
Wow, I was not aware of this. Sharing since I’d believe this can be useful.
This time our fictional company CyberCorp decided to deploy #EDR solution. As a member of threat hunting team you'll have to investigate the breach using telemetry, collected to #threathunting platform. JSON dataset is also available😉 Happy Hunting!🎯 cyberdefenders.org/labs/75
We are pleased to announce the release of the 1st #BlueTeam challenge from @malware_traffic great collection. We'll continue to add more in the upcoming days. Give it a try @ cyberdefenders.org/labs/17 & validate your #PCAP analysis skills. #DFIR #InfoSec #CyberSecurity #Malware
A few years dated, but I know how you all love lists so here's 411 Windows Security Event IDs complete with their summary and security messages, direct from Microsoft. microsoft.com/en-us/download…
Today, @Haus3c released a new post called, "Kerberosity Killed the Domain: An Offensive Kerberos Overview" Ryan consolidates many core concepts of modern Kerberos attacks into a concise reference post. Link: posts.specterops.io/kerberosity-ki…
Today I'm releasing an updated version of Sysmon-Config which adds DNS logging with extensively researched and tested exclusions that massively reduce the event load generated. There's nothing else like this on the market. github.com/SwiftOnSecurit…
Alert fatigue is often a matter of artificially limited problem space. Analysts aren't allowed or empowered to solve problems closer to where they occur by tuning detection. Instead, they are relegated to dealing with the output. They're treating symptoms and not afflictions.
and here we go for another #threathunting mm for getting ppl familiar with some of the most common ports,process combinations in Windows that can be used for hunting or analysis of specific events. bit.ly/2QwHGAj (to interact with mm in webview)
Great end to a great week with @SANSEMEA and @j3ssgarcia on the SANS610 Reverse Engineering Malware course. 6th in today's challenge, one off a coin but very happy with the result all the same. Can't wait to get back and start putting it all into practice! #DFIR
Hunting for suspicious 4625/4624 is not an easy task (requires several layers of baselining), as promised here is a starting point summarized in one mindmap #threathunting #dfir
Tesco's 2020 cyber-security graduate scene is open. Excellent opportunity to get a foot on the #cybersecurity career ladder and be involved in technology at a truly epic scale #dfir #tescotechnology lnkd.in/d5hybS5
Whilst not exhaustive (and neither does it claim to be) this cheat sheet is a fantastic resource for forensic artifacts, analysis techniques, live commands, tools and potential detections for both people new to the field of #DFIR and those already well en…lnkd.in/dnGnuTS
Volatility 3 has been released! DFIR folk will know Volatility as one of the go to open source projects for memory forensics and it looks like the latest version has been rewritten from the ground up... Python 3 based, no more OS p…lnkd.in/d4-m8ZA lnkd.in/dHjKZ-y
Parliament Square - you shut down our Parliament, we’ll shut down the streets. Johnson should be worried. 😠✊🇪🇺 #StopTheCoup #stopboris
Detecting both real time and #dfir traces of RDP tunneling using Windows Event Logs: a) (How) - blog.menasec.net/2019/02/threat… b) Example of Logs: github.com/sbousseaden/EV…
Meara Mickala @MearaMicka64889
1 Followers 98 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/UlshPeHFcq
VivienFrances @3CINO8oyG702ge
50 Followers 3K Following
darkgh0ul @darkgh0u1
146 Followers 3K Following security is just an illusion clouding our mind, thus we are only as secure as our weakest link.
DFIR Diva @DfirDiva
21K Followers 5K Following DFIR Analyst trying to learn all the things | DFIR Blog for Beginners | Founder @GetYourStart | https://t.co/7cHco4FjUS
Virginia @j_virginia81
229 Followers 3K Following
Dancho Danchev @dancho_danchev
941 Followers 843 Following https://t.co/a799SaCHrK | https://t.co/rEfkd2rvEo | Security Blogger | Threema ID: https://t.co/nkW6jxeaYk | @ZDNet | @Webroot | @WhoisxmlAPI
Alex @ThisIsFineChief
55 Followers 340 Following Incident response consultant and a die-hard Derby County fan!
Michael Koczwara @MichalKoczwara
23K Followers 2K Following Threat Researcher/Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/VQWaze6gaF
Sann @Sannanthaloh
17 Followers 374 Following
Alex Malo @alexmalo_96
21 Followers 181 Following
Spencer Walden @__Masq__
776 Followers 4K Following Principal Cyber Threat Analyst @Centene #cti #ctf #blueteam #dfir #malware #netsec #infosec
Forensicator Brand Cl... @4n6k8r
161 Followers 897 Following I’m a #DFIR mentor 20 years in consulting who decided to launch a clothing line for Forensicators.
Justice4bameuk @justice4bameuk
55 Followers 675 Following working with individuals to expose corruption in organisations,police and the Justice system especially ethnic minorities who are victims of systemic racism...
Vincent.Y @v_iy64
141 Followers 5K Following
Maya Jones @_MayaJones
93 Followers 499 Following Te Whanganui-ā-Tara. Friendly neighbourhood privacy enthusiast. This account is for the tweets I wouldn’t mind my Mum seeing. Tweets ≠ employer’s views #NZPORT
Nisa TÜRKMEN @ntr_nisa
101 Followers 570 Following DFIR, Threat Intelligence and Hunting👩🏻💻 @GarantiBBVA
Ahmed @ahmedjunid007
31 Followers 176 Following
Cyber Analyzer @cyberanalyzer
2K Followers 4K Following Malware Analyst #CyberSecurity #Malware #ThreatIntel #Ransomware #OSINT #Phishing #Maldoc #DFIR #InfoSec
Santiago Martín @Endp01nTDef
18 Followers 235 Following Infosec person, father/geek with keen interest in all tech, comics and working out when I can... Views are my own....
Alex @cryptogramfan
302 Followers 546 Following
Dounya BEN-HABIB @HiveInk
27 Followers 675 Following Passionate about Geopolitics; CyberSecurity and innovation; would like help finding a way to be more efficient through automation & innovation 💡
Munewolian @munewolian
9 Followers 385 Following
Faisal Alfaifi @D0esN0tExist
638 Followers 527 Following
Muhamed Loshi @muhamed_loshi
25 Followers 1K Following
Antoine Faucher @afaucher79
17 Followers 731 Following
Angrymarmot @dogstarnetworks
36 Followers 152 Following Principal DFIR consultant, OSCP, SLAE-32, formerly CCNP, 20+ years of technical experience in networking & infosec. Opinions are my own.
Michael M @MMatthews32
45 Followers 642 Following
Mohammed Farhan @cw_use
180 Followers 875 Following #DRIR | #ReverseEngineering | #ThreatHunting | #OT |
Nate M. @Nate_M_
6 Followers 479 Following
LLHS @LHS_LON
1K Followers 910 Following Offensive & defensive technical security meetup for women Ethos is women centric not women exclusive Focus is building technical knowledge & skills in Cyber Sec
BWAMBROSE @HappilyLiterate
113 Followers 764 Following
sk @cyb3rsk
247 Followers 1K Following
Mlinux @Mlinux2
4 Followers 335 Following
Jonathan Rajewski @jtrajewski
3K Followers 1K Following Digital Forensics & Incident Response, Expert Witness, @TEDx Speaker. Husband & Dad. Views are my own not my employer.
Sajag Chaturvedi @sajagchaturvedi
165 Followers 905 Following vExpert | VMWorld Speaker|VCIX-NV|2xDCV6.5|NV6|Virtualized SDDC & SDN Design & Implementation Architect.
OWASP WIA London @WiaLondon
368 Followers 564 Following Introducing, the OWASP WIA London Chapter! Sign up to our next event here: https://t.co/N9fbHBJwqS
TwiceSafe Software So... @TwiceSafe
22 Followers 252 Following Software solutions for criminal & civil investigations. Manage complex investigations from start to finish, including Patrol, Major Crimes, Cyber and DFIR.
Bandar Alanazi @mrAn61
258 Followers 2K Following Digital Forensics Investigator #DFIR | Incident Responder | Security Researcher | Always learning | Check this out https://t.co/4HhyJiQTVd
Mk @bombzip1
46 Followers 2K Following
Kvetch @NBaronian
131 Followers 2K Following
Kathryn Hedley @4enzikat0r
3K Followers 802 Following #DFIR & #DFIRFit geek, SANS Author/Instructor #FOR308, Instructor #FOR500. All opinions mine.
Bad Sector Labs @badsectorlabs
8K Followers 503 Following Cybersecurity news, techniques, exploits, and tools every week at https://t.co/UgKmeEEjIV 🐘 @[email protected]
Jean-Pierre LESUEUR (... @DarkCoderSc
8K Followers 265 Following Security & Malware Researcher / Developer. Microsoft MVP Bluesky : darkcodersc
JAMESWT @JAMESWT_WT
37K Followers 507 Following #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
John Breth (JB) | Cyb... @JBizzle703
31K Followers 756 Following Founder (@jbc_sec) | IT/Cyber Architect | Author ▶️ https://t.co/tQe0lylvuo Maine born | CyberSec Pitbull USAF UMUC JHU #AWSCommunityBuilder #CiscoChampion
Chris Duggan @TLP_R3D
7K Followers 3K Following Head of Threat Informed Defence for a FSTE 100 | Malware Geek | Curated Intel Member | Threat Intelligence Expert Extraordinaire
Lukas Beran @lukasberancz
2K Followers 243 Following Senior Security Researcher (DART) @Microsoft. Opinions are my own. #MSIncidentResponse #DART #Microsoft365 #EntraID #DefenderXDR #Sentinel
BSides London @BSidesLondon
11K Followers 1K Following 📅 13 Dec 2025 | 📍 Novotel London West Grassroots-driven security conference. Built by the local InfoSec community, for the community. #BSidesLDN2025
FalconFeeds.io @FalconFeedsio
59K Followers 783 Following Democratizing Cyber Security. Threat intelligence platform for Cyber Security professionals and business. For API integration contact: [email protected]
Amitai Cohen 🎗️�... @AmitaiCo
2K Followers 632 Following ✦ researching threats @wiz_io 🐞 maintaining vulns @cloudvulndb 🎙️ casting pods @ https://t.co/9Jsah9BjbO
Matt Creel @Tw1sm
1K Followers 232 Following Adversary Simulation @ SpecterOps | OSCP | CRTO | https://t.co/LfiIqD4M4l
Forrest Kasler @FKasler
540 Followers 394 Following Climber, Penetration Tester, Code Junkie, Malware Enthusiast @specterops
sapir federovsky @sapirxfed
5K Followers 183 Following Doing things @wiz_io And then doing more things at home | failed research blog: https://t.co/j2HT1Tpscs
Philip Elder @MPECSInc
2K Followers 374 Following Microsoft MVP '09-Present. We design & build HA solutions for on-premises, data centre, & hybrid. Workload Migration Specialists. Active Directory Security.
CCob🏴�... @_EthicalChaos_
9K Followers 437 Following Ceri Coburn: Hacker | R̷u̷n̷n̷e̷r̷ DIYer| Vizsla Fanboy and a Little Welsh Bull apparently 🏴 Author of poorly coded tools: https://t.co/P6tT2qQksC
Stuart Ashenbrenner �... @stuartjash
2K Followers 1K Following Principal macOS Security Researcher at @HuntressLabs | Creator of @Crash_Security | Reviewer at @bestthrillbooks | @MillennialGirlDad on @SubstackInc
alden @birchb0y
3K Followers 2K Following sr threat researcher @ huntress • re/malware enjoyer • macOS security
Rafael Rivera @WithinRafael
16K Followers 0 Following Forward engineer by day, reverse engineer by night. Le Cordon Bleu. Windows Dev MVP alum.
Dan Lussier @dansec_
169 Followers 143 Following Information Security, Principal Engineer | Co-Founder https://t.co/DZQ00hEdkw
Ru Campbell @rucam365
8K Followers 1K Following Microsoft Security MVP • Dad, metal, lifting, wrestling, cars • Author, Mastering Microsoft 365 Defender • @Threatscape • @M365SandCUG • https://t.co/CaVgOm8IvJ
DFIR Diva @DfirDiva
21K Followers 5K Following DFIR Analyst trying to learn all the things | DFIR Blog for Beginners | Founder @GetYourStart | https://t.co/7cHco4FjUS
Aeon Timeline @AeonTimeline
1K Followers 48 Following Aeon Timeline is the digital tool for creating beautifully organised, data rich timelines.
Tom Hegel @TomHegel
7K Followers 750 Following Threat Research Lead @SentinelOne, Advisor with @ValidinLLC
Dirk-jan @_dirkjan
28K Followers 206 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Dr. Nestori Syynimaa @DrAzureAD
20K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)
Censys @censysio
10K Followers 1K Following Censys is the source for real-time Internet intelligence and actionable threat insights for governments, F500 companies, and leading threat intel providers
Fox_threatintel @banthisguy9349
14K Followers 261 Following Just a person who is against cyber crime and dictators like Putin
Paul (DEFENDER) @Threatzman
2K Followers 392 Following Infosec techie, product manager (PM) for Microsoft Defender for Endpoint. Lead author for https://t.co/7KA8PZ12oU - my opinions are my own. [email protected]
Deutsche Telekom CERT @DTCERT
5K Followers 44 Following Technical tweets for technical folks by Deutsche Telekom CERT, CTI, and DFIR. #dfir #cyber #cert #cti #TelekomSecurity
watchTowr @watchtowrcyber
9K Followers 13 Following watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
Justin Ibarra @br0k3ns0und
2K Followers 917 Following Tech Lead, security intel @elastic @elasticseclabs via @endgameinc | security research | detection engineering | bench press: 455lbs & 📈 | I like my own tweets
Doug Metz @dwmetz
1K Followers 723 Following Security Forensics at Magnet Forensics. 🔎🚨DFIR , 🥃 Bourbon Whisperer, Steampunk, Mystery & the Macabre 😱. https://t.co/d1ZoRYfxMg
Alex Teixeira @ateixei
3K Followers 952 Following I design and build #SIEM content for a living. Editor at https://t.co/WIrKw7X1p5 #DetectionEngineering & Research, #ML #Stats x-Splunk
Bert-Jan 🛡️ @BertJanCyber
4K Followers 563 Following CSIRT | https://t.co/Tu1l2ZFe0T | Microsoft Security MVP | Blue & Purple Team | SOC | SIEM | Threat Hunting | Detection Engineering | #KQL |
Brett Callow @BrettCallow
9K Followers 196 Following Managing Director, Cybersecurity & Data Privacy Communications @FTIConsulting
rootsecdev @rootsecdev
26K Followers 1K Following Senior Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.
S4ntiagoP @s4ntiago_p
3K Followers 852 Following Infosecing at @MDSecLabs, ex @CoreSecurity CVEs: -1
Jonny Johnson @JonnyJohnson_
8K Followers 419 Following Principal Windows Security Researcher @HuntressLabs | Windows Internals & Telemetry Research
Wild West Hackin' Fes... @WWHackinFest
14K Followers 476 Following Join us for Wild West Hackin' Fest - Deadwood 2025! Conference: Oct. 8-10, 2025; Pre-Conference Training: Oct. 7-8, 2025.
Elliot @ElliotKillick
3K Followers 40 Following Security engineer and researcher | Elliot on Security
Invictus Incident Res... @InvictusIR
2K Followers 30 Following Helping organizations respond to cyber incidents in the cloud | 🆘 24/7 support https://t.co/zfF62gimvm | 📚 Academy https://t.co/GH0u8tmjXJ
hackerxbella | Allie ... @hackerxbella
5K Followers 700 Following Principal analyst @Forrester bringing cyberattacks into the context of today's biggest global events infosec, opinionated human - tweets = mine
Jasper @PacketJay
5K Followers 2K Following Head of Incident Response @gdata_adan. Creator of TraceWrangler. Member of the Board of Directors of the #Wireshark Foundation. My thoughts are my own.Trends for United States
You might like
