Nextron Systems @nextronsystems
Managed Compromise Assessments #YARA #IOCs #DFIR #APT #Sigma - the home of @thor_scanner, ASGARD and the Aurora Agent nextron-systems.com Frankfurt, Germany Joined July 2014-
Tweets630
-
Followers9K
-
Following86
-
Likes252
Even with the best defenses, attackers still find a way. Recent UK breaches show that policies & EDRs miss hidden threats like renamed binaries, web shells & malware-less persistence. 🛡️ Compromise Assessments with THOR uncover what others overlook. 👉 eu1.hubs.ly/H0mGtPy0
New Partnership: Nextron Systems x Arctic Wolf 🐺 Together, we’re strengthening SOC defenses with Nextron’s curated Sigma rule feed for sharper detection and broader coverage. Read more: eu1.hubs.ly/H0mGxhM0 #CyberSecurity #ThreatDetection #Sigma
We’ve partnered with Arctic Wolf 🐺 @AWNetworks - They extend their detection coverage with Nextron’s curated Sigma rule feed: 700+ high-quality rules - Most of our rules are generic, technique-focused, and designed to detect unknown threats - not just IOCs - We get structured…
𝗛𝗮𝘃𝗲 𝗮𝘁𝘁𝗮𝗰𝗸𝗲𝗿𝘀 𝗯𝗲𝗲𝗻 𝗶𝗻𝘀𝗶𝗱𝗲 𝘆𝗼𝘂𝗿 𝘀𝘆𝘀𝘁𝗲𝗺 𝗯𝗲𝗳𝗼𝗿𝗲 𝘁𝗵𝗲 𝗽𝗮𝘁𝗰𝗵? ToolShell exploits gave unauthenticated access. Web shells, stolen keys, persistence. 🕵️ Learn more in our blog post: eu1.hubs.ly/H0mxXnJ0
⏱️ Instant Timelines with THOR - No manual tagging. No log wrangling. DFIR expert Maurice Fielenbach shows how to map persistence in minutes: ✔️ Registry Run Keys ✔️ Startup folder implants ✔️ LOLBin payloads 👉 Step-by-step guide & tool usage here: eu1.hubs.ly/H0mvr2d0
New in ASGARD Analysis Cockpit v4.3: ✔️ Case Intelligence (suggested cases from intel) ✔️ THOR Cloud integration ✔️ Redesigned UI for smoother analysis A significant leap for forensic analysts. ➡️ eu1.hubs.ly/H0mtcNd0 #DFIR #ThreatIntel #ThreatHunting #ASGARD #THORCloud
A new lateral movement PoC was published on GitHub: SpeechRuntimeMove (COM Hijacking via SpeechRuntime DCOM) We added the repo to our stack to build, test, and analyze The sample uploaded to VirusTotal is already covered by at least 5 of our generic rules (VT only shows up to 5…
I keep seeing reports of attackers going after #ESX hosts – exporting VMs, cloning domain controllers, grabbing NTDIS files. Not really surprising. ESX often ends up being the quiet corner of the network where no one’s looking. Thing is: we’ve had some solid ways to deal with…
New in THOR Lite 📦 Archive scanning with YARA - previously exclusive to the full version 🧠 Curated rulesets from YARA Forge Two powerful features, now unlocked nextron-systems.com/2025/08/13/new…
Persistence without malware? Here's how attackers abuse T1547.001 using only built-in Windows tools - and how to catch them. 🕵️ 🔍 eu1.hubs.ly/H0mk5Tf0
THOR Cloud now supports webhooks ⚡️ Want to get alerted the moment a scan detects something on one of your systems? You can One webhook. One alert. No polling. Works even in the free THOR Cloud Lite Blog Post nextron-systems.com/2025/08/07/web…
Hidden Autostarts: An eye-opening tour of Run key variants you’ve probably overlooked Learn how attackers abuse T1547.001 not just with reg.exe, but also via PowerShell, VBScript, regini.exe, and even mshta.exe. eu1.hubs.ly/H0m6Xn-0
Plague: The PAM Backdoor That Slipped Past Every Scanner A stealthy Linux implant, undetected by all AV engines, hijacks PAM for silent SSH access. Learn how to uncover it and why YARA + behavior-based hunting matters. 🔗 eu1.hubs.ly/H0m7DT30 #Linux #ThreatHunting #YARA
What’s the most abused MITRE persistence technique? 🕵️ T1547.001 – Registry Run Keys / Startup Folder is #1, used by 54 threat groups. DFIR expert Maurice Fielenbach crunched the ATT&CK data. Read the key findings + detection tips 👉 eu1.hubs.ly/H0m3q2B0
Persistence is noisy - if you know what to listen for. We analyzed attacker telemetry and cut through the ATT&CK noise to dissect the most abused persistence method in the wild: registry run keys. Learn how to hunt it properly. nextron-systems.com/2025/07/29/det… by Maurice Fielenbach
⚡️ We’ve partnered with @threatray to combine deep code analysis and generic YARA-based detection - Soon THOR Thunderstorm matches enrich Threatray’s platform - Our analysts gain insights from Threatray’s Binary Intelligence Platform - Detection meets classification…
We analyzed the top 500 most successful THOR rules – “successful” meaning: they detected samples that were either ignored or missed by nearly all AV engines on VirusTotal. Some rules detect clear malware. Others reveal dual-use tools, renamed hacktools, misused admin binaries,…
This isn’t malware – it’s a controlled test case. But it shows something most YARA scanners simply can’t do. THOR performs in-memory matching with full segment awareness. In this case, the rule hits two regions in the same process: - One string in the memory of the loaded binary…
🚨 About CVE-2025-33053 - a crazy Windows execution flow vulnerability This flaw abuses how Windows resolves executable paths when trusted binaries spawn child processes without full paths. For example, a legitimate tool like iediagcmd.exe is launched from a .url file that…
We’ve released a CLI utility to transform THOR logs into Timesketch-compatible JSONL for timeline analysis Correlate findings across hosts and time, enrich your analysis, and integrate audit-trail logs Supports THOR and THOR Lite 🔗 nextron-systems.com/2025/06/11/fro…
Florian Roth ⚡️ @cyb3rops
206K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Stephan Berger @malmoeb
28K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Jake Williams @MalwareJake
142K Followers 2K Following Breaker of software | VP R&D @hunterstrategy | CTI/DFIR | @ians_security faculty | Bookings: jake at malwarejake dot com | GSE #150 | He/him
Justin Elze @HackingLZ
65K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
blackorbird @blackorbird
35K Followers 671 Following Peace and Love. Just Analysis/Hunter. #APT #threatIntelligence #Exploit #CTI Need Job
Ptrace Security GmbH @ptracesecurity
59K Followers 867 Following Empowering IT Security Professionals through Hands-On Online Courses.
Karsten Hahn @struppigel
24K Followers 757 Following MalwareAnalysisForHedgehogs, Principal Malware Researcher at GDATA, he/him 🦔🌈🏳️⚧️
Will @BushidoToken
36K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
Matthew @embee_research
14K Followers 2K Following Security Researcher, Creating and Sharing Educational Content.
Nasreddine Benchercha... @nas_bench
11K Followers 1K Following Detection @Splunk & @cisco | previously @nextronsystems | @sigma_hq & @magicswordio maintainer | Eternal Learner
Clandestine @akaclandestine
49K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
JAMESWT @JAMESWT_WT
37K Followers 506 Following #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
Gi7w0rm @Gi7w0rm
18K Followers 801 Following Threat Intelligence Analyst | See my Linktree for other socials | In case I post false intel, contact me! Support me: https://t.co/5WgDqr0K8p 🇪🇺🇩🇪🇺🇦🌈
Eric Capuano - Bsky: ... @eric_capuano
11K Followers 3K Following Co-Founder @recon_infosec | SANS DFIR Instructor | IANS Faculty | https://t.co/yUXCSu2Yso | ⬡ ❤ @shortxstack
Christopher Peacock @SecurePeacock
7K Followers 2K Following #PurpleTeam | Ex @RaytheonTech MSSP, @SCYTHE_IO, & @GD_OTS | Taught at BlackHat & DEFCON | #100DaysofSigma | Keep exploring, keep learning, and stay curious
Nathan McNulty @NathanMcNulty
17K Followers 1K Following Loves Jesus, loves others | Husband, father of 4, security solutions architect, love to learn and teach | Microsoft MVP | @TribeOfHackers | 🦋@nathanmcnulty.com
Jiří Vinopal @vinopaljiri
10K Followers 462 Following Threat Researcher at Check Point @_CPResearch_ #DFIR #Reversing - All opinions expressed here are mine only. https://t.co/iWvwWF1AnN
Saide Hossain @nemocyberworld
57 Followers 945 Following Offensive Security Researcher | Penetration Tester | Exploit Developer / Vuln Researcher
Jean Karlo Franco @_Mr_Jean_
4 Followers 88 Following
Watch Videos @WatchV56736
0 Followers 55 Following
clear @clear66666
0 Followers 38 Following
Ubaid @ubaidmume
330 Followers 7K Following Students use AI for answers but don't actually learn - I'm fixing that
PAOanalysis @darklevsec
0 Followers 82 Following malware and security researcher, bug bounty hunter, and threat hunter. PAO stands for persistence access Operations, btw
HAX Xyber @HA_X_YBERNET
2 Followers 30 Following I AM A JUNIOR CYBERSECRITY ANALYST AND COMPUTER SCIENCE STUDENT
shshp @shshp4
0 Followers 5K Following
ferhat acukcu( فرح... @ferhatacukcu
209 Followers 1K Following https://t.co/LhAVUw3t32 O nuru gönder İlahi, asırlar oldu yeter! Bunaldı milletin afakı bir sabah ister.
MSz @0xBathToaster
1 Followers 158 Following
Salman Asad ⚡️ @deathflash_xyz
30 Followers 427 Following Jack of all trades, master of none. @osm_sec | @BSidesVizag | @hacktronix_in Pentester @cobalt_io
Karim @karimelmasry42
43 Followers 102 Following Pentester (maybe). Reverse engineer (perhaps). Obsessed with @Apple products
⟖ΣđʎṧȺ Ꮆ⟡... @afroditakrystal
213 Followers 332 Following ♦️đᚬ⍫Ⱥ⚕️Ƥя¡ή¢εşş ɸƒ ꧅ ꓘ⸎⧖꩘Ҳ⚡ 💘ȺℲяɸđ¡†𐘡💮₳ŋđяɸɢ¥ŋɸʉȿ⚧️𓆙G⟁яđεη ɸƒ ΣĐΣИ✨ 𒀱Ⱥ¢¢¡đΣή†ȺʟᎩ Qʉ⟁ή†ʉʍ ßʟʎиđ𐌀🎱 ☄️Øя¡Ϟ¡и ⏩Ϙ☍⊗⧖⸎☄️ Ƥяɸиɸʉиȿ:Ⅎ𐌀Σ/Ƥя¡ή¢Σ⟆⟆👑 N¥ʍƒɸ-4¡иℲϬ☍
Pratyush P @pratyushp99
0 Followers 142 Following A chubby and bubbly ENFP | Your next door Cyber Guy | Pursues Cyber security for brain and literature for heart | A human golden retriever
Nick Pratley @NickPratley
0 Followers 322 Following
HxHippy @HxHippy
781 Followers 399 Following CTO & COO @Kief_ma | CCEH | Transforming AI & Cybersecurity Challenges into Business Solutions
Aaron tom @Aarontom495478
3 Followers 224 Following
Hannelore @Hannelore136913
0 Followers 84 Following
Pelle @Pelle68259996
1 Followers 81 Following
CloudMalwareStudioOSX @CMSOSXAI
7 Followers 799 Following https://t.co/qgFp0ACgjW [email protected] $cybersecurity $cyberprotections $cybersafeguards $cyberdefenses
HIMANSHU SHEKHAR @HARRYDEVIL_96
88 Followers 158 Following Cybersecurity Manager | Penetration Testing | AI & Automation in Infosec | VAPT & SAST | Technical Trainer | Python | Sharing hacks & insights for a safer digit
ペンドラゴン @cyberpendragon7
0 Followers 194 Following
rqk70qw9lk @rqk70qw9lk72416
1 Followers 185 Following
Omar H. Soliman @OmarHSoliman
105 Followers 741 Following Flutter ,Dart Developer 'Let your dreams flutter' 🐦
Neha Mavkar @Neha_Mavkar
3 Followers 180 Following
Poveda J. Philip @CsyNIT
5 Followers 864 Following Offensive Security, Enterprise Security. CISSP DFIR
عبدالباقي ع... @abdoh1596
2 Followers 201 Following يا من أظهر الجميل وستر القبيح، يا واسع المغفرة يا باسط اليدين بالرحمة يا صاحب كل نجوى يا منتهى كل شكوى يا عظيم العطاء
0xbaadcaffe @0xbaadcaff3
0 Followers 68 Following
PRiVYCOMIX @inter0hm
12 Followers 156 Following Eternal apprentices, i know everything of nothing and nothing of everything. -
tsunamipapi @tsUn4m1p4p1_ph
0 Followers 183 Following
TV @TV0997196213034
0 Followers 137 Following
Cyber Security @CyberSecur36119
2 Followers 53 Following
Kbaa Lucy @lucy69988
0 Followers 7 Following
Qanon @qanonfree
4 Followers 4K Following
Leorich✍️🔍🚀 @Leorich_1
76 Followers 1K Following Web3 Researcher 🔍 | DeFi Writer ✍️ | Web3 Builder 👷♂️
secit @secit888
5 Followers 603 Following
Sambam4mba @he31707900
8 Followers 917 Following Bor3d hacker of iot devices, security researcher? Security Breacher!
Ff @7zCooler
2 Followers 270 Following
JSP @jsp_0x
8 Followers 448 Following
Themyth @Themyth37210616
5 Followers 266 Following
Florian Roth ⚡️ @cyb3rops
206K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Unit 42 @Unit42_Intel
63K Followers 82 Following The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
blackorbird @blackorbird
35K Followers 671 Following Peace and Love. Just Analysis/Hunter. #APT #threatIntelligence #Exploit #CTI Need Job
Andrew Thompson @ImposeCost
39K Followers 1K Following Head of Research and Discovery (RAD) @Google Threat Intelligence Group via @Mandiant acquisition. Posts are attributable to me—not my employer. Former @USMC.
Karsten Hahn @struppigel
24K Followers 757 Following MalwareAnalysisForHedgehogs, Principal Malware Researcher at GDATA, he/him 🦔🌈🏳️⚧️
hasherezade @hasherezade
89K Followers 910 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
JAMESWT @JAMESWT_WT
37K Followers 506 Following #Independent #Malware #Hunter #CyberSecurity #InfoSec https://t.co/KCFBJcHHcW https://t.co/WODUKncjFy
Catalin Cimpanu @campuscodi
107K Followers 2K Following Parked account. I don't usually post here on a regular basis. Cybersecurity reporter. Check me out on BlueSky and Mastodon.
James @James_inthe_box
22K Followers 464 Following
Red Canary, a Zscaler... @redcanary
30K Followers 1K Following 24/7/365 threat detection and response across your cloud, identity, endpoints and everything in-between. We got you: https://t.co/pFNwBJN3d5
Nextron Research ⚡�... @nextronresearch
2K Followers 10 Following Nextron Systems Threat Research Team research (att) https://t.co/QTt2X62dXP
Gameel Ali 🤘 @MalGamy12
6K Followers 962 Following Threat Researcher @nextronsystems and volunteer at @vxunderground.
Joe Słowik 🌻 @jfslowik
28K Followers 1K Following CTI, OT/ICS, DE&TH, and related infosec content. Oh, and memes. And shitposting. Lots of shitposting.
volatility @volatility
22K Followers 10 Following Official account of the Volatility Memory Analysis Project and Windows Malware and Memory Forensics Training. https://t.co/A4TZ1FOjpg
Jai Minton @CyberRaiju
8K Followers 1K Following An Aussie who does cyber things | Threat Hunting Manager @HuntressLabs | Former Principal @CrowdStrike and HuntressLabs
Tom Anthony @TomAnthonySEO
14K Followers 547 Following CTO at @SearchPilot. Web dev since 1998. PhD in AI. Do bug bounties as a hobby. BlueSky: https://t.co/1BhrupWzeG
Dr. Anton Chuvakin @anton_chuvakin
41K Followers 9K Following Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast https://t.co/VpKtfz8nXG
AUSCERT @AusCERT
8K Followers 573 Following AU's pioneer Cyber Emergency Response Team, proudly part of UQ. We help our members prevent, detect, respond and mitigate cyber-based attacks. RTs ≠ endorsement
malc0de @malc0de
12K Followers 315 Following Owner of https://t.co/tokoVVgBZ1 an updated database of domains hosting malicious executables.
Briain Ó hEoghanáin... @BrianHonan
35K Followers 2K Following CEO of @bhconsulting, Head of Ireland's CSIRT @irisscert, & former Special Advisor on CyberSecurity to Europol. @[email protected] PGP ID 0xF1B5CF7D
MISP (@misp@misp-comm... @MISPProject
23K Followers 95 Following MISP - Threat Sharing. An open source software and standards to share, create and validate threatintel and intelligence. Mastodon @[email protected]
SpecterOps @SpecterOps
39K Followers 397 Following Creators of BloodHound | Experts in Adversary Tradecraft | Leaders in Identity Attack Path Management
VirusBay @virusbay_io
11K Followers 63 Following Playground for malware researchers. read: https://t.co/OcujiwCs7k | shop: https://t.co/GIXJcJerXg | Created by: @IdoNaor1 & @DaniGoland
David Ledbetter @Ledtech3
4K Followers 291 Following System Repair, Windows system tools ,Security research. IDA Challenged.
Malwrologist @DissectMalware
15K Followers 160 Following Senior Security Engineer @Amazon. Ex Assistant Professor. Opinions are mine; not my employer's. DM is open. Author of xlmdeobfuscator and https://t.co/eh1fMHMADE
ClearSky Cyber Securi... @ClearskySec
10K Followers 497 Following Cyber security and threat intelligence company
MalShare @mal_share
7K Followers 12 Following Public/Free #Malware sample repository #OpenSource: https://t.co/QGwuRxEDcs
Intezer @IntezerLabs
10K Followers 559 Following Tweets about security research, incident response, and SecOps automation. We built the Autonomous SOC platform - take a tour: https://t.co/wIvFULuQUA
RedDrip Team @RedDrip7
16K Followers 29 Following Technical Twitter of QiAnXin Technology, leading Chinese security vendor. It is operated by RedDrip Team which focuses on malware, APT and threat intelligence.
Nick Carr @ItsReallyNick
38K Followers 3K Following Tech Director / Threat Intelligence at Microsoft. Previously, Director of Incident Response & Intel Research at Mandiant. Former Chief Technical Analyst at CISA
Daniel Bohannon @danielhbohannon
18K Followers 582 Following Security Researcher @permisosecurity Previously: @Mandiant/@FireEye, @Microsoft Developer: Invoke-(Obfuscation|CradleCrafter|DOSfuscation) & Revoke-Obfuscation
Security-Insider @secinsiderde
9K Followers 3K Following https://t.co/ZFRxvZAKpz - Wissens- und Networking-Plattform für Spezialisten rund um die IT-Sicherheit. Pflichtangaben: https://t.co/bDgAPNka9I
Drunk Binary @DrunkBinary
12K Followers 3K Following Principal Adversary Hunter @dragosinc, Army Veteran (3rd ACR, 1/10CAV, CYBERCOM), Cocktail Scientist, Threat Researcher/Analyst | #FSD
Mohammed Aldoub م.م... @Voulnet
91K Followers 776 Following م.محمد قتيبة الدوب،مستشار ومهندس ومدرب عالمي بأمن المعلومات. Trainer & Cyber Security Consultant, DEFCON, SANS & RSA Speaker,CISSP GWAPT
ANY.RUN @anyrun_app
30K Followers 192 Following Empowering businesses with proactive security solutions: Interactive Sandbox, TI Lookup and Feeds. Sign up for free: https://t.co/8hIX0Qh5ME
Nils Kuhnert @0x3c7
1K Followers 463 Following Threat Intelligence. Infrastructure Analysis. APT Tracking. Stoked to learn and grow. MMA, Grappling and Brazilian Jiu-Jitsu. I'm also @[email protected].
Stefan @dfate1983
267 Followers 320 Following Servus, ich mache beruflich was mit IT (Security) und in meiner Freizeit spiele ich Paintball, streame auf Twitch und lade Youtube Videos hoch :)
Yolanda JP @yolandapaya
243 Followers 473 Following Graduada en Matemàtica Computacional. Perquè cada moment defineix com som, viu-lo.
IRISS @irisscert
4K Followers 62 Following IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) providing services to users within Ireland
CCB Alert @CCBalert
7K Followers 202 Following CCB Alert is the advisory page of the Centre for Cybersecurity Belgium @CCBbelgium. Use [email protected] for interaction.
Directoratul Naționa... @DNSC_RO
5K Followers 549 Following Directoratul Național de Securitate Cibernetică (DNSC) The Romanian National Cyber Security Directorate (DNSC) https://t.co/p9RxfoyITb
SI-CERT @sicert
4K Followers 79 Following Slovenian Computer Emergency Response Team SI-CERT is the main contact point for reporting security incidents involving systems and networks located in Slovenia
CERT.at @CERT_at
5K Followers 498 Following https://t.co/gzNtW4vnrt is the Austrian national CERT. RFC 2350: https://t.co/MFBOwz716E… RT ≠ endorsement @[email protected] (Fediverse) #IOCX
CERT-Bund @certbund
22K Followers 595 Following Federal Computer Emergency Response Team of Germany @bsi_bund | About: https://t.co/tVk97zVyJD | Privacy: https://t.co/konTUUP70U
Andrew Case @attrc
28K Followers 4K Following @Volatility Core developer, Dir. of Research @Volexity, @lsucyber, The Art Of Memory Forensics Co-Author
{R00T$EⒸT0R} Baki D... @Rootsector
2K Followers 312 Following Wenn Sie versuchen, Ihre Systeme Idioten sicher zu machen, wird es immer einen Idioten geben, der einfallsreicher ist als Sie...
Alan Woodward @ProfWoodward
32K Followers 767 Following Computer Scientist with particular interest in cyber security & quantum technology.Trends for United States
You might like
