Aaron @usrclass
DFIR Stuff Joined July 2018-
Tweets43
-
Followers101
-
Following513
-
Likes71
🧵We are excited to share that @Zeekurity is now a component of @Microsoft @Windows ! An incredible development that truly establishes Zeek as the de facto standard for #networkevidence: corelight.com/company/zeek-n… 1/4
Blog: A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion by William Backhouse ( @Will0x04 ), Michael Mullen ( @DropTheBase64 ) and Nikolaos Pantazopoulos research.nccgroup.com/2022/09/30/a-g…
In case you missed it at #BHUSA, check out @tr1ana's Monkey365, a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews research.nccgroup.com/2022/09/07/too…
Blog: Back in Black: Unlocking a LockBit 3.0 Ransomware Attack - explores some of the TTPs employed by a threat actor who were observed deploying LockBit 3.0 ransomware during an incident response engagement - by @rdi_x64 - research.nccgroup.com/2022/08/19/bac…
Blog: Top of the Pops - Three common ransomware entry techniques by @MMatthews32
Blog: Climbing Mount Everest: Black-Byte Bytes Back? - research.nccgroup.com/2022/07/13/cli… by Michael Mullen and Nikolaos Pantazopoulos
Are you using any of the Microsoft Security products and/or #Sentinel? Then this thread is for you! The best resources for #KQL Advanced Hunting Queries or Analytics rules in my opinion. #MDE #ThreatHunting #Detection #DFIR
Blog: Metastealer - filling the Racoon void - research.nccgroup.com/2022/05/20/met… by by Peter Gurney
Blog: North Korea’s Lazarus - their initial access trade-craft using social media and social engineering by @MMatthews32 and Nikolaos Pantazopoulos - research.nccgroup.com/2022/05/05/nor…
Blog: LAPSUS$ - Recent techniques, tactics and procedures - research.nccgroup.com/2022/04/28/lap… - by @davidbrown1982 @MMatthews32 and @_bobbysmalls
Blog: Adventures in the land of BumbleBee – a new malicious loader - research.nccgroup.com/2022/04/29/adv… by @Mike_stokkel, Nikolaos Totosis and Nikolaos Pantazopoulos
Great effort by the team who have been working hard on this one. The detection mentioned is well worth monitoring for.
Great effort by the team who have been working hard on this one. The detection mentioned is well worth monitoring for.
Thanks to all the folks in the community doing what you do, we appreciate you: @ankit_anubhav,@likethecoins,@BushidoToken,@James_inthe_box,@ffforward,@0xThiebaut,@MichalKoczwara,@malware_traffic,@Hexacorn,@beardofbinary,@DidierStevens,@MalwareRE,@ForensicITGuy,@Paulsec4
Blog: Log4Shell: Reconnaissance and post exploitation network detection - includes numerous @Suricata_IDS rules and IoCs - research.nccgroup.com/2021/12/12/log…
Blog: Tracking a P2P network related to #TA505 - we've identified a new peer2peer implant capability we attribute to the authors of Grace - research.nccgroup.com/2021/12/01/tra…
Analysis and reporting completed by @Kostastsale, @pigerlin, and @_pete_0 📢Shout-outs to @James_inthe_box, @TheRecord_Media, @malware_traffic, @redcanary, @Hexacorn, @DidierStevens, @nccgroup, @beardofbinary, and @campuscodi.
TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access research.nccgroup.com/2021/11/08/ta5…
Analysis and reporting completed by @Kostastsale Reviewed by @iiamaleks and @pigerlin 📢Shout-outs to @TheRecord_Media, @BHinfoSecurity, @malware_traffic, @NCCGroupInfosec, @redcanary, & @AltShiftPrtScn
BazarLoader and the Conti Leaks Discovery: AdFind, Advanced IP Scanner, PowerSploit, Nltest, Net, etc. Credential Access: ntdsAudit, ntdsutil, LSASS Access Defense Evasion: Process Injection C2: #CobaltStrike, AnyDesk Exfil: Rclone (upload to mega) thedfirreport.com/2021/10/04/baz…
Excited to tuck into this @sansforensics course next week.
Erica @3k6P4gRsZITK4
19 Followers 759 Following
Bianka @8uIMKKi9CJh9Hr
16 Followers 872 Following
Lea @Truiarvea032
17 Followers 861 Following
Casi Trade🔥 @CasiTradess8
556 Followers 7K Following 10+ Yrs Exp. | Crypto Trading & Analysis📈 #Bitcoin #XRP #ETH #Crypto My page, my opinion 👇 Currently on Lesson Five: Elliott Wave Impulses
Hunt.io @Huntio
3K Followers 917 Following https://t.co/9I6nRUiFjm is a service that provides threat intelligence data about observed network scanning and cyber attacks.
Barbara @barbara_munger5
344 Followers 3K Following
ChrisUeland @ChrisUeland
2K Followers 3K Following @HuntIO- Previously: @RecordedFuture , @SecurityTrails, @MaxCDN
Naga @nrnags
3 Followers 40 Following
Ru Campbell @rucam365
8K Followers 1K Following Microsoft Security MVP • Dad, metal, lifting, wrestling, cars • Author, Mastering Microsoft 365 Defender • @Threatscape • @M365SandCUG • https://t.co/CaVgOm8IvJ
RET2 WarGames @ret2wargames
2K Followers 2K Following Our industry-leading platform is the most effective solution for learning modern binary exploitation through a world-class curriculum developed by @RET2Systems
FrancescoSchifilliti @fschifilliti
281 Followers 3K Following DFIR, Cyber Intel Analyst | InfoSecurity Strategic Advisor | Trainer | Consultant
Doğan Fidancıoğlu @cumabakkali
18 Followers 2K Following
Mitch Clarke @snozberries_au
368 Followers 303 Following Mandiant incident response lead, United Kingdom and Ireland
0CM @0CM12
8 Followers 163 Following
cyberresponder @Malwarenailed
267 Followers 3K Following tweets and opinions are my own. dfir/threat hunting/malware research
Alex @ThisIsFineChief
55 Followers 340 Following Incident response consultant and a die-hard Derby County fan!
Ryan Rollins @_Ryan_Rollins
12 Followers 78 Following
James Barrett @JNBCyber
150 Followers 2K Following PhD Student ~ PG Researcher ~ Associate Lecturer ~ Systems Engineer Intern ~ Support #opensource ~ Enjoy the circus of my tweets! 😎
MM @DropTheBase64
21 Followers 32 Following
Gianni Perez @ascalon60
472 Followers 4K Following I'm a cyber security professional and researcher working for @ey_us and a contributing writer with @securitytrails
Stephanie Simpson @simpsonatx
735 Followers 2K Following VP Product @scythe_io, woman leader in technology, innovator, loving mother, positive energy spreader
Chris Mayhew @ctmayhew
259 Followers 507 Following Slave to the write blocker. Occasionally jumps out of planes for fun.
Mbaunguraije Tjikuzu ... @mtjikuzu
736 Followers 4K Following Research | ICT Projects | Cyber Security
wngmws @engmedge
19 Followers 807 Following
DFIRDetective @DFIRDetective
1K Followers 759 Following Cassie | Summit/Conference Link Collector | Tech Enthusiast | #GCFE #GCTI #DFIR #OSINT | #LEO to #Cyber
cybert @Seebaer92165000
18 Followers 295 Following Geburt Schule Arbeit Tod. Some Security related stuff, but also unfiltered bullshit in german.
Tom Hall @thall_sec
469 Followers 263 Following Director, Cyber Incident Response and Remediation @PwC_UK. Ex Mandiant. All thoughts are my own.
Andrei R @ar3diu
25 Followers 1K Following
Ram Levi @ramlevi
2K Followers 4K Following Dad. CEO of @Konfidas - #Cyber & #Crisis Management Company. Frmr secretary of Prime Minister of #Israel National Cyber Taskforce. @reichmanuni Adjunct Prof.
Mario de Sousa Lima @MarioSousaLima
130 Followers 5K Following
Massimino Fabrice @MassiminoFabri2
0 Followers 136 Following
scsideath @cybersyrupblog
2K Followers 4K Following COO https://t.co/5v2a20mGMs | DC541 | DC416 | DC604 | DFIR | Malmons trainer gotta catch em all | My opinions are my own
Sreeman @SreemanShanker
23 Followers 1K Following
Drew @drew_chaos
112 Followers 608 Following Hacker, CEO, GAN Hunter, Kiwi, Phreak, SOC/MSSP Creator @ Tiberium. I see GAN people.
RagnarökOps @Nimrodinger1
124 Followers 947 Following
Pat Mayer @pat_mayer
340 Followers 2K Following Digital forensic and incident response professional, HTCIA Member Ottawa chapter / Opinions = Mine, #dfir
Patrick @patrickst_john
42 Followers 1K Following
jungman @notajungman
743 Followers 4K Following undefined, and any attempt would be ill advised and unrefined.
J⩜⃝mie Williams @jamieantisocial
10K Followers 7K Following threats && stuff || #UNC1799 forever 🤘|| @DistrictHeather ♥️ + 🍷 **𝚅𝚒𝚎𝚠𝚜 𝚎𝚡𝚙𝚛𝚎𝚜𝚜𝚎𝚍 𝚊𝚛𝚎 𝚖𝚈 օ𝚠𝚗**
Michael Koczwara @MichalKoczwara
23K Followers 2K Following Threat Researcher/Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/VQWaze6gaF
GangExposed RU @GangExposed_RU
2K Followers 69 Following Cybercrime investigator | Exclusive leaks on $10M bounty targets
ZachXBT @zachxbt
905K Followers 2K Following Scam survivor turned 2D investigator | Advisor @paradigm
Visegrád 24 @visegrad24
1.4M Followers 2K Following Aggregating and curating news, politics and current affairs.
Baptiste Robert @fs0c131y
257K Followers 5K Following CEO @PredictaLabOff | French Security Researcher, Ethical Hacking, OSINT
Volodymyr Zelenskyy /... @ZelenskyyUa
8.2M Followers 1 Following President of Ukraine / Президент України
OpenSecurityTraining2 @OpenSecTraining
9K Followers 17 Following 501(c)3 Nonprofit providing Open Source and Open Access computer security training material. #OST2 re-launched July 2021! [email protected]
Thomas Rid @RidT
52K Followers 182 Following Author of ACTIVE MEASURES, RISE OF THE MACHINES, CYBER WAR WILL NOT TAKE PLACE, "Attributing Cyber Attacks," more. Johns Hopkins, Alperovitch Institute.
Andrew Fox @Mr_Andrew_Fox
126K Followers 6K Following Former airborne army officer. Now a researcher. I go to war zones and write about them. X is for jokes & hot takes. For serious thinking, follow me on Substack.
Andrew Rathbun @bunsofwrath12
3K Followers 706 Following Husband, Father, #DFIR @ Unit 42, Digital Forensics Discord Admin, AboutDFIR Contributor, Author, #USMC Veteran, Former LE, NHL Fan, Dark Mode, Animals, Music
I am Jakoby @I_Am_Jakoby
21K Followers 1K Following Powershell Hacker LOLbin specialist Sniper, skydiver wannabe super spy
Michael Sentonas @MichaelSentonas
2K Followers 176 Following President @ CrowdStrike. All opinions expressed are my own.
George Kurtz @George_Kurtz
46K Followers 460 Following President & CEO CrowdStrike, Former CEO of Foundstone, Former CTO of McAfee, and author of Hacking Exposed
Charlie @charliek65
986 Followers 1K Following Principal Analyst @StripeOLT / Ex-MSFT + CRWD / Caffeine Enthusiast / Hack The Box Ambassador & UK Meetup Lead / @BSidesChelt Committee Director
1aN0rmus @TekDefense
4K Followers 1K Following CTO at @permisosecurity Alum: @Mandiant, https://t.co/kqlvYwe86k, USMC
Matthew Green is on B... @matthew_d_green
150K Followers 1K Following I teach cryptography at Johns Hopkins. Mostly on BlueSky these days at https://t.co/GI4QlxZr2S.
Allan “Ransomware S... @uuallan
17K Followers 6K Following Back The Press Guardian & The Clock:1942 https://t.co/liXLX2DeQ8
Shanni @Enigma_Rosa
422 Followers 3K Following An amalgamation of things which interest and humor me. My views do not reflect those of my employer. she/her
PiQ @PiQSuite
125K Followers 7K Following Go To @PiQNewswire For 24/7 Breaking News • Check Out https://t.co/VmD0voJnlH • Partnered With @PepperstoneFX - A Better Way To Trade → https://t.co/tZJHixSi2F
J. Burns Koven @JBurnsKoven
1K Followers 807 Following CTI @Chainalysis | Former intel officer | Views are my own
Chetan Nayak (Brute R... @NinjaParanoid
31K Followers 0 Following Founder Dark Vortex/Brute Ratel | Former RedTeam @CrowdStrike @Mandiant @niiconsulting
X-Ways Forensics Prac... @XWaysGuide
5K Followers 7 Following There is no better reference for X-Ways Forensics practitioners than this guide. #DFIR #xwaysforensics
Magnet Forensics @MagnetForensics
17K Followers 998 Following Official Twitter feed for Magnet Forensics, a global leader in solutions for digital investigations since 2009.
Counter Hack @CounterHackSec
2K Followers 32 Following The official Twitter handle for Counter Hack’s pen test and cybersecurity consulting team. | Producers of #holidayhack and @kringlecon
BSI @BSI_Bund
49K Followers 394 Following Bundesamt für Sicherheit in der Informationstechnik | https://t.co/8Q82mhx69T | https://t.co/G4UCkM2Xdz
SECurityTr8Ker @SECurityTr8Ker
4K Followers 5 Following I used to monitor the SEC's RSS feed for 8-K filings disclosing cybersecurity incidents. Last review: 2025-08-04 10:15 ET
Jason Lang @curi0usJack
16K Followers 200 Following @TrustedSec Red Team lead | Hi-Fidelity trolling | Privacy Enthusiast | Putting the "no" in nano | Avatar: https://t.co/3XHmKR8nCk
NirSoft @nirsoft
3K Followers 0 Following
Arsenal Recon @ArsenalRecon
3K Followers 1K Following Developers of digital forensics weapons which include Arsenal Image Mounter, Hibernation Recon, LevelDB Recon, HBIN Recon, & Registry Recon. Arm Yourself! #DFIR
Kristinn Gudjonsson @el_killerdwarf
803 Followers 190 Following Probably best known for once being one of the few active volcano tamers in the Bay Area. (now I'm just one of many on my remote non-tropical volcanic island)
SSSCIP Ukraine @SSSCIP
13K Followers 393 Following State Service of Special Communications and Information Protection of Ukraine | Державна служба спеціального зв’язку та захисту інформації України 🇺🇦
Joe Hannon @JoeHannon52
519 Followers 1K Following Security researcher @ MSTIC, Microsoft https://t.co/8IO8nzNnAQ
Jen Gentleman 🌺 @JenMsft
94K Followers 231 Following I work on the Windows engineering team at Microsoft and help with feedback for Start menu, Settings, taskbar, input + more
Amnesty Tech @AmnestyTech
25K Followers 366 Following Amnesty International - Tech. We are a global collective of advocates, campaigners, hackers, researchers & technologists defending our rights in a digital age.
Andrew Northern 𓅓 @ex_raritas
5K Followers 1K Following 🔮 Senior Threat Researcher at @proofpoint 🔮 | Knowledge Piñata 🪅 | Attack Chain Connoisseur | Epicurean
Aleks @iiamaleks
709 Followers 116 Following Lifelong Student of Information Security | Contributor to @TheDFIRReport
Binary Defense @Binary_Defense
13K Followers 492 Following We're determined to make the world a safer place through our-industry recognized managed security services. Founded by @HackingDave|Sister company @TrustedSec
Frank McGovern - INAC... @FrankMcG
16K Followers 220 Following No longer active. Find me on LinkedIn and https://t.co/sNKTRQOIWi. Follow @BlueTeamCon. See pinned post. See you around. Touch grass. Be empathetic.
Interrupt Labs @InterruptLabs
3K Followers 86 Following We’re here to provide world-leading vulnerability research and research capabilities. From browsers, mobile, automotive and everything in between.
Is Now on VT! @Now_on_VT
4K Followers 788 Following Stay ahead of cyber threats. Get real-time alerts on notable APT/FIN/ORB indicators from VirusTotal. A threat intel project by @craiu.
Jersey Cyber Security... @CERTJersey
457 Followers 223 Following We work to prepare, protect and defend the island against cyber threats.
Paul (DEFENDER) @Threatzman
2K Followers 392 Following Infosec techie, product manager (PM) for Microsoft Defender for Endpoint. Lead author for https://t.co/7KA8PZ12oU - my opinions are my own. [email protected]
OSINTdefender @sentdefender
1.5M Followers 1K Following Open Source Intelligence Monitor focused on Europe and Conflicts across the World. RT ≠ Endorsement. Want to Support my Work? https://t.co/PcUbewvWPr
ᴍɪᴄʜᴀʟɪs �... @Cyb3rMik3
4K Followers 3K Following SecOps, DFIR & CTI 🛡 | Microsoft Security #MVP, #KQL Threat Hunting 🏹 | Father 👭/Hasbund 👫/🍷&⌚️ enthousiast/Explorer ✈️ | Views my own.
Amazon Web Services @awscloud
2.2M Followers 425 Following The official account for Amazon Web Services (AWS). For help, contact: @AWSSupport.
Trends for United States
You might like
