EncapsulateJay @EncapsulateJ
SOC Analyst @HuntressLabs Volunteer @TheDFIRReport Joined February 2021-
Tweets144
-
Followers191
-
Following458
-
Likes2K
I worked with @RussianPanda9xx and @TheDFIRReport to investigate and publish this flash alert. The trojanized payloads (disguised as legitimate tools like Greenshot, SyncTrayzor, DocFX, and Cake) established primary C2 channels through ClickHouse and Supabase, with secondary backup channels capable of dynamically falling back to Ably, Dropbox, direct HTTP, or even GitHub Issues. This campaign ultimately delivered The Gentleman Ransomware, with aggressive data exfiltration via Rclone and lateral movement using GoTo Resolve RMM. Read the flash report below ⬇️ #dfir #tuktukc2 #etherRAT
Flash Alert: EtherRat and TukTuk C2 End in The Gentleman Ransomware In April, we observed an intrusion that began with a malicious MSI masquerading as Sysinternals RAMMap and ended in domain-wide deployment of The Gentlemen ransomware. The intrusion featured EtherRAT,
Inspired by @Antonlovesdnb #ClaudeForBlueTeam, I wanted to use Claude for something productive & helpful, I decided to make Web extension that blocks clickfix, replaces clipboard content and alerts the user. joshallman.co.uk/posts/shipping… github.com/xorjosh/ClipSh…
Most SOC reports and write-ups are punchy, to-the-point, polished reports. After all, every investigation (regardless of vertical) starts out as a chaotic mix of different threads that we corral into order like a tired sheepdog dreaming of making it as an internet meme and retiring on the royalties. Unfortunately, these polished reports don't capture how we actually form our suspicions, the pivots, the dead ends, the moment it all starts to make some semblance of sense. If you've ever wondered what that process actually looks like, I've spun up a blog series that breaks down real MDR incidents to capture what it's like riding the investigation roller-coaster, so those new to the industry can see how we progress from start to end within the context of a SOC investigation. Please enjoy this breakdown of a threat actor's attempt to enumerate and pivot further into the victim's environment — made with 100% organic human analyst tears! jevonang.com/Investigations…
DFIR analysts who use macOS as their daily driver deserve free and native forensic tooling. So I built one. 🍎 Introducing 𝗜𝗥𝗙𝗹𝗼𝘄 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 — a timeline analysis app built from the ground up for Mac-based DFIR folks, forensic investigators, or SOC analysts. Built in appreciation of, and inspired by, Eric Zimmerman’s Timeline Explorer. Every feature in this tool was shaped by real IR casework. Handling massive timelines, parsing artifacts here and there, and pivoting across logs during active investigations. I built IRFlow Timeline to be the native macOS timeline analyzer that actually keeps up with a live case. Every button and view is intentional; if it’s in the app, it’s because I needed it mid-case and realized the standard tools fell short. No dependencies. Zero setup. Just drag, drop, and analyze. #dfir #incidentresponse #timeline #macos #threathunitng #digitalforensics
Really great report here from @malforsec, @lapadrino, and @PeteO @TheDFIRReport . Even easier on the eye with the site's new facelift, give it a read 🔥thedfirreport.com/2026/02/23/apa…
@Kostastsale Wishing you all the success In the world with this venture mate! No doubt it will be a high quality resource!
@TheDFIRReport crew have gone and done it again. Really interesting report here. Sneaky exposed RDP port lead to full blown ransomware. Great work @Friffnz @MittenSec
🐈 Cat’s Got Your Files: Lynx Ransomware 🎉New report out by @Friffnz, Daniel Casenove & @MittenSec!🎉 Attackers used stolen creds to access RDP, quickly pivoted to a DC with a second compromised admin, created impersonation accounts, mapped the environment, and more.
@Friffnz @SecBlueTeam Telling you, man, your handle should be Baba Yaga. Those who know know 🤣
@TheDFIRReport dropped the full report related to the CTF event that was held over the weekend. @RussianPanda9xx smashed it on this one 💣 thedfirreport.com/2025/09/29/fro…
Cheers to @TheDFIRReport team for all the guidance and mentorship. This was a really interesting case to work!
🌟New report out today!🌟 Blurring the Lines: Intrusion Shows Connection With Three Major Ransomware Gangs Analysis and reporting completed by @r3nzsec, @EncapsulateJ, @rkonicekr, & Adam Rowe Audio: Available on Spotify, Apple, YouTube and more! Report:⬇️
ClickFix just got clever-ditched Win+R for Win+X (Power User Menu) ⚠️ New variant drops Lumma after Defender exclusion: - Prompts for elevation till user accept - Add defender exclusion on %temp% - Drops & runs Lumma Multiple Sigma rules fired 💥 Process Tree👇
There's pretty much never been a better time to start learning or get hands on blue team experience through labs. The availability and quality of labs being released today compared to 4 years ago is night and day. Training providers like Xintra are paving the way for the future!
NEW LAB: Scattered Spider (UNC3944) 🕷️🕸️ Scattered Spider hits indie studio AB Projekt Blue, deploying ransomware and stealing unreleased game code. Test your skills on: 👀 Social Engineering & MFA Fatigue 👀 Credential Theft via OST Files 👀 Bring Your Own Vulnerable Driver
If you’re running an SSLVPN (SonicWall, Fortigate, etc.) and not retaining those logs, you’re setting yourself up for disaster. It's not uncommon to see sub-10 minute slices of activity in the totality of exported logs; which is next to useless.
🚨 Case from @HuntressLabs 🔎 Cephalus seen side loading DLL 'SentinelAgentCore.dll' into legitimate 'SentinelBrowserNativeHost.exe' for ransomware execution ✏️ File extension for encrypted files - '.sss'
🚨 Search for software, end up getting ransomware! SEO-driven #Bumblebee malware campaigns observed throughout July led to domain compromise, data theft & #Akira ransomware. Tools included #AdaptixC2 & #Netscan. thedfirreport.com/2025/08/05/fro…
Anton bringing the heat as always!
Got a new @HuntressLabs blog out today taking a look at some intrusion analysis methodology with practical examples - check it out! huntress.com/blog/intrusion…
@SecurityAura 100% something as simple as an org implementing a standardised naming convention for all workstations and servers ahead of time can help detect anomalies super quick during an IR engagement.
Proud to work alongside these two 🔥 Congrats to you both!
Congratulations to @RussianPanda9xx & @polygonben for having talks accepted at #defcon33! Follow these folks and if you're headed to @defcon put it on you to-do list to be in attendance!
Best case scenario: send the VPN logs to a SIEM solution for safekeeping. VPN compromises are on the rise, and this will save you a lot of heartache in the heat of an incident.
If not, some awkward conversations need to be had........
If your organisation uses a third-party managed IT provider, and said IT provider says you have a shiny VPN with logging enabled. Please challenge the provider to prove that the VPN logs are configured correctly. A trusted IT partner will be happy to do this.
NetNuggets @net_nuggets
19 Followers 201 Following Cybersecurity focused | 🚨 Sharing latest threats & vulnerabilities | 🧠 Breaking down cyber attacks into simple, actionable insights
Isak Haukeland @IsakH
194 Followers 777 Following Hverken skribent, humorist, eller politiker. Hva gjør jeg på Twitter?
Nancy H @raci1989k
8 Followers 758 Following soft spoken but my notifications scream 📱 follow back always
Favour Plus @FavourPlusdwlo
44 Followers 639 Following
Akindji Beyi @beyhuvx2siq
2 Followers 87 Following Adversary Threat Intelligence • Cybercrime Disruptor • Silent in noise, lethal in shadow.
kdrakts @haileynino49
7 Followers 1K Following
jafise @jafisex
2 Followers 251 Following
Ryan @Chick3nHawk01
843 Followers 3K Following Threat Intelligence @NCCGroupplc | Ex Org @bsidesncl | ThreatIntel | Views are my own
Gandalf The Blockchai... @LucaBlockChain
11 Followers 507 Following
Upieawnex @Upieawnex8178
8 Followers 258 Following
Hosam ⚔️ @looEyes
248 Followers 617 Following Si vis pacem, para bellum | Security Oops Center Transformer | My entropy, not corporate RNG | Part Human
Khalid Ait Oufkir @0xnat5u
0 Followers 25 Following
intelQC @intel_qc
0 Followers 187 Following
Nyzox @Nyz0x
6 Followers 304 Following
Burke Tanner @TheNameIsBurke
474 Followers 5K Following #cybersecurity #aerospace #infosec #edu #DIY | community: @L0nelyH4ckers
0xEBFB @0xEBFB
0 Followers 292 Following
Tsof @tsof_relox
59 Followers 403 Following 5ß9f43l9x Threat Researcher | Threat Hunter | APT, Malware Addicts | DFIR #ThreatHunter #ThreatHunting
Fusion Intelligence C... @stealthmole_int
125K Followers 11K Following StealthMole : #Criminal #Intelligence #Profiling #Investigation Platform, #OSINT #DarkWeb #DeepWeb #Leaked #DataBreach #Terror #Drugs #Cryptoassets #Ransomware
RedRedRed @LastRedredred
12 Followers 700 Following
Eyal Sela @eyalsela
2K Followers 414 Following Director of Threat Intelligence at Gambit Security. Signal: eyalsela.10 , Keybase: eyals
anvegue @anvegue
43 Followers 2K Following
Yuu @sumaka0322
0 Followers 964 Following
EmpSel @EmperorSelassi1
143 Followers 4K Following 01001001 01101110 01100110 01101111 00100000 01010011 01100101 01100011
Karan Tank @thekarantank
14 Followers 411 Following
Karan Tank @515332ac07cd42a
7 Followers 206 Following
AprilJohnstone @Adr5nDw4F6t9IG4
37 Followers 1K Following
Silvio Marín @MarlinsonCano
17 Followers 450 Following
RussianPanda 🐼 �... @RussianPanda9xx
19K Followers 595 Following badass @HuntressLabs | Researcher @ https://t.co/vqtwIGbXlW | Malware Addict | Volunteer @TheDFIRReport | YouTube: https://t.co/N8bPp4P37z
Friff @Friffnz
315 Followers 207 Following Kiwi 🇳🇿 DFIR Analyst Top 10 @BlueLabsOnline Volunteer Analyst @TheDFIRReport
cheesyquesadilla @quesadilla_exe
934 Followers 4K Following BS/MS in Computer Science. Still a member of the permanent underclass.
CTIN @CTIN_Global
2K Followers 5K Following Aggregating CTIN sources with real-time posts on threats | #OSINT #Analytics #ThreatIntel #CyberSecurity - #Human - See also: https://t.co/VsAQaHL3Q0
shuz Law @ubzaro
0 Followers 46 Following
Dick Svensson @xj220
321 Followers 1K Following A techguy from Sweden. Messing both with BSD/Linux and plenty of MS software.
Abdul Majeed @abdulmajeedx96
22 Followers 1K Following
Zach @svch0st
4K Followers 1K Following Everything DFIR @TheDFIRReport | @CuratedIntel | @XintraOrg https://t.co/ggakuKBS0S
Jin-Yeop Seung @JinYeopSeung1
1 Followers 114 Following
Kiera Diss @KieraDiss
61K Followers 2K Following Activist. Patriot. Parent. Migrant Hotels UK @X Community #EnoughIsEnough
Tony Lane 🇺🇸 @TonyLaneNV
126K Followers 54K Following Independent Commentary on Breaking News · Politics · Culture · Crime · World Events | All views are my own | Entertainment & informational purposes only | LV
Daft.ie @daftmedia
11K Followers 596 Following Find your way home. Smarter property search starts here.
[email protected]... @rpargman
4K Followers 5K Following Слава Україні! Most important job: being Dad; I also love to help people deny attackers the opportunity to break and steal all the things. Pronouns: He/him
Olaf Hartong @olafhartong
17K Followers 980 Following @FalconForceTeam | researcher with a camera | Microsoft MVP | Snow man role model
Ridgeline Cyber @RidgelineCyber
1K Followers 47 Following Build production-ready detection pipelines and capabilities, defensible GRC and secure engineering architectures.
Andrew Northern 𓅓 @ex_raritas
5K Followers 1K Following 🔮 Principal Researcher at Censys ARC 🔮 | formerly Proofpoint | Knowledge Piñata 🪅 | Attack Chain Connoisseur | Aspiring Stoic
BeyondTrust Phantom L... @btphantomlabs
234 Followers 44 Following Phantom Labs™ is driving innovation with cutting-edge threat research, vulnerability discovery, and real-world security insights.
Aaron Jornet @RexorVc0
5K Followers 403 Following Threat Researcher at @socradar | Malware Researcher | Threat Hunter | CTI ¦ Former @ElevenPaths @Panda_Security 📖Book: https://t.co/ZmIUPBuNKG
Alvaro Cintas @dr_cintas
130K Followers 190 Following Educating about AI, Cybersecurity and Technology | Professor | PhD in Computer Science & Engineering
watchTowr @watchtowrcyber
12K Followers 12 Following watchTowr enables organizations to get ahead of in-the-wild exploitation with Preemptive Exposure Management technology.
Mr. Ali @mr_ali_dude
70K Followers 1K Following I may be disabled, but I’m unstoppable 🔥 | Follow my journey & support❤️
Thomas Roccia 🤘 @fr0gger_
35K Followers 2K Following AI Security x Threat Intel · Threat Researcher · Creator of #Unprotect & #NOVA · Malware Warlock · Python 🧡 · Prev @Microsoft @McAfee_Labs
Threat Hunting Labs @ThruntingLabs
2K Followers 1 Following Train on raw telemetry from actual breaches. Investigate malware and reconstruct the kill chain from process creation to exfiltration and beyond.
Empiric Security @EmpiricSecurity
65 Followers 1 Following
Reverse Engineering a... @re_and_more
17K Followers 515 Following RE and More by Alexey Kleymenov (https://t.co/s1pWjL46AW). Private classes and group workshops in malware analysis and reverse engineering. #infosec #malware
IntelOps @IntelOpsV3
6K Followers 58 Following The internet holds vast secrets for those who know how to look A darkweb forum for security researchers
CronUp Ciberseguridad @Cronup_CyberSec
4K Followers 203 Following Empresa 🇨🇱 de Ciberseguridad | 🚨 Alerta Temprana de Riesgos | 📡 Monitoreo Continuo de Ciberamenazas | 🎯 Ethical Hacking Profesional | 🛡 Ciberinteligencia
Resecurity® @RESecurity
7K Followers 1K Following We provide technology that empowers organizations to reimagine their security & protect what matters #SaaS #RiskManagement #CyberThreatIntelligence
Friff @Friffnz
315 Followers 207 Following Kiwi 🇳🇿 DFIR Analyst Top 10 @BlueLabsOnline Volunteer Analyst @TheDFIRReport
Three Ireland Care @ThreeCare
35K Followers 4K Following We're online to help: Mon to Fri: 9am-7pm. Sat and Bank Holidays: 10am - 6pm. Closed Sundays. https://t.co/MBlyJRDdgD https://t.co/XjxYd8khpW
Raashid Bhat @raashidbhatt
2K Followers 270 Following Building Cool CyberSecurity "Stuff" - @malwareid_
Karsten Hahn @struppigel
26K Followers 783 Following MalwareAnalysisForHedgehogs, Principal Malware Researcher at GDATA, he/him 🦔🌈🏳️⚧️
James Northey @darkrym11
234 Followers 100 Following SOC Analyst @HuntressLabs | Malware junkie | AI Glazer - Always curious, always learning!
Silas Cutler (p1nk) @silascutler
14K Followers 2K Following You may know me from your logs Principal Security Researcher @Censysio #Threats / #CTI / #Malware / #Hacking
Ayush Anand @Securityinbits
2K Followers 317 Following Detection engineering, threat hunting, malware analysis. One defender bit at a time.
Shina Mashiro @ShiinaaM
388 Followers 4K Following
BobDaHacker 🏳️�... @BobDaHacker
1K Followers 488 Following 20, Can we hack it?? Yes we can!!! 😎😎😎 Hey Im BobDaHacker, reformed WinRAR trial abuser and Ethical Hacker. Thx 4 coming to my ted talk
MyDFIR @MyDFIR
4K Followers 151 Following I run a community showing you how to build practical hands-on skills to become a Cybersecurity SOC analyst. 👇
Malfors @MalforsHQ
988 Followers 63 Following Making an investigation platform the right way. Used & loved by threat intel, SOC, and OSINT analysts at leading cybersecurity companies.
Curated Intelligence @CuratedIntel
14K Followers 105 Following Bringing together intelligence researchers and incident responders. #TrackThePlanet
@𝖉𝖚𝖘𝖙𝖗... @dustrial
6K Followers 3K Following Ctrl. Alt. Design. 💿 Art, Fashion, Glitch, Visuals, Code - https://t.co/PmdevVo6AF // https://t.co/EsAzS0EFuZ // https://t.co/Eg0SIodSWV
GangExposed RU @GangExposed_RU
7K Followers 89 Following Cybercrime investigator | Exclusive leaks on $10M bounty targets
Evil Rabbit Security ... @EvilRabbitSec
5K Followers 782 Following here, queer I don't like beer, I'm hunting pedos so come join me we're all inclusive here. I hate corporate greed but it's pride month so imma join in.
Chris Duggan @TLP_R3D
7K Followers 3K Following Full-Time Explorer | MDS Legendary Finisher | Ultra Endurance | From Cyber Intel to the Desert | Author- The Intent Model
Ollie Whitehouse @ollieatnowhere
6K Followers 1K Following CTO @NCSC Former: PortSwigger, Interrupt Labs, NCC Group, BlackBerry, Symantec and AtstakeTrends for United States
You might like
