Ryan Hausknecht @Haus3c
Principal Lead Researcher @TrustOnCloud hausec.com Charlotte, NC Joined November 2015-
Tweets1K
-
Followers7K
-
Following386
-
Likes3K
While working at Microsoft, it was somewhat frowned upon to call the baby (Azure logs) ugly. But now I get to call it like it is, so I wrote about trying to make the most out of basically nothing trustoncloud.com/an-attempt-at-…
This is quite frustrating. When viewing managed identity sign in logs via portal, the time stamp differs from Log Analytics. Por que? This fucks with some detection logic I have :(. I know one is in UTC time, but specifically the minute & seconds shouldn't be different.
As a follow up on this thread, we have a new @NetSPI blog out today that explains how we were able to get the App Registration certificates for Managed Identities that were attached to Linux Function App containers. netspi.com/blog/technical…
As a follow up on this thread, we have a new @NetSPI blog out today that explains how we were able to get the App Registration certificates for Managed Identities that were attached to Linux Function App containers. netspi.com/blog/technical…
Just gave #AzureHound a new try and found a #privesc in no time! 🤯 Having done that manually for years now, I have to admit it's never been easier to find priv escs in Azure, thanks to @Haus3c, @_wald0, @CptJesus and certainly others @SpecterOps. Thank you for the amazing work!
With Microsoft #Graph Activity Log now in public preview let's talk about reconnaissance detection. 📢In my latest blog post I dive deep into the logs and show how you can detect tools like #bloodhound and #PurpleKnight using this new log source. cloudbrothers.info/en/detect-thre…
It's been a long time coming, but JonMon is finally here. This has been something I have worked on for a while. I hope the community enjoys it and I am happy to hear any feedback anyone has! Slides can be found: github.com/jsecurity101/P… GitHub: github.com/jsecurity101/J…
Evading EDR, by Matt Hand, gives an inside look look at how Endpoint Detection & Response agents pinpoint adversary activity. Learn the ways each sensor component collects data, how to design an EDR, & how to evade one. Pre-order at 30% off w/ code GOTCHA: nostarch.com/evading-edr
Excited to release 🚀BadZure, a tool that automates the population of Azure AD tenants, introducing misconfigurations and attack paths. 📺youtu.be/7IdyU7tQgww 🔗github.com/mvelazc0/BadZu… #RedTeams, here's your chance to practice your cloud tradecraft. #BlueTeams, test and…
The final official entry on our list of #cloud #pentesting tools we recommend is PowerZure by @Haus3c. Use this #cloudsecurity tool to perform reconnaissance and post-exploitation. Check out our list for bonus picks as well. What did we miss? Let us know! bfx.social/43iMITA
@Haus3c's work on the Azure Threat Research Matrix provides an excellent resource for those trying to move beyond abnormal logons when it comes to detecting malicious activity in Azure. 🔗 microsoft.github.io/Azure-Threat-R…
Florian Roth @cyb3rops
180K Followers 2K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇Justin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsDr. Nestori Syynimaa @DrAzureAD
17K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)Dave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeJohn Hammond @_JohnHammond
240K Followers 2K Following Hacker. Cybersecurity Researcher @HuntressLabs || https://t.co/qUeDM3lSClDirk-jan @_dirkjan
25K Followers 174 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.mRr3b00t @UK_Daniel_Card
93K Followers 7K Following 真理的揭露者 Quis custodiet ipsos custodes fella in cyberspace #nafo undercover #FVEY Lovely Horse #fella #meme #farm #appreciator #cyber #specialistDebugPrivilege @DebugPrivilege
37K Followers 2K Following Security “Researcher” | Former Microsoft MVP | All Tweets are my opinions and thoughts. Interested in Security, Debugging, and Troubleshooting.rootsecdev @rootsecdev
24K Followers 1K Following Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.Josh @passthehashbrwn
8K Followers 344 Following Adversarial Simulation at IBM, tweets are mine etc.n00py @n00py1
13K Followers 956 Following Retweeter of InfoSec/Offsec/Pentest/Red Team. Occasional blogger/Independent security research. [email protected] on Mastodogemgeeky | Mariusz Bana.. @mariuszbit
11K Followers 611 Following 🔴 Red Team operator, ex-MWR/F-Secure pentester, ex-AV engine developer @ESET, green tea addict. 🫖 @[email protected]sn🥶vvcr💥sh @snovvcrash
10K Followers 441 Following Sr. Penetration Tester / Red Team Operator @ptswarm :: Author of Pentester’s Promiscuous Notebook (https://t.co/rL1sv5A2R7) :: He/him :: Tweets’re my pwn 🐣klez @KlezVirus
6K Followers 669 Following Principal Cyber Security Consultant at Digital Trust Consulting Services, BSI - Opinions are my ownMehmet Ergene @Cyb3rMonk
11K Followers 421 Following 👉 Learn #KQL for #ThreatHunting, #DetectionEngineering, and #DFIR at https://t.co/uAlYlXIpyV - Founder @BluRavenSec | Microsoft Security MVP | #DataSciencean0n @an0n_r0
11K Followers 716 Following CRT(E|O|L) | OSCP | @RingZer0_CTF 1st (for 2yrs) | HackTheBox Top10 | RPISEC MBE | Flare-On completer | GoogleCTF writeup winner | SSD research | Math MSc |🇭🇺bohops @bohops
13K Followers 454 Following Full StackOverflow Developer | Security Researcher | Red/PurpleDarren Acrey @derwood
80 Followers 746 Following Security Analyst. Hubby and Daddy-O. Tasty beer drinker. Lover of the outdoorsIllusion31 @Keshavan3107
2 Followers 2K Following Security Enthusiast | Bug Hunter | VAPT | Pentest | Red TeamingJohn Breth (JB) | Cyb.. @JBizzle703
26K Followers 713 Following Founder (@jbc_sec) | IT/Cyber Architect | Author ▶️ https://t.co/tQe0lylvuo Maine born | CyberSec Pitbull USAF UMUC JHU #AWSCommunityBuilder #CiscoChampionshrish varma @shrish_varma
2 Followers 130 FollowingColinator @colinatorrrr
15 Followers 149 FollowingClaus Cramon Houmann @ClausHoumann
4K Followers 948 Following Infosec Curator/Librarian. Fella and @iamthecavalry Father and Husband. Opinions are mine alone and do not represent my employer.Taulant Lushaj @TaulantL
13 Followers 131 Following we are all in the same game, just different levels.Nkulee Lincoln. ✨ @RainAngel19
651 Followers 2K Following cyber security enthusiast , software developer. entreprenershiphorus07 @horus0707
6 Followers 70 Following@tawanan90000 @tawanan90000
26 Followers 1K Followingskrappy0x4a @skrappy0x4a
246 Followers 1K Following Head of SecOps | War Vet | Not Popular/Cool | Learning Russian 1 incident at a time | 🏍🦑 | BJJ ◧◧◧Shawn @anthemtotheego
2K Followers 245 Following adversary simulation @ x-force red | offensive engineering lead | implant dev | work in progress | thoughts my own | https://t.co/eNspx7jLvmaimen aimen @aimen3991
15 Followers 617 FollowingSageCryptoo @SageCryptoo
238 Followers 126 Following Crypto Sage | Guiding Investors to Profits 📈 | Your Source for Latest News, Insights, and Investment Calls 💎 | Let's navigate the Crypto Seas Together!Owner @Owner_MMI
141 Followers 144 FollowingKhaled Esheh @KhaledEsheh
60 Followers 2K FollowingElvis - Cybersecurity @elviscybersec
33 Followers 593 Following Cybersecurity, Cyber Threat Intelligence Manager / Pen Testing / Web Security / Internet Governance / Domain Registry System Engineering Lead⁷РіИᶻ @_RaVeN33
114 Followers 354 Following ᴜɴɪᴠ. ᴏꜰ ʜᴀᴄᴋᴇʀꜱ-ᴀʀɪꜱᴇ ᴹᵒᵈ @ https://t.co/WlhqyNSVt1 𝚃𝚑𝚎 𝙿𝙰𝚂𝚂𝙸𝙾𝙽 𝚒𝚜 𝙿𝙾𝚆𝙴𝚁𝙸𝙽𝙶 "𝔘𝔫𝔩𝔢𝔞𝔰𝔥 𝔜𝔬𝔲𝔯 𝔓𝔬𝔱𝔢𝔫𝔱𝔦𝔞𝔩"José Cachapa @JoseCachapa
29 Followers 374 Following Security Consultant | Azure Cloud Engineer ☁| Microsoft 365 | MCTArjun Aryal @arjunaryal73
114 Followers 107 FollowingJonny Dolphin @Jonnydolphin1
60 Followers 83 Following CEO @ Dolphin Dynamics Not just good, but extraordinary renditionLennart @pssvdrctry
119 Followers 426 Following Systemengineer gone InfoSec w/ @ERNW_ITSec. Everything I say is just my opinion. #Powershell #ActiveDirectory #Azure @[email protected]Carlos Costa @MisterHuffles
24 Followers 626 Following057-Veera Vastav Gudi.. @Veeravastav
22 Followers 129 Followingok @iwillnotskip
0 Followers 14 FollowingRaj prasad @Rajpras77342181
6 Followers 186 FollowingIBRAHIM SULAIMAN @PenCo_Writes
1K Followers 3K Following An Ahmadi Muslim. Cybersecurity. A Poet. A Writer. A Speaker. Ethical Hacking. Taekwondo 🥋 Agbafianlalilulelo @lalilulelo503
4 Followers 12 FollowingAlexander Jacobsen @Alex1_98
21 Followers 123 FollowingRahul Borana @rahulborana2003
10 Followers 244 FollowingBrandon @BranGonzo
15 Followers 66 Following Make Security Possible Nothing changes if nothing changes. “Knowing is not enough; we must apply. Willing is not enough; we must do.” - Johann GoetheElevate Cyber @ElevateCyber
247 Followers 149 FollowingChen Shiri @ChenShiri73
68 Followers 188 Following Security Researcher, Hacker | Interested in Low level security, Cloud & Microservices | Engineer #AttackingAI #Cryptography #Robotics #BlockchainMarc André Tanner @marcandretanner
66 Followers 423 Following Information Security, Systems Programming, Text Editors, ...L3g1oN @NL3g1o
39 Followers 433 Followingwodedianyou @wodedianyou
26 Followers 268 FollowingJustin Elze @HackingLZ
52K Followers 5K Following Hacker/CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race carsFlorian Hansemann @CyberWarship
75K Followers 47 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98MDr. Nestori Syynimaa @DrAzureAD
17K Followers 2K Following Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK). And yes, opinions are my own ;)ippsec @ippsec
111K Followers 350 FollowingDave Kennedy @HackingDave
207K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better placeJohn Hammond @_JohnHammond
240K Followers 2K Following Hacker. Cybersecurity Researcher @HuntressLabs || https://t.co/qUeDM3lSClMike Felch (Stay Read.. @ustayready
15K Followers 2K Following Pentester / Red Team | Hacking since Renegade BBS backdoors | Dev since vb3 | Content since '99-'03 ezines | Prior CrowdStrike / BHIS | In Christ's gripDirk-jan @_dirkjan
25K Followers 174 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.mRr3b00t @UK_Daniel_Card
93K Followers 7K Following 真理的揭露者 Quis custodiet ipsos custodes fella in cyberspace #nafo undercover #FVEY Lovely Horse #fella #meme #farm #appreciator #cyber #specialistDebugPrivilege @DebugPrivilege
37K Followers 2K Following Security “Researcher” | Former Microsoft MVP | All Tweets are my opinions and thoughts. Interested in Security, Debugging, and Troubleshooting.rootsecdev @rootsecdev
24K Followers 1K Following Security Consultant @TrustedSec | Military grade meme poster, researcher, cloud penetration tester, voider of warranties. My thoughts are my own.Josh @passthehashbrwn
8K Followers 344 Following Adversarial Simulation at IBM, tweets are mine etc.n00py @n00py1
13K Followers 956 Following Retweeter of InfoSec/Offsec/Pentest/Red Team. Occasional blogger/Independent security research. [email protected] on MastodogeDirectoryRanger @DirectoryRanger
31K Followers 100 Following This account assembles and disseminates information related to Active Directory and Windows security.b33f | 🇺🇦✊ @FuzzySec
32K Followers 844 Following 意志 / Antiquarian @ IBM Adversary Services / Ex-TORE ⚔️🦅 / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabsMarcello @byt3bl33d3r
29K Followers 531 Following CyBeRsEcUrItY | Not afraid to put down with some THICC malware on disk | securing and breaking AI @ProtectAICorp | Ex @spacexMehmet Ergene @Cyb3rMonk
11K Followers 421 Following 👉 Learn #KQL for #ThreatHunting, #DetectionEngineering, and #DFIR at https://t.co/uAlYlXIpyV - Founder @BluRavenSec | Microsoft Security MVP | #DataScienceClaus Cramon Houmann @ClausHoumann
4K Followers 948 Following Infosec Curator/Librarian. Fella and @iamthecavalry Father and Husband. Opinions are mine alone and do not represent my employer.LuemmelSec @theluemmel
6K Followers 487 Following I speak BloodHound. Husband, Father, IT-Guy, Security-Noob Blog: https://t.co/PXB35KEqs6 GitHub: https://t.co/Unp9jZOpBnTom Aspinall @AspinallMMA
71K Followers 23 Following @UFC heavyweight / @gymking_ athlete / Contact [email protected]Dricus Du Plessis @dricusduplessis
72K Followers 386 Following UFC Middleweight champion 🇿🇦 (21-2). Former KSW & EFC Champion.TrustOnCloud @trustoncloud
236 Followers 41 Following TrustOnCloud provide cloud control catalogs for each Cloud service; based on threat models, audit-ready, and always up-to-date.Dirk Steenekamp @Dirk_Steenekamp
11K Followers 419 Following Publisher @mensfitness_sa @topgearmagsa @MaximMagSA & @ObjektSA | EFC commentator | father | husband | horlogerie aficionado | petrol headMerill Fernando @merill
15K Followers 3K Following Product Manager @microsoft | Tweets my own Built → https://t.co/ujxKqxXjf2 • idPowerToys • Graph X-Ray • https://t.co/tSWrIw8Ajh Sign up to my weekly newsletter → https://t.co/tPzAEl0ZuqOutsider Security @OutsiderSec
2K Followers 1 Following Security company focusing on Microsoft Entra and Active Directory security. Need an expert view or pentest on your cloud/AD? [email protected]Jamie 🔜 RSAsí �.. @jamieantisocial
6K Followers 5K Following 🤘@mitreattack for Enterprise Lead, former ATT&CK Evals water distribution engineer (the artists known as #UNC1799), @DistrictHeather ♥️🍷, he/him.Fabian Bader @fabian_bader
7K Followers 650 Following #Security #Azure #AAD #MDE #M365 #AD #PKI Microsoft MVP Tweets and opinions are my own @[email protected]Jonathan Scott @jonathandata1
26K Followers 602 Following American Mobile, IoT & Crypto Researcher (Malware/Spyware/Forensics) Founder @TheMiladGroup, Doctoral Student - Comp Sci - Digital EspionageThe Masters @TheMasters
1.5M Followers 12 Following Official Twitter of the 89th Masters Tournament — April 10-13, 2025. Learn more at https://t.co/dKkHWIiG0WIs Ken Jennings Hosti.. @IsKenHosting
1K Followers 3 Following Guide tracking the weeks when Ken Jennings is hosting Jeopardy! (Account not affiliated with/sponsored by Jeopardy Productions, Sony Pictures or Mr. Jennings.)Microsoft BlueHat @MSFTBlueHat
3K Followers 173 Following BlueHat is where the security research community and @Microsoft security pros come together as peers, to connect, share and learn. Run by @MSFTSecResponseKen Jennings @KenJennings
465K Followers 561 Following Your Jeopardy! pal. Author of 100 PLACES TO SEE AFTER YOU DIE (https://t.co/pxwTQ2d7lo) and a bunch of other stuff. OMNIBUS co-founder (https://t.co/aURWrO4dAO).ryan mc @detectdotdev
233 Followers 120 FollowingRory McIlroy @McIlroyRory
3.2M Followers 468 Following I hit a little white ball around a field sometimesNikhil Mittal @nikhil_mitt
18K Followers 441 Following Hacker, Infosec Researcher, Military Affairs & History, PowerShell, AD and Azure pwner, Creator of Nishang and others :) Founder @alteredsecurityHistory Defined @historydefined
684K Followers 242 Following Learn Weird Things About History @[email protected] As an Amazon Associate I earn from qualifying purchases.Andrew @4ndr3w6S
2K Followers 2K Following Senior Manager of Detection Engineering @HuntressLabs | Prev. Practice Lead, TAC (Purple Team) @TrustedSec | @SpursOfficial Super Fan - COYS!⚙ Rev - Infra & Sup.. @ManuelBerrueta
535 Followers 1K Following Offensive Security 🐍 #RedTeam+#AppSec@MSFT | #Containers+#Cloud |🇺🇸🇲🇽|Husband,Father,Marine | My ramblings = my own 😁 | Everything is a string! | #GoCougsAdam @Hexacorn
24K Followers 1K Following Red Brain, Blue Fingers [email protected] https://t.co/Bm0C9KQDDY RIP TwitterChristofer Hoff @Beaker
26K Followers 3K Following coffee. creator. cars. cyber. cloud. ‘cue. change. culture. credentials. @ scale Security CTO/CISO/Engineer & Ops focused. CSTO @lastpass Opinions are MINE onlyNick Pėarce @_nickzer0
298 Followers 611 Following Red teamer @pentestpartners 💻/ F1 enthusiast 🏎️/ Brazilian Jiu Jitsu ragdoll 🥋David Weston (DWIZZZL.. @dwizzzleMSFT
25K Followers 1K Following Vice President, OS Security and Enterprise @Microsoft || @CISAgov Technical Advisory CommitteeZeph Photos @ZephrSnaps
183 Followers 7 Following 2nd account of @ZephrFish,mainly photography and historical pics. You'll also likely see more pics of my car on here 😂Steve Alvarez Brown @_SuperGT
118K Followers 825 Following Racing Driver with Bilstein | Sim & Real racing YouTuber | Quadrant | 📧 [email protected]Rob de Jong @rjong999
3K Followers 837 Following Digital Marketing Professional, specializing in PPC and interested in applying AI and deep learning to bidding optimization algorithms.Jake Karnes @jakekarnes42
481 Followers 16 Following Managing Consultant / Penetration Tester for @NetSPI. All tweets/etc. are my own.Justin Hendricks @Script_Happens
322 Followers 2K Following Security Engineer. My opinions are my own.Nick Powers @zyn3rgy
1K Followers 209 Following Adversary Simulation @SpecterOps | Previously @Rapid7 & @ProtivitiGSI @gomezsimracing
6K Followers 89 Following Makers of high end sim controls https://t.co/qwKWsz75dg Streaming on Twitch https://t.co/LnLpVYUusfMaril Vernon hosts Th.. @shewhohacks
11K Followers 400 Following “The One Woman Purple Team” Sr Sec Eng @ Aquia. Host of @TheCyberQueens Podcast. For help breaking in to #cybersecurity see @FearlessSec and @Maekshyft.Rick Shiels PGA @RickShielsPGA
175K Followers 1K Following I make videos to educate, advise & entertain golfers around the worldMicrosoft @Microsoft
13.9M Followers 2K Following We're on a mission to empower every person and every organization on the planet to achieve more. Support: @MicrosoftHelpsMicrosoft Security @msftsecurity
352K Followers 338 Following A new era of cybersecurity is here. Explore Microsoft Copilot for Security today.MDSec @MDSecLabs
14K Followers 0 Following Consultancy and Training from a trusted supplier of offensive security. Red Team and Adversary Simulation by ActiveBreach team | https://t.co/fqpbJ9WDXD | https://t.co/UvOhGA4ZouBad Sector Labs @badsectorlabs
6K Followers 440 Following Cybersecurity news, techniques, exploits, and tools every week at https://t.co/UgKmeEEjIV 🐘 @[email protected]Praetorian @praetorianlabs
8K Followers 1K Following Praetorian provides a suite of #security solutions that enable clients to solve #cybersecurity problems across their #enterprise and product portfolios.@_xpn_ I usually use Miro, but I might have to switch!
Huge update for Nemesis. We're finally v1.0.0!!!
It's a big day- @tifkin_, @0xdab0, and I are proud to announce that Nemesis 1.0.0 has landed! We have a ton of awesome new features and a streamlined installation, check out the details at posts.specterops.io/nemesis-1-0-0-… and the code at github.com/SpecterOps/Nem…
When have you seen me wearing a baseball cap?
What are some good conferences people would suggest submitting to for defensive based research? A lot of conferences I’ve submitted to seem to accept a lot more offensive / AI based talks…
@EricaZelic @cantcomputer See, if you're just using Nmap, it's a pen test. It's not until you break out Metasploit that it's a red team engagement.
@hackthebox_eu We are living in an amazing time. When we need to start censoring humor, because jokes are taken seriously.
@bullyb170 This wasn’t for you, we all hate you here get back under that rock you came from.
@0xdab0 I think you can get short term disability for having this bracket
@_SuperGT Question is: who’s he drive for next season? Lyft of Uber?
Hermes is finally updated for Mythic 3.0 and it doesn't require the Darling kernel module anymore! This means the Hermes container is _much_ more stable. Read about the update here :D slyd0g.medium.com/upgrading-herm…
@ColinRubbert If that's how you feel, perhaps you should get stronger 💪 Also if this type of post offends you, you are not fit for any adult circumstances. Grow up
@ColinRubbert @HackingDave Being strong enough to save people in time of crisis is misogynistic? Elaborate. If a firefighter had to carry you out of your house, are they misogynistic?
@fabian_bader @Haus3c @kfosaaen The original query and logic are described in this part of the blog post: cloud-architekt.net/entra-workload… Comparing IP addresses from AzureActivity logs in combination with Unique Token Identifier might be also an interesting approach to detect abuse by using other Azure resources.
@Haus3c @kfosaaen I built a query based on the blog article from @Thomas_Live that alerts every time an MI is used from a non Azure IP. Might be helpful Blog from Thomas cloud-architekt.net/entra-workload… ANR github.com/f-bader/AzSent…