-
Tweets322
-
Followers110
-
Following883
-
Likes678
This seems... Kind of important. simpity.eu/blog/ad-passwo…
I've seen lots and lots of orgs that are completely unaware of the phishing risks associated with device code flow. The technique has been around for 5 years. The Microsoft docs provide a great walkthrough of checking logs and implementing policy.
One of these days, I really hope Microsoft does a managed CA policy and offers controls for non-P1 users to prevent device code phishing... :-/ ICYMI, Microsoft has recommended blocking device code flow since the control was added to Conditional Access: learn.microsoft.com/en-us/entra/id…
@NathanMcNulty @TechBrandon The same. Almost never see this policy when doing assessments.
Probably a good time for this reminder
Cisco just confirmed that multiple zero-days against ASA/FTD VPN web services were exploited in the wild. CISA followed up with an Emergency Directive ordering federal agencies to inventory, patch, or disconnect affected devices. The last 3 Cisco advisories are directly tied to
@robertgraham The real question is why isn’t this impacting their sales? It’s almost like enterprises don’t seem to care.
@sapirxfed How can this telemetry be accessed from non-Microsoft products?
@techspence Too many people listening to product marketing…
🔒 Secure Bits 💡 New LAPS Features – 𝗔𝗿𝗲 𝗬𝗼𝘂 𝗨𝘀𝗶𝗻𝗴 𝗧𝗵𝗲𝗺? You probably know about the newer Windows LAPS (now in GPO > System\LAPS), but are you really taking advantage of all its capabilities? 𝗪𝗵𝗮𝘁’𝘀 "𝗻𝗲𝘄" 𝗶𝗻 𝗟𝗔𝗣𝗦? ✅ Password Backup for DSRM accounts ✅ Password Encryption for extra security ✅ Automatic Account Management (not just the built-in Administrator) ✅ Backup Directory Configuration 𝗕𝘂𝘁 𝗵𝗲𝗿𝗲’𝘀 𝘄𝗵𝗮𝘁 𝗿𝗲𝗮𝗹𝗹𝘆 𝗰𝗮𝘂𝗴𝗵𝘁 𝗺𝘆 𝗮𝘁𝘁𝗲𝗻𝘁𝗶𝗼𝗻: 💡Improved Readability Mode – No more struggling to rewrite complex passwords! A simple change that makes LAPS so much more user-friendly. 💡Post Authentication Actions – Decide what happens after usage: ▪️Reset the password ▪️Log off the account ▪️Reboot the machine ▪️Even terminate all remaining processes! Are you already using these? Or do you still rely on the "old" LAPS? Drop your thoughts below! 👇 #Windows #ActiveDirectory #Cybersecurity @BlueTeamDave
some cool #Elastic detections added by @_w0rk3r to identify potential kerberos SPN Spoofing via the CredMarshalTargetInfo primitive (abused in CVE-2025-33073 and also in other Kerberos reflection attacks): synacktiv.com/publications/n… github.com/elastic/detect… github.com/elastic/detect…
Finally made it happen! Public Custom Maester Test Collection is now available. Check out my blog post for more info, and hope you will contribute as well! #powershell #Maester #Security clatent.com/2025/01/if-mae…
How to use JA4H to find new C2 servers! [WebScout blog] blog.webscout.io/dissecting-ja4…
What types of deception tech should I use? Here’s some examples I have come across that I really liked. Please, other folks, chime in here with what you’ve seen and liked too… - Honey file called password.doc on a shared drive - Honey file called test.txt in an IT admins personal folder on a shared drive - Honey account with a password in the description attribute in AD
Hunt for suspicious scheduled task creation and execution in MDE. DeviceProcessEvents | where ProcessCommandLine contains "schtasks.exe" and ProcessCommandLine contains "/create" | join kind=inner ( DeviceFileEvents | where FileName endswith ".exe" or FileName endswith ".ps1" // Executable or PowerShell files | summarize by DeviceId, FileName, ActionType, TimeGenerated ) on DeviceId | join kind=inner ( DeviceLogonEvents | where LogonType == 2 // Interactive logon | summarize by DeviceId, AccountName, LogonTime = TimeGenerated ) on DeviceId | summarize ScheduledTaskActivity = count() by DeviceName, AccountName, FileName | where ScheduledTaskActivity > 2 // Adjust threshold | order by ScheduledTaskActivity desc
@LitMoose Blue Cape Security is another one to add - bluecapesecurity.com
@PSBK2E @brettshavers Will this be offered again at a latter date? I can not make this week work..
@eric_capuano @shortxstack @WWHackinFest @velocidex Hell yes!!
Excited to announce the 🚀 launch of the 🔥 LOLESXi project. It provides valuable insights into adversarial techniques targeting VMWARE ESXi. lolesxi-project.github.io/LOLESXi/ #threatresearch #lolesxi #dfir
Sani FX @Angel00147
78 Followers 2K Following
elli Celestine @Jason4219616683
8 Followers 282 Following just bored —- bitcoin , blockchain and you 😁😁😋
Alex @Alexaz0zzy
4 Followers 139 Following
John Weber @johnweber_1
142 Followers 2K Following Husband, Father, Trump Supporter, Christian, Realtor, Motivational Speaker, Crypto Enthusiast, Bitcoin Trader, All Round Entrepreneur, Trust In God.
Dre @andre_rivera14
154 Followers 583 Following
Alora Boadicea @AloraBoadicea
80 Followers 763 Following
Luna 🇺🇸 @Lunallinnev
273 Followers 1K Following An ordinary woman who loves life, sports, beaches, travel, cars, has a cute parrot, and supports Trump MAGA! 🇺🇸
Ken Westin @kwestin
23K Followers 5K Following just a human with a guitar and their dog @cthulhu_answers is my manager.
Eric Capuano - Bsky: ... @eric_capuano
11K Followers 3K Following Co-Founder @recon_infosec | SANS DFIR Instructor | IANS Faculty | https://t.co/yUXCSu2Yso | ⬡ ❤ @shortxstack
Linda Joey💗 @LindaJoey121436
51 Followers 1K Following I’m looking for a good and loyal man who is well respected and responsible for a serious relationship 👌
Arne u1land @EmilyCampb85945
54 Followers 636 Following 🇳🇴 Management Consultant | Quality investing & The power of Compounding | Book 📚 Invested a decade + | to finish first,you must finish first
Retethi @retethi25270
13 Followers 840 Following Follow me, maybe it's the beginning of our fate, we can talk
Bits, Bytes, and Bour... @DecryptedTech
2K Followers 596 Following A Technology Journalist and cybersecurity professional. I have a mission to remove the marketing-speak from the information people receive in their news.
nzyme - Network Defen... @nzyme_defense
2K Followers 755 Following nzyme - Network Defense System, free and open EVERY WHISPER FINDS ITS ECHO
Bobby Filar @filar
2K Followers 1K Following dad. security ai @sublime_sec fmr:@elastic, @endgameinc
Rich Walchuck @Mokuso
117 Followers 395 Following
Whitney Champion 🍪... @shortxstack
29K Followers 11K Following security architect / cofounder @Recon_InfoSec / cofounder @DDI_training / ♥️♥♥ == @eric_capuano, nerdery, rainbows, sweatpants | she/her 🤍🌿🍄🌈🫶
Christopher Wright @Christo74471134
2 Followers 2 Following
Andy Grolnick @AndyGrolnick
216 Followers 206 Following CEO @graylog2, Colorado-based, sports fan, musical theater enthusiast, #Dukebasketball, #Nuggets
Dan Torrey @danotorrey
2K Followers 3K Following Dad, runner, builder, aviation, 3D Printing, Houstonian.
Graylog @graylog2
9K Followers 2K Following 🌍 Trusted Threat Detection & Incident Response solutions. Experience the difference with our unmatched capabilities. #SIEM #APISecurity #LogManagement
Jim Nitterauer 🇺�... @JNitterauer
9K Followers 9K Following Husband, Dad, InfoSec enthusiast. CISSP, CISM, Speaker. Ethical Hacker. @BSidesLV Staff @ITENWired Guitarist | https://t.co/vfVVLK6fWv | https://t.co/aO6JzH3ilm
Jason Miller @MillerJmiller
1K Followers 1K Following CEO, Founder of @BitLyft | Tech Entrepreneur | Investor #cybersecurity #devops #cloud
NAMITA SAHOO🥰 @Siddhar93258267
124 Followers 597 Following
Christopher Luft @tekgrunt
226 Followers 214 Following
cktk9 @cktk91
8 Followers 34 Following
jordan drysdale @Rev10D
653 Followers 500 Following
Adam Mashinchi @Adam_Mashinchi
1K Followers 1K Following Product Person @redcanary. Involved with: #AtomicRedTeam, @c2_matrix, @WWHackinFest, and the #PoweredByBlockchain stickers. (@[email protected])
PowerShell Chicago Co... @PWSHChicago
355 Followers 582 Following PowerShell Conference in Chicago 2020
Atomic Threat Coverag... @atc_project
2K Followers 1K Following Actionable analytics designed to combat threats
Data Connect Technolo... @dataconnectt
375 Followers 2K Following Singapore’s leading Information and Communication Technology Provider, providing excellent services & full-fledge ICT solutions since 2003
Silentshot @silentshot
9K Followers 593 Following Sec guy / NSFW content does show up / Gamer / CISO with attitude / Researcher / Social Engineering / Technologist / hopefully good friend.
Megantron (@megan@inf... @megan_roddie
6K Followers 4K Following Detection Engineer. Co-Author, SANS FOR509. Author, Practical Detection Engineering. @HackersHealth CFO. Ammy Muay Thai fighter/coach. #ActuallyAutistic.
Eric Foster @performify
2K Followers 2K Following CEO @TENEXai - The AI SOC Company. The only AI-native MDR led by operators w/ founding engineers from hyperscalers + AI labs. Named #1 fastest-growing cyber co.
Matt Alderman @maldermania
3K Followers 5K Following Chief Product Officer, CyberSaint Host, Business Security Weekly
PageinSec @pageinsec
448 Followers 1K Following Geek, researcher, teacher. Sec+, eJPT. Statements, etc are my own. Follow/like != endorsement IANAL, don't do illegal stuff, etc.
analogm @analogm1
284 Followers 2K Following
BSidesKC @_BSidesKC
2K Followers 2K Following When: April 25, 2026 / Where: Jewell Student Center @ KCKCC, 7250 State Ave, Kansas City, KS 66112 (Navigate to: 39.12225, -94.74890) / What: Good times, networ
King Moon Razor @kingm00nrazor
36 Followers 586 Following #Cybersecurity & #CyberEspionage is my passion. Opinions are my own and not that of my employer.
Brian Ingersoll @Bingersoll77
104 Followers 343 Following
Microsoft 365 Status @MSFT365Status
306K Followers 4 Following The official @Microsoft account for updates on certain @Microsoft365 service incidents. Get push notifications on our admin app: https://t.co/pGaOsdAblF.
Ridgeline Cyber @RidgelineCyber
1K Followers 47 Following Build production-ready detection pipelines and capabilities, defensible GRC and secure engineering architectures.
Threat Hunting Labs @ThruntingLabs
2K Followers 1 Following Train on raw telemetry from actual breaches. Investigate malware and reconstruct the kill chain from process creation to exfiltration and beyond.
Korstiaan @KorstiaanS
475 Followers 324 Following Founder of Invictus Incident Response @InvictusIR | DFIR enthousiast | https://t.co/qgFI02Nro1
Katie Knowles @_sigil
3K Followers 304 Following Senior Security Researcher @ Datadog. 🐕 Head in the (Azure) clouds. Sometimes blogging, always curious.
Python Developer @PythonDvz
183K Followers 1K Following A place for all things related to the #python #programming #coding #webdeveloper #webdevelopment #pythonprogramming #ai #ml #machinelearning #datascience ...
Benjamin Bennett Alex... @RealBenjizo
37K Followers 413 Following Analyst | Learn Python & SQL | Author | LinkedIn 200k | Newsletter 350k subs | Open 4 Collabos | SQL Essentials for Data: https://t.co/OVaNhH3eeq
Maester.dev @maester365
193 Followers 1 Following Maester your Microsoft 365 test automation framework.
Annex Security (acq b... @secureannex
294 Followers 5 Following Discover what is hiding in your software extensions. Acquired by @SocketSecurity
Placing the Suspect B... @PSBK4n6
855 Followers 25 Following It's about working #DFIR cases for attribution. ⚖️
Stroz Friedberg DFIR @StrozDFIR
326 Followers 11 Following Stroz Friedberg, a LevelBlue company, delivers intelligence-driven digital risk management with expert-led services designed for adaptive resilience.
Doug @dougsbaker
637 Followers 331 Following Microsoft Security & Compliance enthusiast 💻 Helping people navigate M365💡 Youtuber 🎥 Tweeting tips and tricks 💬 Making the digital world a safer place
Ken Westin @kwestin
23K Followers 5K Following just a human with a guitar and their dog @cthulhu_answers is my manager.
spencer @techspence
17K Followers 3K Following 🛠️ Former Sysadmin, now Pentester | Microsoft MVP | Helping IT teams make their environment harder to attack | @SecurIT360 & @CyberThreatPOV
PersistenceSniper @PersistSniper
213 Followers 4 Following One Powershell tool to (un)persist them all! Made with ❤️ by @last0x00 and @dottor_morte
Eric Capuano - Bsky: ... @eric_capuano
11K Followers 3K Following Co-Founder @recon_infosec | SANS DFIR Instructor | IANS Faculty | https://t.co/yUXCSu2Yso | ⬡ ❤ @shortxstack
Grzegorz Tworek @0gtweet
38K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
KQLCafe @KqlCafe
1K Followers 2 Following A Community to make the world a better place with KQL | Learn, share and practice the KQL language | #kql #threathunting #security
ACE Responder @ACEResponder
18K Followers 227 Following Practice threat hunting & detection engineering in a real SIEM with real attacks. Join us and become the best.
Joe Stocker @ITguySoCal
8K Followers 1K Following Christian Family Man, CEO of Patriot Consulting (Microsoft Security Partner) Author of "Securing Microsoft 365" Microsoft MVP (Security) (2020-2026)
Matt Zorich @reprise_99
15K Followers 2K Following @Microsoft Security | https://t.co/HWozKuixTi | Tweets are my own | 🇦🇺
Invictus Incident Res... @InvictusIR
2K Followers 32 Following Helping organizations respond to cyber incidents in the cloud | 🆘 24/7 support https://t.co/zfF62gimvm | 📚 Academy https://t.co/GH0u8tmjXJ
Merill Fernando @merill
20K Followers 4K Following Ex-Microsoft PM | Tweets my own Built → https://t.co/QbUp63ffXf • https://t.co/8W7yvQi3jb • https://t.co/NFLDqDIY8h • https://t.co/tSWrIw8Ajh 📰 Newsletter→ https://t.co/tPzAEl0Zuq & https://t.co/894nfObWuU 🎙️ Podcast→ https://t.co/TBlNKTzn8t
Clément Notin @cnotin
6K Followers 985 Following 😈 Security research (#ActiveDirectory #EntraID) & pentest 🎉 #CTF @tipi_hack 👨💼 Works @TenableSecurity, opinions my own 🪂 https://t.co/4HRwJQ6PUm
Jim Sykora @JimSycurity
3K Followers 2K Following I enjoy security, technology, learning, books, & the great outdoors. Trying to be human & kind. Opinions = mine. He/Him/Hän
Thomas Roccia 🤘 @fr0gger_
35K Followers 2K Following AI Security x Threat Intel · Threat Researcher · Creator of #Unprotect & #NOVA · Malware Warlock · Python 🧡 · Prev @Microsoft @McAfee_Labs
InfoSecProf @_John_Doyle
2K Followers 963 Following Cyber threat intelligence | Palo Alto Unit 42 | SANS FOR578 instructor | Arcane Trickster | Ex-Mandiant | Ex-CIA | Posts represent my personal views
100daysofpython @100daysofpython
588 Followers 0 Following
Blue Team Labs Online @BlueLabsOnline
9K Followers 7 Following A gamified scenario-based platform for security professionals to develop and showcase practical skills. Powered by @secblueteam
CyberDefenders®™ @CyberDefenders
22K Followers 3 Following CyberDefenders™ is a training platform for #SOC analysts to learn, validate & advance #BlueTeam/#DFIR skills. Join community @https://cyberdefenders.org/discord
Windows Forensic Envi... @WindowsFE
5K Followers 5 Following Forensically boot evidence machines with a Windows Forensics Operating System! Now boots into ARM devices. #DFIR
Eric Zimmerman @EricRZimmerman
19K Followers 991 Following KAPE, EZTools, forensics, X-Ways. Certified SANS instructor. FFL Please consider supporting me: https://t.co/pIjxED3CMx
Chetan Nayak (Brute R... @NinjaParanoid
32K Followers 0 Following Dark Vortex Founder/Brute Ratel Author
OpenUBA @OpenUBA
152 Followers 5 Following A robust, and flexible open source UEBA framework used for Security Analytics. Developed by Data Scientists & Security Analysts from the cyber security industry
Bits, Bytes, and Bour... @DecryptedTech
2K Followers 596 Following A Technology Journalist and cybersecurity professional. I have a mission to remove the marketing-speak from the information people receive in their news.
DEATHCon @DEATHCon2025
2K Followers 43 Following In-person workshops in Dublin Ireland 22 May 2026 and Online/live conference 13-14 November 2026 for Detection Engineering and Threat Hunting https://t.co/TpkIGjaqpx
Protexity @Protexity
323 Followers 260 Following We help organizations strengthen their cybersecurity posture and eliminate blind spots.
Blu Raven Academy @BluRavenSec
435 Followers 11 Following 🚀 Elevate your security analysis skills! Learn #ThreatHunting, #DetectionEngineering and #DFIR using #KQL at https://t.co/EM8t7XaU3Q
Tom Wechsler - Micros... @tomvideo2brain
3K Followers 238 Following I have been working in IT since 2000 and have been an independent Cloud (Azure) Solution Architect / Cyber Security Analyst and Trainer since 2007
TropChaud @IntelScott
1K Followers 585 Following Reluctant security & intelligence practitioner and tool developer. Mainly Tweets about aggregating and visualizing cyber threat & OSINT datasets
Ali Hadi | B!n@ry @binaryz0ne
35K Followers 569 Following DFIR and Adversary Simulation | All posts reflect the views and interests of the person behind this account only |
Zero Networks @ZeroNetworks
646 Followers 34 Following Zero enables organizations to apply zero trust controls to who can access their network, what they can access, and how they connect.
Miriam Wiesner @MiriamXyra
4K Followers 759 Following Security Research PM at @Microsoft, Passionate about #hacking, #security and #powershell, tweets are my own | @[email protected]
Pavel Yosifovich @zodiacon
15K Followers 916 Following Windows Internals expert, author, and trainer. Teaching system programming & debugging at TrainSec. Check out my books & courses! 🚀 #WindowsInternals #TrainSec
CVE @CVEnew
58K Followers 3 Following Official account maintained by the CVE™ Program to notify the community of new CVE IDs. Posts contain abbreviated details. Full CVE Records on https://t.co/ALn4YvUtomYou might like
