Matt Lin @mahlerware
incident response @google @mandiant United States Joined May 2019-
Tweets361
-
Followers249
-
Following694
-
Likes5K
Uncharmed: Untangling Iran's APT42 Operations | APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. cloud.google.com/blog/topics/th… @Mandiant
Iranian hackers from APT42 are impersonating journalists in social engineering campaign. Build rapport -> steal credentials -> bypass MFA -> access the victims’ cloud environments and steal data from OneDrive and Outlook emails.
Iranian hackers from APT42 are impersonating journalists in social engineering campaign. Build rapport -> steal credentials -> bypass MFA -> access the victims’ cloud environments and steal data from OneDrive and Outlook emails.
Great report from our brothers and sisters in arms at @Mandiant. I can deeply, DEEPLY corroborate the opening line. Attackers are investing in evasion and we're seeing that (and, sometimes, NOT seeing it) in @GreyNoiseIO.
Great report from our brothers and sisters in arms at @Mandiant. I can deeply, DEEPLY corroborate the opening line. Attackers are investing in evasion and we're seeing that (and, sometimes, NOT seeing it) in @GreyNoiseIO. https://t.co/ifI2aNClCC
In 2014, @JohnHultquist named a Russian hacking group "Sandworm". Today, Mandiant graduates it to APT44 & reveals the online persona they created, CyberArmyofRussia, disrupted U.S. and Polish water utilities, as well as a dam in France. Full report: services.google.com/fh/files/misc/…
As @taylorswift13 says, it’s been a long time coming
As @taylorswift13 says, it’s been a long time coming https://t.co/YSefmwKuum
This is a long time coming. 🇷🇺APT44: Unearthing Sandworm: services.google.com/fh/files/misc/…
Today, @Mandiant / @Google is opening up a Can o’ Sandworms. I’m incredibly proud to have led the year+ long effort with a brilliant group of colleagues to graduate Sandworm into APT44. cloud.google.com/blog/topics/th…
Dissect...I say eviscerate. Outstanding read.
In the latest blog post, #Mandiant experts dissect post-exploitation activities observed on vulnerable Ivanti Connect Secure appliances. Gain expert insights and recommendations. Read the blog: bit.ly/3PM1uxF #Cybersecurity #ThreatIntelligence
Another part of our reporting on Ivanti. This time I had a privilege to contribute to the blog. We analyzed a SPAWN malware ecosystem, which consists of a stealthy passive backdoor, a tunneler, clever log tampering utility and an installer. cloud.google.com/blog/topics/th…
Just when you thought we were done with Ivanti reporting 😎Lot of great information on the other clusters Mandiant is tracking as having taken an interest in exploitation of Connect Secure. cloud.google.com/blog/topics/th…
Notably, this blog highlights multiple suspected China-nexus espionage clusters and their operations as well as multiple new malware families such as BRICKSTORM, TERRIBLETEA, and the SPAWN* family.
Latest Ivanti update from @Mandiant is now LIVE on the @googlecloud blog, covering case studies in post-exploitation activity and new custom malware families identified on compromised ICS appliances. cloud.google.com/blog/topics/th…
🔥 Hot 🔥 off the press, a new @Mandiant blog detailing several case studies of lateral movement / post-ex activity we’ve observed following successful exploitation of Ivanti CS appliances. cloud.google.com/blog/topics/th…
🪲And the 2023 Year in Review of Zero-Days Exploited In-the-Wild is out! This year I teamed up with @JaredSemrau & James from Mandiant to write a joint report combining our expertise and providing a more holistic view on in-the-wild 0-days in 2023 🔥🧐 blog.google/technology/saf…
I saw some incredible things this week @Mandiant Intel. You know who you are.
New blog post! Title: Covert TLS n-day backdoors: SparkCockpit & SparkTar | by NVISO Incident Response Link: wp.me/p84lDr-4w7 #Forensics #ReverseEngineering #CVE #Ivanti #PulseSecure
🚨 New joint advisory from @CISACyber, @FBI, and their Five Eyes partners including @CyberGovAu was just released on this threat which references @Mandiant's findings.
🚨 New joint advisory from @CISACyber, @FBI, and their Five Eyes partners including @CyberGovAu was just released on this threat which references @Mandiant's findings. https://t.co/0aNM7fNv60
🚨IMPORTANT: Protect your networks from threat actors exploiting Ivanti gateway vulns to achieve persistence. 🙏to all of our partners who collaborated on this important advisory, including @Volexity, @Mandiant, & @GoIvanti: go.dhs.gov/Jeg
Jana Kwilosz @kwilos_ja
13 Followers 3K FollowingMikeWavada @WavadaMike
220 Followers 3K Following Cyber specialist specializing in Imposter Syndrome. Former USMC. Currently with Prestige Worldwide. Likes Nickelback.Remi Alstott @r_alst
80 Followers 5K FollowingFerne Helmen @FerneHelme95229
49 Followers 5K FollowingSisart @Sisart227619
0 Followers 165 FollowingEdna @ednadotolo72
164 Followers 3K Followingperfect4sec @perfect4sec
517 Followers 4K Following DFIR | Threat Intelligence | Malware Analyst | Researcher | Mexican Cybersecurity Defender Team 🇲🇽 #MXCSDTAamina Flaa @AaminaFlaa14887
58 Followers 5K FollowingCataleya Aguada @catale_agua
37 Followers 5K FollowingBobby Waiden @WaideBobb
47 Followers 5K FollowingMelissa Stanish @StaniMelis
35 Followers 5K FollowingAlice 🍌 @Alice_Kealy576
10 Followers 437 Following Lеt's еsсapе thе ordinаrу and hаvе sоmе аdult fun!Tiffany Hughes @TiffanyHug70433
0 Followers 492 FollowingTitus Cobb @CobbTitus5199
10 Followers 771 FollowingFannie Acevedo @fannie93694
95 Followers 5K FollowingAiza Sulloway @sulloway76303
77 Followers 5K FollowingXanthe Ven @XantheVen60840
78 Followers 5K Followingmd-ir-ap @ansari_response
197 Followers 224 Following 🦅🦅🦅 Mandiant Advanced Practices🦅🦅🦅 *opinions are my own and do not express the views or opinions of my employerJosh Stroschein | The.. @jstrosch
8K Followers 1K Following Reverse engineer at FLARE/@Google | @pluralsight author | 700K+ views on YT 😱 Find FREE resources below👇💕 @futureBunnyCake
40 Followers 1K Followingchris! @burritosec
387 Followers 724 Following he/him 🏳️🌈 | cyber threat stuff | ex-GRC grouch, former MDR menace | my tweets are my opinions, my opinions are my ownMatt Caylor @beskardev
136 Followers 645 Following I’m just a simple man, trying to make his way through the InfoSec universe. Comments are mine alone & do not reflect official position of my employer.Nicolaas @NicolaasDBvB
45 Followers 597 FollowingJDE @0xf0c8e514
30 Followers 504 Following I like to broke computer stuff. Or save them. I don't know anymore.Devin McLean @devinmclean
445 Followers 2K Following SOC & cyber infrastructure manager. I hunt the badness alongside my team. Father of 3. I like video games. Engineer at heart.Steve YARA Synapse Mi.. @stvemillertime
15K Followers 1K Following cyber-physical intel @google writing & sharing on adversary tradecraft, dfir, malware, threat detection, ics/ot intel and all things #yaraAJ Vicens || @ajvicen.. @AJVicens
11K Followers 10K Following Senior Reporter, cybercrime, state-aligned threats @CyberScoopNews. Was @MotherJones, @UMKnightWallace Signal: ajvicens.57 (more: https://t.co/VC3mfeOaua)yum, CISSP, CCSP, CEH.. @yum_yum_YB
127 Followers 1K FollowingKarl Dolio @KarlD69375
79 Followers 5K FollowingMajorie Hoff @HofMajori
45 Followers 5K FollowingSudokú @tripulody
27 Followers 226 Following "Sometimes it is just better to remain silent and smile."🄲🅈🄱🄴🅁 .. @Cyber_Asia_
3K Followers 399 Following Follow us for the latest #cybersecurity news in Asia Pacific.Irene 😳 @Irene9568
7 Followers 527 Following Lооking fоr somеоne whо саn mаtсh her desires аnd арреtitеAndrew Morris @Andrew___Morris
20K Followers 3K Following 🔳 Internet listener. Founder/Chief Architect of GreyNoise Intelligence (@GreyNoiseIO)The ComplianceAide @BlasikRandy
291 Followers 2K Following Founder of the ComplianceAide. We imitate all of the actions of a Cybersecurity compliance professional using a team of AI agents.ɴᴇɴᴀᴅ @nvijatov
662 Followers 2K Following security architect | #cybersec #cloud #blueteam #azuresecurity | opinions are my ownfadz @daf_nalz
2 Followers 800 FollowingAdrian Luca (infosec... @adrian__luca
685 Followers 2K Following Security Test & Threat intelligence Engineer @virusbtnAndreas Sfakianakis /.. @asfakian
5K Followers 4K Following Tweets about Cyber Threat Intelligence | SANS #FOR578 Instructor | Speaker My tweets=my views. RTs ≠ endorsement. https://t.co/6zRhe2JRUjaurora borealis @princessauroraj
536 Followers 3K Following infosec researcher @ SpyCloud LABS | ACD roller derby ❤️ Lois Pain | she/herMikeWavada @WavadaMike
220 Followers 3K Following Cyber specialist specializing in Imposter Syndrome. Former USMC. Currently with Prestige Worldwide. Likes Nickelback.Jeff Woolsey (also on.. @WSV_GUY
9K Followers 387 Following Principal Program Manager, Microsoft. Azure Stack HCI/Windows Server/Hybrid Cloud. He/Him. Tweets are mine and don't represent my company. 🇵🇦🇺🇸Rocky Mountain Inform.. @The_RMISC
1K Followers 120 Following We are the premier Information Security conference in Colorado! Thank you to those who joined us on June 7-9, 2023! More info at https://t.co/24geTXrtNM.waymon @obnoxious4n6
610 Followers 1K Following Senior Security Research Manager @Microsoft GHOST || tryin to navigate this cyber stuff || tweets == my own780th Military Intell.. @780thC
32K Followers 549 Following Official Twitter page of the 780th MI Brigade (Cyber). The Army's only offensive cyberspace operations brigade (following, retweets and links ≠ endorsement).cts🌸 @gf_256
52K Followers 625 Following Co-founder @zellic_io & @pb_ctf | YT: https://t.co/nlNai6iQCn Prev: Vector35, Grayshift, Two Sigma, Dfsec | 23yo hacker femboyLindsey O'Donnell Wel.. @LindseyOD123
3K Followers 2K Following Executive editor at @DecipherSec. Previous @ThreatPost, @CRN, @Holy_cross, @DJNF alum Hit me up on Signal: lindseyodwelch.22Lee Chagolla-Christen.. @tifkin_
13K Followers 812 Following I like making computers misbehave. Does stuff at https://t.co/YsrVyTjOY7. Mastodon: @[email protected]Andrew Case @attrc
28K Followers 4K Following @Volatility Core developer, Dir. of Research @Volexity, @lsucyber, The Art Of Memory Forensics Co-AuthorMaor Shwartz @malltos92
3K Followers 4K Following Help researchers, offensive cybersecurity companies and governments navigate the offensive cybersecurity industryJosh Stroschein | The.. @jstrosch
8K Followers 1K Following Reverse engineer at FLARE/@Google | @pluralsight author | 700K+ views on YT 😱 Find FREE resources below👇Łukasz @maldr0id
13K Followers 999 Following Military-grade @Android malware reverse engineer @Google || "Tom Brady of malware strings analysis" - @MalwareTech || Tweets are my own opinions || he/him ✨🌈🦄chris! @burritosec
387 Followers 724 Following he/him 🏳️🌈 | cyber threat stuff | ex-GRC grouch, former MDR menace | my tweets are my opinions, my opinions are my ownJDE @0xf0c8e514
30 Followers 504 Following I like to broke computer stuff. Or save them. I don't know anymore.Nicolaas @NicolaasDBvB
45 Followers 597 FollowingMatt Caylor @beskardev
136 Followers 645 Following I’m just a simple man, trying to make his way through the InfoSec universe. Comments are mine alone & do not reflect official position of my employer.Steve YARA Synapse Mi.. @stvemillertime
15K Followers 1K Following cyber-physical intel @google writing & sharing on adversary tradecraft, dfir, malware, threat detection, ics/ot intel and all things #yaraAJ Vicens || @ajvicen.. @AJVicens
11K Followers 10K Following Senior Reporter, cybercrime, state-aligned threats @CyberScoopNews. Was @MotherJones, @UMKnightWallace Signal: ajvicens.57 (more: https://t.co/VC3mfeOaua)yum, CISSP, CCSP, CEH.. @yum_yum_YB
127 Followers 1K FollowingEdTech Higher Ed @EdTech_HigherEd
39K Followers 3K Following Technology issues facing #highered IT leaders and educators. // Sponsored by CDW•G // Sign up for timely insights, free! https://t.co/kMPp8qcKHRStephen Sims @Steph3nSims
20K Followers 601 Following Perpetual Student | SANS Fellow | Musician | Braggart Hater | Gray Hat Hacking | VR | 🏂 | deadcode | https://t.co/CadJehomsUTracingWoodgrains @tracewoodgrains
22K Followers 1K Following Storyteller. CFP @TheBARPod. Pursue excellence. Eng/中文Max Rogers @MaxRogers5
3K Followers 1K Following Sr. Director, Security Operations Center @HuntressLabs | Ex-Mandiant/FireEye | Amateur Runner | Solving Cyber Security for Small & Mid-Sized BusinessesKatie Nickels @likethecoins
54K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]spotheplanet @spotheplanet
11K Followers 138 Following Hacking the planet at https://t.co/ifUgKQtEYV. Buy me a vinyl at https://t.co/SO41y55HJLKurtis Lin @kurtisjlin
4K Followers 408 Following Founder & CEO @pinwheelapi, scaled it from $0 to $500M. Sharing insights on building to $1B and beyond + how to stay fit along the way!Tim Denning @Tim_Denning
51K Followers 89 Following Blogger with 1B+ views that made me 7+ figures | I’ll teach you how to build an audience and make money writing | Get my free email course below ↓Ali Hadi | B!n@ry @binaryz0ne
29K Followers 567 Following DFIR and Adversary Simulation | DFIR @ ProtonMail | Perfect Stranger | Stronger Together |Nicolas Cole 🚢 @Nicolascole77
181K Followers 619 Following I talk about digital writing, ghostwriting, and self-publishing. | Co-Founder Ship 30 for 30, Typeshare, Premium Ghostwriting Academy. | Author of 10 books.Brian Baskin @bbaskin
7K Followers 853 Following Threat researcher, malware analysis, RE, incident response, with some old school forensics and CTFing. Apologetic ginger. These are my personal opinionsMartin Donath @squidfunk
4K Followers 206 Following Author of Material for MkDocs, one of the simplest and most popular Open Source solutions to create documentation for your project or a technical blogNVISO Labs @NVISO_Labs
4K Followers 347 Following NVISO Labs is the research arm of @NVISOSecurity, focused on infosec research. This is where our lab rats share the results! 🐀The ComplianceAide @BlasikRandy
291 Followers 2K Following Founder of the ComplianceAide. We imitate all of the actions of a Cybersecurity compliance professional using a team of AI agents.Adrian Luca (infosec... @adrian__luca
685 Followers 2K Following Security Test & Threat intelligence Engineer @virusbtnLeo @Itz_L30
946 Followers 969 Following Security Researcher | SOC Analyst #OSINT | #DFIR | #threatintel I know what you hide🤫ɴᴇɴᴀᴅ @nvijatov
662 Followers 2K Following security architect | #cybersec #cloud #blueteam #azuresecurity | opinions are my ownChristian @THIR_Sec
408 Followers 735 Following 🏹 @SentinelOne | @SANS_EDU #MSISE Alum | Former @TheDFIRReport Contributor. Expressed opinions are my own.Dillon Franke @dillon_franke
412 Followers 282 Following Hacker & Vulnerability Researcher @ Google/Mandiantaurora borealis @princessauroraj
536 Followers 3K Following infosec researcher @ SpyCloud LABS | ACD roller derby ❤️ Lois Pain | she/herAndreas Sfakianakis /.. @asfakian
5K Followers 4K Following Tweets about Cyber Threat Intelligence | SANS #FOR578 Instructor | Speaker My tweets=my views. RTs ≠ endorsement. https://t.co/6zRhe2JRUjDecipher @DecipherSec
4K Followers 419 Following Security without fear. Decipher delivers journalism on information security and privacy that informs, educates and inspires. Editors: @DennisF & @lindseyOD123.Jake Knowlton @j2k3k
2K Followers 2K Following @Mandiant | Board member at @VeteranSec | https://t.co/6nviinvBUQ | tweets are my own | Ask me why I hate Andrew NorthernPatch ALL teh things we constantly tell CISOs and CIOs. Thing is, let's be honest with each other right? we can't and this graph is telling. Patching is a pain, we get it and we do need to revolutionise the approach. Two years ago, @LargeCardinal wrote a phenomenal paper
thinking about when we deployed an initial test sensor in the islamic republic of ir*n and ran apt-get update and it came back with a certificate error
Live look at the Mandiant DPRK team right now ic3.gov/Media/News/202…
This dmarc abuse campaign is popping off rn. Can check your domain out here mxtoolbox.com/dmarc.aspx. Also shout out to all the IT staffs that told the victims and us “it’s fine”. Smh
Actions have consequences. "a reminder to ransomware actors everywhere: we will track you down and bring you to justice" justice.gov/opa/pr/sodinok…
Iranian hackers from APT42 are impersonating journalists in social engineering campaign. Build rapport -> steal credentials -> bypass MFA -> access the victims’ cloud environments and steal data from OneDrive and Outlook emails.
Uncharmed: Untangling Iran's APT42 Operations | Google Cloud Blog cloud.google.com/blog/topics/th…
Wake up @SLEUTHCON swag dropped
Our product is 🤌🏻 Don’t miss the opportunity to attend #SLEUTHCON! Register now at sleuthcon.com.
Uncharmed: Untangling Iran's APT42 Operations | APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. cloud.google.com/blog/topics/th… @Mandiant
His smoke too tough. His swag too different.
Mets fan removed from $1 hot dog night after fans throw wieners at him in wild scene trib.al/GzOvRq9
The Terraform fork is off to a good start.
OpenTofu 1.7.0 is now available! The headline features: 🔐 Client-side state encryption (finally!!) 🛠️ Provider-defined functions 🔄 for_each on import blocks 🗑️ Declarative remove blocks The best open source IaC tool is getting better! 🎉
PLEASE RT: IMPORTANT Folks, we are making security changes in Windows Server 2025 such as in Active Directory, File Servers, SMB to name a few. We’ve been messaging these changes, but in case you missed them, this thread is for you.
Mystery guest alert! Get ready for some surprises at RMISC 2024! 🕵️♂️ Here's a clue: Our special guests are none other than Canon Hall of Fame Winners! 📚 We can’t wait to share the news! 🎟️Register today! iplanit.swoogo.com/rmisc2024 @Denver_ISACA @ISSA_Denver
Finally got around to reading thru more of the @Mandiant M-Trends report and this graphic felt like reading a diary of my life in 2023
AI-enhanced camera technology helps solve murder in Missouri abc7.la/4a6oWgw
As #malware continues to challenge analysts, so we checked how Gemini 1.5 Pro could help and found that: 🔎 Results were accurate, even with a zero-detection @virustotal sample ⏱️ It produced an accurate analysis in less than a minute Learn more: bit.ly/3WjINFq
Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol