Phill Moore @phillmoore
This Week in 4n6 // ThinkDFIR https://t.co/vLyL2sgQsy I might not know much, but I do know how to Google Tweets are mine thisweekin4n6.com Sydney, Australia Joined March 2009-
Tweets8K
-
Followers9K
-
Following3K
-
Likes7K
Week 22 - 2026 #DFIR thisweekin4n6.com/2026/05/31/wee…
0
9
12
725
3
View Details
Week 21 - 2026 #DFIR thisweekin4n6.com/2026/05/24/wee…
Week 20 - 2026 #DFIR thisweekin4n6.com/2026/05/17/wee…
Week 19 - 2026 #DFIR thisweekin4n6.com/2026/05/10/wee…
Week 18 - 2026 #DFIR thisweekin4n6.com/2026/05/03/wee…
@CyberDevOG @velocidex Yeah I dont think amcache does anything on repeated execution. It doesnt update the key which is why we have a degree of confidence surrounding it being a first seen / execution time. I expect if it gets modified it won't get updated but I havent tested that.
While doing some digging at my old job we found that sometimes Amcache might present data that isn't reflected in the PE it relates to. We didn't figure out why this happens, but @velocidex Velociraptor is the perfect tool for digging in deeper thinkdfir.com/2026/04/25/tru…
Week 17 - 2026 #DFIR thisweekin4n6.com/2026/04/26/wee…
Week 16 - 2026 #DFIR thisweekin4n6.com/2026/04/19/wee…
Phill Moore retweeted
One artifact rarely tells the full story. Jump Lists. LNK files. Prefetch. Each captures different activity on a Windows system. The challenge is connecting them. 👇 Quick reference in the playbook 👉 go.sans.org/RKG6xY
Week 15 - 2026 #DFIR thisweekin4n6.com/2026/04/12/wee…
Week 14 - 2026 #DFIR thisweekin4n6.com/2026/04/05/wee…
Week 13 - 2026 #DFIR thisweekin4n6.com/2026/03/29/wee…
Week 12 - 2026 #DFIR thisweekin4n6.com/2026/03/22/wee…
Week 11 - 2026 #DFIR thisweekin4n6.com/2026/03/15/wee…
Week 10 - 2026 #DFIR thisweekin4n6.com/2026/03/08/wee…
Week 09 - 2026 #DFIR thisweekin4n6.com/2026/03/01/wee…
Week 08 - 2026 #DFIR thisweekin4n6.com/2026/02/22/wee…
Florian Roth ⚡️ @cyb3rops
220K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
SANS DFIR @sansforensics
111K Followers 104 Following The world's leading Digital Forensics and Incident Response provider. This feed updates you on latest DFIR news, events, and training.
4n6lady @4n6lady
62K Followers 660 Following #DFIR & #BlueTeam | IR & Threat Detection | #OSINT enthusiast | waiting for HL3 | AWS CIRT - my views are my own
Chris Sanders 🔎 �... @chrissanders88
35K Followers 487 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSM
Stephan Berger @malmoeb
29K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Mick Douglas 🇺🇦... @bettersafetynet
32K Followers 575 Following Consultant for InfoSec Innovations | @SANSInstitute Principal Instructor | @IANS_Security Faculty | I like information security. How about you?
Justin Elze @HackingLZ
70K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Chad Tilbury @chadtilbury
22K Followers 599 Following Digital forensics and incident response. Ex-AFOSI, Mandiant, and CrowdStrike. SANS Institute Fellow and co-author of #FOR500 and #FOR508 courses.
Thomas Roccia 🤘 @fr0gger_
35K Followers 2K Following AI Security x Threat Intel · Threat Researcher · Creator of #Unprotect & #NOVA · Malware Warlock · Python 🧡 · Prev @Microsoft @McAfee_Labs
Kostas @Kostastsale
20K Followers 383 Following I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Andrew Thompson @ImposeCost
41K Followers 2K Following Head of Global Signals Operations @Google Threat Intelligence Group via @Mandiant acquisition. Posts are attributable to me—not my employer. Former @USMC.
Kevin 🤖🕵️🍺 @KevinPagano3
4K Followers 583 Following 🕵🏼♂️ @stark4n6 🎴 Shiny cardboard collector 🍺 Resident beer drinker
Mehmet Ergene @Cyb3rMonk
14K Followers 451 Following Learn Threat Hunting, Detection Engineering, DFIR, and KQL https://t.co/uAlYlXIXot @BluRavenSec Microsoft Security MVP #ThreatHunting #DataScience
Heather Mahalik Barnh... @HeatherMahalik
23K Followers 1K Following DFIR, Faculty Fellow & author, #FOR585 #FOR500, wife, mama, researcher, USAF. Trust but validate. Thoughts are mine.
Eric Capuano - Bsky: ... @eric_capuano
11K Followers 3K Following Co-Founder @recon_infosec | SANS DFIR Instructor | IANS Faculty | https://t.co/yUXCSu2Yso | ⬡ ❤ @shortxstack
Michael Koczwara @MichalKoczwara
25K Followers 2K Following Threat Researcher/Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/VQWaze6gaF
Will @BushidoToken
38K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
ケン @kenkenshift11
1 Followers 28 Following
OneWildSoul @OneWildSoul1
18 Followers 975 Following
goutham0164 @goutham0164
2 Followers 408 Following
Leverage 12 @12Leverage
43 Followers 3K Following
Solid Tech Forensics/... @SolidTechForen
23 Followers 187 Following Digital Forensics & Data Recovery Expert | Cellebrite UFED | WhatsApp & Deleted File Recovery | Old iPhone & Android Support | Computer Village Ikeja | DM for i
vali.now @vali_now
80 Followers 312 Following Deepfake Detection, Image Integrity & Fraud Prevention
ESSFF @EliasStenh56950
0 Followers 54 Following
bing @0bing0
0 Followers 132 Following
NoxHound @HoundNox
3 Followers 149 Following
shonuff @ChiselChief
0 Followers 17 Following
Jasen Han @han_jasen66812
2 Followers 83 Following
Steve Moscarelli @SteveMoscarelli
2K Followers 6K Following #Thales / #Imperva Since’97: #CheckPoint #Qualys #Sourcefire/#Cisco #Tufin #Attivo/#SentinelOne #ISSA-Chicago. University of Wisconsin. Sigma Chi.
Riordan Maguire @RiordanMaguire
127 Followers 370 Following Seek Professionalism & Capability | Cyber Security
Map and Track @map_and_track
0 Followers 40 Following Location intelligence for investigators. Replay movements. Uncover patterns. Find the truth.
Euan @euancampbell
261 Followers 1K Following
Fernando Manzanarez @FernandoMa61306
16 Followers 3K Following
Akshat Singh @craycray1311
0 Followers 28 Following
• @Darkly_11
7 Followers 273 Following
Rahul Gill @RahulGill396379
24 Followers 2K Following
Juan Martin @jfmriva
650 Followers 751 Following Buscad la belleza. Es lo único que merece la pena en este asqueroso mundo. (Ramón Trecet)
Alex Bondoc @bondoc_alex
7 Followers 287 Following
MustafaOzisik @Mustafa_Ozisik
1 Followers 47 Following
Pluto @ThePluto_9
0 Followers 56 Following lone rebel of the cosmos - cold, distant, and deep. Outcast but powerful, I orbit on my own terms, proving size never defines significance.
David Perez @anakinswal
298 Followers 2K Following |#CC |#CTIA |#ECIH |#eCTHP|#eCIR |Intel Ops Padawan |All systems are vulnerable (People2) |PurpleTeam addict👾 |Retrato atardeceres 🌅 |Destilo gin🍸|Cultivo 🍄
unJaena @unJaena_AI
0 Followers 16 Following unJaena AI is an AI-based forensic analysis agent for investigators, malware analysts, and DFIR engineers.
ZKNOT.IO @OFamilynam66130
0 Followers 68 Following
MAk @BugBountyBeast
6 Followers 1K Following
gungorm @gungorm09
99 Followers 118 Following
Satoshi.N @Satoshi15572904
79 Followers 956 Following
S A @flafee_fluff
0 Followers 3K Following Tesla, Grok 4, and X fan. Goal: Become an X engineer. ♥️♥️ 🇮🇱 🇺🇸 ♥️♥️ Israel 💪💪
🟧⬜️🟧⬜️�... @NotTomWasHere
150 Followers 1K Following
Rohit (@[email protected]... @s4dr0t1
176 Followers 2K Following security engineer | metalhead | otaku | perpetually curious | resident @CRED_club | views are personal, not my employer's
InfoSecSherpa 🏔️ @InfoSecSherpa
52K Followers 4K Following Your Guide Up a Mountain of Information! #Librarian 📚 ➡️ #InfoSec 🤖 #Philly 💚🏡 Nil satis nisi optimum ⚽ #Toffees
Compaq75 @Compaq75118567
1 Followers 585 Following
Mendoza @Crox4N6
8 Followers 19 Following
Zlatan Mujcin @ZlatanMujcin
350 Followers 4K Following UX/UI Design, coffee & cigarets, cognac, rum, lifting heavy object above my head...
oboro @oboro1840
0 Followers 93 Following
Lysa @lysa69_lysa
3 Followers 336 Following
Brandon Carter @BCarterLAE
19 Followers 435 Following Co-founder & CTO at Sentralink | Evidence Intelligence for Law Enforcement & Financial Crime | CFE | EnCE | GCFA
Neil @neil_dfir
0 Followers 43 Following
Pablo G. 👽 @Pablitow10
20 Followers 318 Following
Manaf Mohammed @ManafMohammed01
439 Followers 318 Following Threat Detection Engineer/Incident Responder @COGNNA
ALKey @ALKey_tw
2 Followers 242 Following IT and Cyber Security Guy, trying to get things done in 1st Life. Keyboarder in 2nd Life
Florian Roth ⚡️ @cyb3rops
220K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
SANS DFIR @sansforensics
111K Followers 104 Following The world's leading Digital Forensics and Incident Response provider. This feed updates you on latest DFIR news, events, and training.
4n6lady @4n6lady
62K Followers 660 Following #DFIR & #BlueTeam | IR & Threat Detection | #OSINT enthusiast | waiting for HL3 | AWS CIRT - my views are my own
Jake Williams @MalwareJake
149K Followers 2K Following Breaker of software | VP R&D @hunterstrategy | CTI/DFIR | @ians_security faculty | Bookings: jake at malwarejake dot com | GSE #150 | He/him
Chris Sanders 🔎 �... @chrissanders88
35K Followers 487 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSM
Stephan Berger @malmoeb
29K Followers 1K Following Head of Investigations @InfoGuardAG https://t.co/A5lnFAu7eX
Dave Kennedy @HackingDave
231K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
mRr3b00t @UK_Daniel_Card
122K Followers 8K Following Department of Cyber WAR. Member of the Counter Spider Collective. Wielder of AI to defend in Cyber Space. Ralph Vibe Specialist. VibeOps Operator!
DebugPrivilege @DebugPrivilege
41K Followers 2K Following Not active anymore on X. Problem solver with a passion for troubleshooting complex issues.
Mick Douglas 🇺🇦... @bettersafetynet
32K Followers 575 Following Consultant for InfoSec Innovations | @SANSInstitute Principal Instructor | @IANS_Security Faculty | I like information security. How about you?
The DFIR Report @TheDFIRReport
67K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion
Justin Elze @HackingLZ
70K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Chad Tilbury @chadtilbury
22K Followers 599 Following Digital forensics and incident response. Ex-AFOSI, Mandiant, and CrowdStrike. SANS Institute Fellow and co-author of #FOR500 and #FOR508 courses.
Thomas Roccia 🤘 @fr0gger_
35K Followers 2K Following AI Security x Threat Intel · Threat Researcher · Creator of #Unprotect & #NOVA · Malware Warlock · Python 🧡 · Prev @Microsoft @McAfee_Labs
Kostas @Kostastsale
20K Followers 383 Following I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Andrew Thompson @ImposeCost
41K Followers 2K Following Head of Global Signals Operations @Google Threat Intelligence Group via @Mandiant acquisition. Posts are attributable to me—not my employer. Former @USMC.
Kevin 🤖🕵️🍺 @KevinPagano3
4K Followers 583 Following 🕵🏼♂️ @stark4n6 🎴 Shiny cardboard collector 🍺 Resident beer drinker
Microsoft Security Re... @msftsecresponse
144K Followers 215 Following We are the Microsoft Security Response Center. To report security vulnerabilities or abuse in Microsoft products, visit https://t.co/kxEbdfMny1.
Doug Burks @dougburks
7K Followers 579 Following Founder and CEO of Security Onion Solutions, Co-founder of BSidesAugusta. I post mostly about Security Onion, OhMyPCAP, and OhMyDebn. Believer, husband, father.
Eyal Sela @eyalsela
2K Followers 414 Following Director of Threat Intelligence at Gambit Security. Signal: eyalsela.10 , Keybase: eyals
NSW Police Force @nswpolice
228K Followers 776 Following Welcome to the official X account of the NSW Police Force. Please do not report crime here. For emergencies, contact 000 or 131 444 for non urgent matter
sapir federovsky @sapirxfed
5K Followers 196 Following Doing things @wiz_io And then doing more things at home | Failed research blog: https://t.co/j2HT1Tpscs | Trying to be more chill🧘♀️
Nariman Gharib @NarimanGharib
119K Followers 3K Following Britain-based Iranian Activist 🚦 Cyber Espionage Investigator 👁 Donate here: https://t.co/1SPuvHPOhP ❤️
Analysis Center @jpcert_ac
13K Followers 2 Following JPCERT/CC 分析センター(Analysis Center)の公式アカウントです。 分析センター内の日々の分析業務によって得られた情報や知見などを配信しています。
International Cyber D... @IntCyberDigest
165K Followers 294 Following Your weekly go-to cybersecurity newsletter, curated and commented on by our senior analysts.
Dan Taylor @DeltaTangoTwo
854 Followers 2K Following
Andy Smith @rot169
553 Followers 215 Following 🤓 Cyber security nerd 👨🏽🏫 #SEC530 instructor 📺 Part-time #infosec video creator 🔥 Full-time victim of #BuildingSafetyCrisis Ⓜ https://t.co/VrNOHsAWtV
Dark Web Informer @DarkWebInformer
215K Followers 76 Following One guy. Global cybercrime. Tracked so you don't have to. Ransomware, data breaches, dark web activity, darknet markets, IOCs & emerging threats. Stay informed!
L0Psec @L0Psec
4K Followers 2K Following reverse engineer | arm64 :) | macOS/iOS | YouTube: https://t.co/VdHNCl0Qfl
tuckner @tuckner
3K Followers 851 Following Finding bad software extensions at @SocketSecurity (acquired @secureannex). #️⃣ https://t.co/KGANHVF6BP
Brendan Chamberlain @infosecb
1K Followers 716 Following Threat Detection Engineer @ Klaviyo and creator of awesome-detection-engineering, LOOBins, Rulehound, Detection Engineering AI Maturity Framework
Red Piranha @RedPiranhaSec
892 Followers 738 Following Consolidated Security Platform. End-to-end security from a single pane of glass. #CyberSecurity #InfoSec
linkcabin @LinkCabin
3K Followers 94 Following Works in Security. Social Democracy. Change the World or Nothing. Personal Account not my employers, my own views!
Danus @danusminimus
2K Followers 519 Following Member of @CuratedIntel | Researcher at @Pillar_sec | AI Security | OSCP
DU @_DaveU_
25 Followers 77 Following
Cyber Detective💙�... @cyb_detective
61K Followers 3K Following Every day I write about #osint (Open Source Intelligence) tools and techniques. Also little bit about forensics and cybersecurity in general. Work in @netlas_io
Is Now on VT! @Now_on_VT
4K Followers 832 Following Stay ahead of cyber threats. Get real-time alerts on notable APT/FIN/ORB indicators from VirusTotal. A threat intel project by @craiu.
Austin Larsen @AustinLarsen_
2K Followers 1K Following Principal Analyst - Google Threat Intelligence Group Rapid response and investigations into significant cyber events.
Nextron Research ⚡�... @nextronresearch
3K Followers 13 Following Nextron threat research team. Signatures, rules, and analysis focused on eliminating blind spots.
Rem @sudo_Rem
831 Followers 342 Following Staff Tactical Response Analyst @HuntressLabs | @SANS_EDU Alumni | Python Security Researcher
Chris Duggan @TLP_R3D
7K Followers 3K Following Full-Time Explorer | MDS Legendary Finisher | Ultra Endurance | From Cyber Intel to the Desert | Author- The Intent Model
Justin Ibarra @br0k3ns0und
2K Followers 972 Following detection engineering | security research | agent shepherding | meta-engineering | @sentinelone, former @elastic/@elasticseclabs @endgameinc etc.
MagicSword @magicswordio
1K Followers 30 Following It Ends with Us! ⚔️Watch 📺 https://t.co/zofSxbxVDA Follow 🥷 https://t.co/kGRIGi9ayg Read 📓 https://t.co/BowPLUlcB0
Rich Greene @secgreene
212 Followers 45 Following Cybersecurity Dungeon Master | SANS Author/Instructor
Black Lotus Labs @BlackLotusLabs
3K Followers 580 Following The official Threat Research and Operations arm of @lumentechco. Providing #ThreatIntelligence to help protect our customers and keep the internet clean.
Wietze @Wietze
7K Followers 336 Following Threat Detection & Response. Views are my own, unless retweeted. Maintainer of https://t.co/000t7J0NBR & https://t.co/thv6PP5C48 Co-maintainer of https://t.co/rXIxOggXs2
Marco Lancini @lancinimarco
7K Followers 382 Following 💼 Director of Security 📬 @CloudSecList 📚 https://t.co/TrQKzxfnYg 💬 I write about security strategy, technical leadership, and cloud security.
CloudSecList @CloudSecList
2K Followers 1 Following The best way to stay on top of the cloud security landscape without having to be overwhelmed by all the noise | Curated by @lancinimarco
Julien | 🦋@julien.... @JMousqueton
2K Followers 562 Following Field CISO at @cohesity | owner of https://t.co/mcCsqeRJaO | | Lecturer at @Ecole2600 🏴☠️
Insider Threat Matrix... @ITMFramework
44 Followers 5 Following The Insider Threat Matrix™ - an open framework from @Forscie for mapping, investigating, and responding to insider threats.
Artem I. Baranov @artem_i_baranov
7K Followers 337 Following Your personal guide on cybersecurity and Tenet physics (human, not AI 👋)
Merill Fernando @merill
20K Followers 4K Following Ex-Microsoft PM | Tweets my own Built → https://t.co/QbUp63ffXf • https://t.co/8W7yvQi3jb • https://t.co/NFLDqDIY8h • https://t.co/tSWrIw8Ajh 📰 Newsletter→ https://t.co/tPzAEl0Zuq & https://t.co/894nfObWuU 🎙️ Podcast→ https://t.co/TBlNKTzn8t
Ryan Tomcik @heferyzan
1K Followers 1K Following DE/TH @GoogleCloud @Mandiant Threat Defense | Google in the streets, Mandiant in the tweets | Thruntito ergo sum
George Kurtz @George_Kurtz
105K Followers 460 Following President & CEO CrowdStrike, Former CEO of Foundstone, Former CTO of McAfee, and author of Hacking Exposed
Alex Teixeira @ateixei
3K Followers 1K Following I design and build #SIEM content for a living. Editor at https://t.co/WIrKw7X1p5 #DetectionEngineering & Research, #ML #Stats x-Splunk
cr0@Defensive-Securit... @cr0nym
3K Followers 3K Following Focus on Linux/Kubernetes Attack/Detection/Forensics/Incident Response/Threat Hunting/Active Defense. Learning hard every single day.
RooCon @RooCon_AU
400 Followers 0 Following RooCon, a free conference on cyber threat intelligence & attribution, is happening in Sydney on 5-6 November 2025.
claudiasquire @c0rdial__
10 Followers 103 Following
Threat Intelligence @threatintel
115K Followers 366 Following Symantec and Carbon Black's threat hunters bring you the latest threat intelligence from the IT security world.Trends for United States
You might like
Eric Zimmerman
@EricRZimmerman
19K Followers
Sarah Edwards 👩�...
@iamevltwin
20K Followers
Mari Degrazia
@maridegrazia
8K Followers
DFIR Training
@DFIRTraining
18K Followers
13Cubed
@13CubedDFIR
8K Followers
Heather Mahalik Barnh...
@HeatherMahalik
23K Followers
DFRWS
@DFRWS
5K Followers
Olaf Hartong
@olafhartong
17K Followers
Rob T. Lee
@robtlee
27K Followers
volatility
@volatility
23K Followers
Eric Capuano - Bsky: ...
@eric_capuano
11K Followers
Magnet Forensics
@MagnetForensics
17K Followers
Kathryn Hedley
@4enzikat0r
3K Followers
Andrew Rathbun
@bunsofwrath12
3K Followers
Matt Bromiley (🇺�...
@_bromiley
7K Followers