Twyner's Avatar

Twyner

@twizzle.bsky.social

Cyber Threat Intelligence at Microsoft | Former Yahoo & Secret Squirrel | Thoughts my own

173 Followers  |  38 Following  |  34 Posts  |  Joined: 03.07.2023  |  2.0327

Latest posts by twizzle.bsky.social on Bluesky

TTPs Things that Threat Actors do when they Perform a cyber attack

TTPs Things that Threat Actors do when they Perform a cyber attack

Never assume your audience knows what acronyms stand for.

13.11.2025 01:28 โ€” ๐Ÿ‘ 18    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

If youโ€™ve been laid off from a cyber threat intel position, and you want a ticket to CYBERWARCON, please reach out.

23.10.2025 13:27 โ€” ๐Ÿ‘ 25    ๐Ÿ” 23    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Well now I need to buy a ticket ๐Ÿซถ

12.10.2025 00:29 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

CFP closes this Friday, September 26th at 11:59pm EST!

If you'd like to speak at CYBERWARCON this year, get your talk submission in ASAP to be considered!

Submit your talk here >> www.cyberwarcon.com/cfp2025

#CYBERWARCON #CFP

23.09.2025 18:15 โ€” ๐Ÿ‘ 14    ๐Ÿ” 9    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1

This may be one of the sickest coins Iโ€™ve seen in a while

20.09.2025 12:59 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
a man says we 're going to keep this going on a stage ALT: a man says we 're going to keep this going on a stage
19.09.2025 19:56 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

B I G facts

26.08.2025 08:03 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

But it did use AI?

13.08.2025 04:34 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Preview
These are our favorite cyber books on hacking, espionage, crypto, surveillance, and more | TechCrunch These are our favorite cybersecurity books, both by fiction authors, as well as journalists and researchers.

We published a reading list of our favorite cyber and cyber-adjacent books.

We're keeping it relatively broad. Books about privacy and surveillance are and will be a part of this.

This is meant to be a post to be updated regularly. If you have suggestions on what we should read next, please share!

21.07.2025 14:59 โ€” ๐Ÿ‘ 57    ๐Ÿ” 24    ๐Ÿ’ฌ 5    ๐Ÿ“Œ 2

Those white papers were a golden age but reports like those also cause more clusters to pop up as actors change to avoid detections

17.07.2025 07:28 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

#what_is_sos

30.06.2025 10:24 โ€” ๐Ÿ‘ 4    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Unveiling RIFT: Enhancing Rust malware analysis through pattern matching | Microsoft Security Blog Threat actors are adopting Rust for malware development. RIFT, an open-source tool, helps reverse engineers analyze Rust malware, solving challenges in the security industry.

Today, Microsoft Threat Intelligence Center is proud to announce the release of RIFT, an open-source tool designed to assist malware analysts automate the identification of attacker-written code within Rust binaries. https://msft.it/63324SLarg

27.06.2025 18:55 โ€” ๐Ÿ‘ 9    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1

JS analysis is absolutely terrible

27.06.2025 18:01 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

Iโ€™ve been fortunate enough to go to at least one F1 race a year since 2021 but this year I wonโ€™t be going to any and Iโ€™m not sure how to feel

27.06.2025 14:01 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Fwiw - I believe all the major email providers have them but itโ€™s things like this that are making them phase it out

19.06.2025 18:38 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image Post image Post image

More CVE-2024-42009 exploitation from invoice[@]b-s-r[.]eu from May 29, 2025

Same subject and payload that CERT-PL found, but sent via TOR node instead of freemail provider

cert.pl/en/posts/202...

09.06.2025 13:10 โ€” ๐Ÿ‘ 6    ๐Ÿ” 2    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

I know AI / LLMs get a lot of flack these days but Iโ€™ve thoroughly been enjoying whipping up a quick script or summarizing 50+ pages of legalese. I guess weโ€™ll see how long it takes for me to regret those words though

27.05.2025 20:14 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage | Microsoft Security Blog Microsoft Threat Intelligence has discovered a cluster of worldwide cloud abuse activity conducted by a threat actor we track as Void Blizzard, who we assess with high confidence is Russia-affiliated and has been active since at least April 2024. Void Blizzardโ€™s cyberespionage operations tend to be highly targeted at specific organizations of interest to Russia, including in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors primarily in Europe and North America.

Microsoft has discovered a cluster of worldwide cloud abuse activity by new Russia-affiliated threat actor Void Blizzard (LAUNDRY BEAR), whose cyberespionage activity targets gov't, defense, transportation, media, NGO, and healthcare in Europe and North America. https://msft.it/63324S9Jkp

27.05.2025 09:55 โ€” ๐Ÿ‘ 32    ๐Ÿ” 23    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 5

100 days of yara really got to you huh?

27.05.2025 12:00 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Gaode Maps | Bellingcat's Online Investigation Toolkit Gaode Maps (also known as AMap) is a mapping application and technology from the Chinese company Alibaba.

China provides several map services that can be useful for open source researchers. Gaode Maps is one of them. Conveniently, it is also accessible to people based outside of China. Have a look at @bellingcat.com's Online Investigation Toolkit to learn more: bellingcat.gitbook.io/toolkit/more...

26.05.2025 16:24 โ€” ๐Ÿ‘ 48    ๐Ÿ” 13    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1

You mean โ€œby the truckloadโ€?

24.05.2025 17:12 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

The amount of medicine Iโ€™ve taken the last 24 hours to be a semi-functioning parent should be researched

24.05.2025 15:23 โ€” ๐Ÿ‘ 3    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

Maaaan what a loaded and complicated question to answer haha

22.05.2025 11:53 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Heโ€™s cooked chat

17.05.2025 17:39 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Operation RoundPress targeting high-value webmail servers ESET researchers uncover a Russia-aligned espionage operation that they named RoundPress and that targets webmail servers via XSS vulnerabilities.

#ESETresearch publishes its investigation of Operation RoundPress, which uses XSS vulnerabilities to target high-value webmail servers. We attribute the operation to Sednit with medium confidence. www.welivesecurity.com/en/eset-rese... 1/5

15.05.2025 07:36 โ€” ๐Ÿ‘ 13    ๐Ÿ” 12    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

Great stuff as always

07.05.2025 15:24 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

Not all heroes wear capes

30.04.2025 19:25 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Russie โ€“ Attribution de cyberattaques contre la France au service de renseignement militaire russe (APT28) (29.04.25) La France condamne avec la plus grande fermetรฉ le recours par le service de renseignement militaire russe (GRU) au mode opรฉratoire d'attaque APT28, (โ€ฆ)

Fascinating to see reference to GRU unit 20728 from FR relative to Russia's offensive cyber program -- as far as I'm aware, a first from a Western service?

www.diplomatie.gouv.fr/fr/dossiers-...

29.04.2025 17:16 โ€” ๐Ÿ‘ 17    ๐Ÿ” 7    ๐Ÿ’ฌ 3    ๐Ÿ“Œ 0

Getting warmerโ€ฆ

29.04.2025 17:26 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

No worries! I was hoping to hit FIRST and PivotCon this year but just wasnโ€™t in the cards

20.04.2025 07:48 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@twizzle is following 19 prominent accounts