5ck @5ck - Twitter Profile

6 months ago

@budget your FLL location is out of cars, even for customers that have existing reservations. People waiting for hours for cars to be returned. This is unacceptable!

0

71

5ck retweeted

6 months ago

.@Volexity #threatintel tracks a wide variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials. And these techniques continue to see success due to creative social engineering. [1/2]

Volexity's tweet photo. .@Volexity #threatintel tracks a wide variety of threat actors abusing Device Code & OAuth authentication workflows to phish credentials. And these techniques continue to see success due to creative social engineering. [1/2] https://t.co/bves7i6CDA

1

16

10

5

4K

5ck retweeted

#BSidesNYC @BSidesNYC

8 months ago

Detecting and Preventing Obfuscated Script Execution with Tree-sitter, presented by David McDonald, Software Engineer at Volexity. This talk shows how tree-sitter can detect and block obfuscated scripts, strengthening defenses against AMSI bypasses and malware attacks. #BSidesNYC

BSidesNYC's tweet photo. Detecting and Preventing Obfuscated Script Execution with Tree-sitter, presented by David McDonald, Software Engineer at Volexity.
This talk shows how tree-sitter can detect and block obfuscated scripts, strengthening defenses against AMSI bypasses and malware attacks. #BSidesNYC https://t.co/9dCjjn1Wiu

0

16

4

3K

Who to follow

A security firm providing Incident Response, Proactive Threat Assessments, Trusted Advisory, and Threat Intelligence

Michael Ligh (MHL)

@iMHLv2

CTO @Volexity. Malware Analyst's Cookbook. Art of Memory Forensics. The @Volatility Project. Thoughts are those of my employer, not mine, they made me say it.

Steven Adair

@stevenadair

President @Volexity | Malware Analyst's Cookbook | https://t.co/K1nPkanWYC

5ck retweeted

8 months ago

APT meets GPT: @Volexity #threatintel is tracking #UTA0388's spear phishing campaigns against targets in North America, Europe & Asia, that appear to use LLMs to assist the #threatactor’s ops. Letting #AI run your espionage operations? What could go wrong? [1/2]

Volexity's tweet photo. APT meets GPT: @Volexity #threatintel is tracking #UTA0388's spear phishing campaigns against targets in North America, Europe & Asia, that appear to use LLMs to assist the #threatactor’s ops. Letting #AI run your espionage operations? What could go wrong? [1/2] https://t.co/JKZaTvhr9V

1

68

24

20K

5ck retweeted

9 months ago

#FTSCon Speaker Spotlight: Andrew Case (@attrc) is presenting “Detection and Analysis of Memory-Only Linux Rootkits” in the MAKER track. See the full list of speakers + event info, including how to register, here: https://t.co/NZA6bSWN8i

volatility's tweet photo. #FTSCon Speaker Spotlight: Andrew Case (@attrc) is presenting “Detection and Analysis of Memory-Only Linux Rootkits” in the MAKER track.

See the full list of speakers + event info, including how to register, here: https://t.co/NZA6bSWN8i https://t.co/cMFSeQ62lP

0

9

7

3

2K

9 months ago

#FTSCon 2025 is just a little over a month away. There are some really amazing talks lined up this year. Don't miss out on one of the best events focused on #DFIR. Hear from researchers that build tools and analysts that work on some of the most advanced IR investigations!

9 months ago

We are counting down to #FTSCon 2025! We have a slate of great speakers — you don't want to miss this event! If you haven't registered yet, register here: https://t.co/6mD0PoxraS. See the event page for details: https://t.co/NZA6bSWN8i Stay tuned for speaker spotlights!

0

2

4

1

5K

0

3

0

1K

5ck retweeted

11 months ago

@joegrand This training is hosted by @Volatility in conjunction with From The Source (#FTSCon). Course registration includes a complimentary ticket to FTSCon on Monday, Oct 20, 2025. For more details about FTSCon, visit the event page: https://t.co/NZA6bSWN8i.

0

2

3

0

791

5ck retweeted

tlansec @tlansec

11 months ago

@Volexity is looking to grow our Threat Intelligence team. New job posting for Senior Analyst role is up here: https://t.co/e1bsbMkV1L... If you have any questions, don't hesitate to ask.

0

16

12

2

1K

12 months ago

Nice work, lots of good info in this blog by @_xDeJesus!

Terrance DeJesus

@_xDeJesus

12 months ago

Did a write-up on OAuth phishing (offense and defense). It's based on phishing campaign's reported by @Volexity earlier this year. - What are OAuth phishing links; what is the workflows behind them - How to emulate (examples) and use ROADtools for further compromise - Approaches to writing detections and key telemetry I do believe we are likely to see more of these campaigns over time - I hope this blog serves y'all well. Happy hunting folks! #azure #cloudsecurity #phishing https://t.co/EmLdJQyQxD

0

55

18

16

4K

1

3

0

202

5ck retweeted

about 1 year ago

We are excited to announce FTSCon 2025 on October 20, 2025, in Arlington VA! Registration is now OPEN + we have a Call for Speakers. Following FTSCon will be a 4-day Malware & Memory Forensics Training course with Volatility 3. See the full details here: https://t.co/ygqxNhZyW2

0

12

11

3

11K

about 1 year ago

New research from the team: Involves clever m365 OAuth tricks + phishing via Signal and WhatsApp to compromise accounts. #dfir #threatintel

about 1 year ago

.@Volexity #threatintel: Multiple Russian threat actors are using Signal, WhatsApp & a compromised Ukrainian gov email address to impersonate EU officials. These phishing attacks abuse 1st-party Microsoft Entra apps + OAuth to compromise targets. https://t.co/31cinaoDfB #dfir

1

196

61

121

133K

0

4

2

3

1K

5ck retweeted

about 1 year ago

.@Volexity #threatintel: Multiple Russian threat actors are using Signal, WhatsApp & a compromised Ukrainian gov email address to impersonate EU officials. These phishing attacks abuse 1st-party Microsoft Entra apps + OAuth to compromise targets. https://t.co/31cinaoDfB #dfir

1

196

61

121

133K

5ck retweeted

about 1 year ago

Today, @Volexity released GoResolver, open-source tooling to assist reverse engineers with obfuscated Golang samples. @r00tbsd & Killian Raimbaud presented details at INCYBER Forum earlier today. Learn how GoResolver works + where to download it: https://t.co/dZ4hNUBK1I #dfir

Volexity's tweet photo. Today, @Volexity released GoResolver, open-source tooling to assist reverse engineers with obfuscated Golang samples. @r00tbsd & Killian Raimbaud presented details at INCYBER Forum earlier today. Learn how GoResolver works + where to download it: https://t.co/dZ4hNUBK1I
#dfir https://t.co/g7DF799wEX

1

116

49

30

10K

5ck retweeted

over 1 year ago

.@Volexity regularly assists customers in combatting advanced threat actors & we enjoy being able to assist our partners as well, including LE & federal agencies like US DOJ, as we work together to combat these advanced cyber threats. https://t.co/v52zQhwqKk #dfir #threatintel

0

21

3

1

3K

over 1 year ago

One of the main takeaways -- block device code authentication flow via conditional access 2/2 #Microsoft365 #DFIR #ThreatIntel

0

6

5

3

1K

over 1 year ago

Check out the new blog: Russian APT adopts a well-known technique of m365 device code phishing. When combined with clever lures this technique proved to be extremely successful. 1/2

over 1 year ago

.@Volexity recently identified multiple Russian threat actors targeting users via #socialengineering + #spearphishing campaigns with Microsoft 365 Device Code authentication (a well-known technique) with alarming success: https://t.co/LLXhY0FJRi #dfir #threatintel #m365security

1

98

51

27

31K

1

9

5

3

2K

5ck retweeted

over 1 year ago

It’s great to see @NCSC drawing attention to the ongoing issues with network devices & appliances. Hopefully, vendors will heed the volatile data collection guidance: “Volatile data logging should support collection of… memory both at a kernel and individual process level.” 1/2

1

11

5

0

1K

5ck retweeted