Olivia
Online
Evild3ad79
@Evild3ad79
Hanover, Germany
Joined March 2011
421 Following
1.1K Followers
4.8K Posts
IRFlow Timeline v1.0.7 is live.
This one focuses on a problem I think DFIR teams will see more often: AI assistant usage becoming part of the investigation surface.
You can now collect and normalize local AI usage history from tools like Claude Code, ChatGPT Desktop, Cursor, GitHub Copilot, OpenAI Codex, Gemini CLI, Continue, Windsurf, and Claude Desktop into a unified timeline view.
Also added AI Secret Hunt, which helps identify secrets, tokens, API keys, private keys, and credentials that may have been pasted into AI assistants during real investigations or day-to-day engineering work.
The goal is simple: make AI app activity easier to preserve, search, tag, and correlate during incident response. AI usage is becoming part of the forensic record. We need tooling that treats it that way.
Link in the comment โฌ๏ธ
#DFIR #IncidentResponse
Excited to share the first release of Aether, a memory forensics and threat hunting tool I've been building! written in Zig โก
heck out the full write-up on the internals and approach here:
https://t.co/mOu9ZU2fUD
Who to follow
Yamato Security Tools
@SecurityYamato
Tweeting about the latest tool updates from Yamato Security Tools.
ๅคงๅใปใญใฅใชใใฃใใผใซใซใคใใฆใฎๆ
ๅ ฑ๏ฟฝ๏ฟฝ้
ไฟกใใใขใซใฆใณใใงใใ
https://t.co/PiLgt4IOvV
13Cubed 
@13CubedDFIR
The official account for 13Cubed. Follow @davisrichardg for my personal account.
Ali Hadi | B!n@ry
@binaryz0ne
DFIR and Adversary Simulation
| All posts reflect the views and interests of the person behind this account only |
@_xDeJesus Based on the research by https://t.co/WBMMUlz8Zq
@_xDeJesus https://t.co/m6q9opyJz2
@_xDeJesus Another nice thing in UAL: UserAuthenticationMethod Bitfield Mapping
https://t.co/9wJQO2QHBP
Just shipped IRFlow Timeline v1.0.6. Spent the Eid holidays finalizing a few new features Iโve been dying to get into the tool since the last release.
What's new:
Sigma Detection
Run Sigma rules directly on raw EVTX folders using the bundled Hayabusa engine (thank you @yamatosecurity) or on imported timelines and EvtxECmd output via an in-app JS engine.
RDP Bitmap Cache Recovery
Extract and reconstruct bitmap tiles from Windows bcache*.bmc / cache????.bin artifacts. Useful for recovering screenshots of what a threat actor actually saw during an RDP session.
150+ Module Refactor
The app was previously a monolithic ~20,000-line codebase (a single App.jsx + parser.js). It's now decomposed into ~150 focused modules across the renderer and main process. Built for scale.
Give it a try and let me know what you think. Always open to feedback from the field. These features were built to test the latest Claude 4.8 with ultracode -xhigh + workflows, backed by Codex 5.5 + Cursor composer 2.5 side by side for lightweight tasks such as updating docs.
We just released Hibernation Recon v1.2.3.96 with some awesome updates - Windows 24H2 & 25H2 support, new decompression algorithms, now runs on Windows on Arm & Linux, etc. How do you analyze Windows hibernation? https://t.co/w8v2JqX7rn #DFIR
PowerShell DFIR 2026: from MemProcFS-Analyzer to KAPE-style mini-timeline
https://t.co/zO9IT9NkpP
The second part in our Kubernetes Incident Response series is live on Google Kubernetes Engine (GKE).
https://t.co/4GFYCxYmWg
๐น Standard vs. Autopilot Forensics: Why choosing Autopilot means you lose node-level access and how to adjust your IR plan accordingly.
๐น The Logging Gap: Admin Activity logs are on by default, but Data Access logs (the ones that show secret enumeration and unauthorized execs) are not. If you don't enable them now, that evidence is gone forever.
๐น Containment without Contamination: How to use NetworkPolicies to quarantine a compromised pod without tipping off the attacker or destroying volatile evidence.
๐น Querying Cloud Logging: Practical examples of how to hunt for kubectl exec abuse within GCP.
#stayInvictus #CloudIncidentResponse #k8s
The first part of our incident response in Kubernetes (K8s) blog series is now live!
Incident Response in Kubernetes (EKS) ๐๏ธ
https://t.co/1eOGCcXRw1
#stayInvictus #CloudIncidentResponse #EKS #KubernetesForensics
In my latest blog "Now You See Me: AADGraphActivityLogs" I explore the newly released Azure AD Graph logs and demonstrate how you can detect tools like ROADtools and AADinternals that rely on this API and have been under the radar for defender so far.
https://t.co/TXlkbsqKHa
Weโve received quite a few messages over the past few days about Get-UAL being broken. It turns out Microsoft made an update that impacted the script, but this has now been fixed in our latest release.
๐๐ฑ๐ฅ๐ข๐ต๐ฆ-๐๐ฐ๐ฅ๐ถ๐ญ๐ฆ -๐๐ข๐ฎ๐ฆ ๐๐ช๐ค๐ณ๐ฐ๐ด๐ฐ๐ง๐ต-๐๐น๐ต๐ณ๐ข๐ค๐ต๐ฐ๐ณ-๐๐ถ๐ช๐ต๐ฆ
While we were at it, we also added some additional features and improvements. Check out the release notes for all the details.
https://t.co/qYovWFuasM
#stayInvictus #CloudIncidentResponse #MicrosoftExtractorSuite
๐๐๐๐๐ซ๐๐ฉ๐ก๐๐๐ญ๐ข๐ฏ๐ข๐ญ๐ฒ๐๐จ๐ ๐ฌ: ๐๐จ๐ฐ ๐ญ๐จ ๐๐๐ญ๐๐๐ญ ๐๐๐ ๐๐๐ฒ ๐๐ณ๐ฎ๐ซ๐ ๐๐ ๐๐ซ๐๐ฉ๐ก ๐๐ญ๐ญ๐๐๐ค๐ฌ
Today is a great day for Blue Teamers in the Microsoft Cloud!
There are finally logs streaming into the #aadgraphactivitylogs table. If you want to know what's inside the logs and how to detect some #RoadRecon check out our write-up ๐
https://t.co/ttwOWo2i06
#stayInvictus #CloudIncidentResponse
New tool released: #FlowCarp
๐๏ธIdentifies protocols without port numbers
๐จ Build protocol detection from example traffic
โก๏ธ Input: PCAP or PcapNG
โฌ
๏ธ Output: Flows and/or Alerts
https://t.co/3sqnfOpN4a
Launching https://t.co/Z3gUh4OCOA
Look up any OAuth app ID and find out what it actually is across thousands of legitimate, risky, and malicious apps (Entra, Google, GitHub).
Multiple feeds, API, detection ideas and remediation guidance. Still improving the detections a bit ๐ฆพ
Last Seen Users on Sotwe
pecinta pantat ibu stw
Seen from Indonesia
binh
Seen from Singapore
curvy girls
Seen from South Africa
Zak Wolf (a.k.a. Sam Valentino)
Seen from Australia
Bli Uncut Balinese
Seen from Indonesia
v
Seen from Singapore
Mistress Nga Rachel ๐โ๏ธ๐ป๐ณ/ Mistress Vietnam
Seen from Vietnam
๐ฉ๐งุงูุดูููููุงุชู ุงููุงุนู
ู ๐ซ๐ฉ
Seen from Pakistan
cizre
Seen from Turkey
Osman
Seen from Algeria
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.6M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.4M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.2M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.6M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
Neymar Jr
@neymarjr
62.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers