Olivia
Online
Jack
@malwareforme
Security researcher
Joined March 2015
926 Following
6.3K Followers
1.1K Posts
Pinned Tweet
Getting away from Twitter. You can find me on BlueSky while I rebuild followers and figure it out:
https://t.co/bAe4wKO5gU
We are looking for some interns to join our team here at Microsoft. If you are currently studying cyber security, computer science, mathematics or anything similar and based in Ireland or Cheltenham then we would love to hear from you - https://t.co/N0ECP8eiGM
People often share full Kusto queries, which is awesome, but what about those handy one liners and tips you have picked up along the way? Here are some of my favourites, share yours below!
Extend an additional column for your local time, example +5 UTC:
| extend LocalTime = TimeGenerated +5h
Find events only on weekends, cast a variable to make it easy to read:
let Saturday = time(6.00:00:00);
let Sunday = time(0.00:00:00);
AuditLogs
| where dayofweek(TimeGenerated) in (Saturday, Sunday)
Find events during certain hours of the day:
| where hourofday(TimeGenerated) !between (4 .. 23)
Calculate the minutes (or hours or days etc) between two events:
| extend ['Minutes Between Events']=datetime_diff("minute",Timestamp1,Timestamp2)
Parse the details, including browser family and version etc of a user agent:
| extend UserAgentDetail = todynamic(parse_user_agent(UserAgent, "browser"))
Decode base64 encoded strings, useful for PowerShell:
| extend DecodedCommand = base64_decode_tostring(EncodedCommand)
Rename columns while using project:
| project LogTime=TimeGenerated, SigninLocation=Location, IP=IPAddress, Agent=UserAgent
If you're a guy in your early 20s, learn regex.
Go into debt if you have to
Who to follow
Karsten Hahn
@struppigel
MalwareAnalysisForHedgehogs, Principal Malware Researcher at GDATA, he/him 🦔🌈🏳️⚧️
Xylitol
@Xylit0l
owner of https://t.co/PVTlUZSWgE and temari.fr - Security/Malware researcher, ethical carder, ex-treasurer of @Hack_Gyver and Temari fan ♥ #DIY #Electronic
Tom Hegel
@TomHegel
@LabsSentinel Research Lead, Hunting nation-state threats @SentinelOne, bending intelligence tech to shape real-world outcomes with @ValidinLLC
@SwiftOnSecurity Prisoners of Geography
excited to announce @sublime_sec has raised a $60M Series B led by @IVP
@CNBC wrote about the news this morning: https://t.co/TQuFhwhkP2
@ianthiel and I are so grateful and humbled by the trust our customers and community have placed in us. we won't let you down
Enjoy punching phish? Experience writing detections for phish, using regex, Yara, etc., and looking to grow as a researcher within an experienced team? Join me and the rest of the Splunk Attack Analyzer Misfits of Detection Science. US only, fully remote https://t.co/Crr9enas1y
The great Syrian people overthrew the Assad regime.
Syria is Free
We are free
🔊 Useful advice for the holiday dinner table
https://t.co/5NaMy2BhAT
Proofpoint has tracked this technique since August 2024, and call it “brooxml”. Our researchers do not consider this a zero-day or vulnerability in general.
We’ve released Emerging Threats and YARA signatures at the end of this thread.
The absolute worst take ever. Just don’t end up in PCRE jail and it’s fine. Regex 4ever
Microsoft’s Digital Crimes Unit has seized 240 fraudulent websites, disrupting a major “Phishing-as-a-Service” operation. These campaigns targeted sensitive industries like financial services, jeopardizing data, transactions, and even life savings. https://t.co/0wNWO09dP2
I'm told we are hiring in MSTIC: https://t.co/ltfZcQbg5n
Come for the data, stay for the data. Creative problem solvers have the most impact.
If we've worked together, I'm happy to refer you.
But...
I'll just leave this here... https://t.co/DTCblEsK7U
you can deploy verifiable coverage for this with @sublime_sec (for free), here’s the detection that’s been out for over a year (h/t @zoomequipd @ajpc500): https://t.co/DeufOQqIP3
There is also this setting in https://t.co/VTZqU7OhTu
Announcing our latest NLU model update: BERT Large Language Model (LLM), which is better at understanding tone, intent, and context than ever before.
We’ve detailed our research in our latest blog and how it’s used to combat AI-generated attacks: https://t.co/M7vAv8uFTG
We are now developing @elastic threat hunting queries, alongside our detection rules, and openly sharing these as well! 🎉🎉
Can visually explore these with https://t.co/DYH1CkmLYN! 🔥🔥
#ThreatHunting #DetectionEngineering
We're excited to announce the release of our new Public EML Analyzer: a free, unauthenticated tool for analyzing email messages.
Upload any EML and get Sublime's analysis results along with URL sandbox and attachment previews, insights, and more: https://t.co/LCU2LK988F
Microsoft has been running massive deception campaigns that flood new phishing sites with bogus credentials for bogus companies on MS tenants. When attackers log in, they deliver a torrent of fresh threat intelligence that can be used to defend: #infosec https://t.co/hFqljCGndq
Last Seen Users on Sotwe
xtar.lord
Seen from United States
月月
Seen from Vietnam
chubmen
Seen from United States
Trai Làng
Seen from Vietnam
ชอบรุ่นแม่ อยากเย็ดแม่ แม่ยาย
Seen from Thailand
Leon
Seen from Argentina
Icha.
Seen from Indonesia
سمسوره 🦋
Seen from Canada
Magdi Jacobs 
Seen from Germany
ขึ้นลงสุด
Seen from Thailand
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers