Olivia
Online
Max Rogers
@MaxRogers5
Sr. Director of SOC at Huntress. Ex-Mandiant/FireEye. Bringing security to the Fortune 5,000,000.
Charlotte, NC
Joined January 2012
1.1K Following
3.3K Followers
1.8K Posts
Pinned Tweet
You can find me here: https://t.co/0g327V8nxU
@wbmmfq Congrats!
Found some very common adware quietly killing antivirus products. Then we found an unregistered update domain, and anyone with $10 could have pushed any payload to 25,000+ endpoints, AV already disabled.
So we registered it first.
https://t.co/WMSaym7yOu
Big thanks to @_rdowd
My team published detection content for the Notepad++ / Lotus Blossom activity - both the concrete post-compromise artifacts and more generic gup.exe updater anomaly hunting
Sigma
gup.exe anomalies
- uncommon DNS
- uncommon file drops
- suspicious child processes)
https://t.co/HXqk9RloVL
by @_swachchhanda_
YARA
- Chrysalis loader/backdoor
- related components
https://t.co/petpXSLza9
by @X__Junior
IOCs (filenames etc.)
https://t.co/8u4RwPOz9L
#NotepadPlusPlusCompromise
Who to follow
Steve YARA Synapse Miller
@stvemillertime
AI threat intelligence @google
writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
Jon Hencinski 
@jhencinski
Head of SecOps @ProphetSec
Ryan "Chaps" Chapman
@rj_chap
Threat Hunter. DFIR & Malware Analyst. @sansforensics Author (FOR528) & Instructor (FOR610). Husband & father. Retro gamer too! Comments = own.
Episode 2 of Breach Log is now available! Special thanks to Max Margolis for joining me and telling his story.
If you have a story you'd like to share, get in contact and we can have some fun.
https://t.co/xe6VD4R8pD
@fr0gger_ This^^^
The Cybersecurity Company of the Year Award 🏢 celebrates a company delivering top-tier security services and products while leading with integrity and community spirit.
The Community Winner for 2025 goes to @HuntressLabs. Congratulations!
#SANSDMA
Congrats @RussianPanda9xx for winning the Community Cyber Defender Practitioner of the Year award in the 2025 SANS Difference Makers Awards!
First award for a @HuntressLabs teammate!
#SANSDMA
We are kicking off the SANS Difference Makers Awards! It’s great to share space with so many people working to advance cyber security.
I’ll be hanging out on behalf of @HuntressLabs. I’m also thrilled to see many friends like @fr0gger_ nominated! #SANSDMA
When sharing CTI on IPs, Context is Key 🔑
- First/Last Seen (Timestamps!)
- Observables (like VPN brand / proxy network)
- Hosting Provider (ASN)
- DNS Records (relevant domains on the IP)
- Purpose and/or Type (C2, Payload Host, Proxy, etc)
🫳🎤
It’s SANS Difference Maker Eve! #SANSDMA @HuntressLabs has a few folks nominated and is also nominated for Cyber Security Company of the Year!
If you’re attending please come find me and say hello! 👋
See you tomorrow @SANSInstitute!
The 2025 SANS #HolidayHack Challenge is officially open! 🎄
Celebrate 10 yrs of festive hacking fun with fast micro-challenges, epic capstone puzzles, a new CTF-only mode, and more!
Can you uncover what’s stirring beneath the 8-bit neighborhood? ❄️
Join free → https://t.co/6AlznMaVgU
The @HuntressLabs blog has been on fire lately - tons of content and cool tradecraft around Linux, macOS & ESXi - honestly even I can’t keep up with it all and I work there and get to see all this come together 😅
Worth a bookmark:
https://t.co/lbY5EiPJUL
Super hyped to share that @HuntressLabs published a Rapid Response blog on the recent #React2Shell post-exploitations observed. We discovered and analyzed a few payloads that were named #PeerBlight, #CowTunnel and #ZinFoq. We also observed a variant of #Kaiji malware.
3 Modelo's 🍺 in and the malware started making sense. By the 4th one I was naming them like Pokémon except way more unhinged. PeerBlight, I choose you!
Thank you for your contributions @sudo_Rem, @LindseyOD123, @_JohnHammond, @bumbucha, and @aaron_deal. Couldn’t have done it without your support ❤️
https://t.co/wSh2ISchnf
⚠️ Super excited to release TWO React2Shell blogs with @xorJosh!
https://t.co/2Ld9jvRehH
https://t.co/TpXwxeP5fz
We've been hunting down TAs causing havoc, scanning and exploiting React2Shell on the internet. Especially the ones making OPSEC Ls...
One group we've tracked decided to attack a @HuntressLabs partner today. They were contained quickly and were not happy with us 😎 #React2Shell #OPSEC
Errybody screaming about React2Shell so we wanted to give ya something you haven't already heard😁
Here's a beast of a blog post on malware we've seen from post-exploitation, detailing a wild Linux backdoor and more -- all from the amazing & incredible @RussianPanda9xx & co.😎
https://t.co/zT0kaBLAgH
It’s almost 2026 and everyone is talking about React2Shell. Wondering when @HuntressLabs is dropping something on it? We are cooking. Trust me, you will want to read this one.
CVE-2025-55182 (React2Shell) pre-auth RCE is likely to have a long tail time similar to Log4Shell Log4j injection and Telerik deserialisation vulnerabilities have in the past. This is already being weaponised by threat actors with public POCs available.
https://t.co/DbrEsfTSrS
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers