Mattison Schuch

651 posts

Mattison Schuch banner
Mattison Schuch

Mattison Schuch

@MittenSec

Cybersecurity fanatic! 💾 DFIR 👾 Malware Reversing 🔎 Threat Hunting @TheDFIRReport member

Mitten state Katılım Mart 2017
1.1K Takip Edilen550 Takipçiler
Mattison Schuch retweetledi
Rob T. Lee
Rob T. Lee@robtlee·
“I spend all day, every day, looking at folks who misuse our models and our products. I want to walk through all of you what I've been seeing on the ground and how this has changed in the past year.” - Jacob Klein, @AnthropicAI's head of threat intel at the @SANSInstitute AI Summit. And then came the heartburn line: “Almost everything I’m walking through can be used by a defender as well.” He’s right. Defenders can point AI at endpoints at scale, code at scale, vulnerabilities, and SOC signals. Every serious defender already knows the list. The hard part is the operating reality: usable data, investigations that don’t depend on manual glue work, remediation that moves fast enough, and AI you can actually trust. What makes this a tougher sell is the reliability of the tools in our hands right now and our own skill gaps. And consider: we still get to watch some of this play out in the open. That window closes as attackers move to their own private tooling and infrastructure. The only way we get ready is by starting now: working on our own skill gaps, building muscle with the tools we have, stress-testing them in real environments, forcing the workflow changes that make AI for defense operational. Work on this directly with us: Find Evil! is live. Protocol SIFT is what happens when you wire an AI agent into a forensic workstation full of trusted tools and tell it to behave. It's an early capability with real outputs, failure mode. Join our community effort to make it something defenders can deploy. 42 days to enter. An incredible 2,500+ builders and teams are in as of today. $22K in cash prizes. Sponsored by SANS Institute. findevil.devpost.com (You'll have to hear Jacob's full talk and the fireside chat with Bruce Schneier and Anne Neuberger: Are tech companies the new SOC? Check it out on the SANS Institute YouTube page.) Curious what you think. (And if you've entered in the hackathon?) #AIsecurity #cybersecurity #vulnops
English
1
10
36
7.6K
Mattison Schuch retweetledi
John Hammond
John Hammond@_JohnHammond·
hELLO the tIME HAS cOME oNCE AGAIN on my cONTENT cALENDAR for me to continue to scream and shout about oUR VIRTUAL EVENT ContinuumCon 2026 jUNE 12 - 14 continuumcon.com livestream run of show is free & public but all workshop sessions get into hands-on labs see u there ✌️
John Hammond tweet media
English
9
13
74
15.2K
Mattison Schuch retweetledi
SANS Institute
SANS Institute@SANSInstitute·
The threat landscape just changed — fast. And Jacob Klein is breaking it down live. At #AISummit, he’s showing: 🔘 How AI is helping low-skill actors bypass technical barriers 🔘 Why smaller teams are now operating at APT level 🔘 What it means when AI executes up to 90% of an attack You can still catch it Free Live Online today. Register & Join Us: sans.org/u/1CNB #AISecurity #CyberSecurity #ThreatIntelligence #CyberThreats
SANS Institute tweet media
English
0
8
22
1.8K
Mattison Schuch retweetledi
Mandiant (part of Google Cloud)
The FLARE Learning Hub is launching with three modules: - Malware Analysis Crash Course - The Go Reverse Engineering Reference - Introduction to Time Travel Debugging (TTD) 📟 Start learning: bit.ly/41x7MXs
GIF
English
3
86
309
15.6K
Mattison Schuch retweetledi
John Hammond
John Hammond@_JohnHammond·
Wild story on a big AI-powered social engineering campaign, leveraging Device Code phishing to steal Entra ID/Microsoft accounts -- all with entirely unique and personalized per-victim lures from vibecode-crafted infrastructure 🤯 Video link below cuz the X algorithm hates me: 👇
John Hammond tweet media
English
13
65
269
44.5K
Mattison Schuch retweetledi
Thomas Roccia 🤘
Thomas Roccia 🤘@fr0gger_·
🤓 Sekoia recently uncovered a new Phishing as a Service platform called EvilTokens that automates Business Email Compromise at scale! The tool use AI to: - Automate the analysis of large volumes of emails to identify exploitable financial exposure - Map payment workflows and key contacts - Automatically generate realistic BEC scenarios based on target profile - Draft emails that match writing style, context, and urgency Sekoia also contributed the Adversarial Prompts they uncovered to PromptIntel privately, so the trusted community can benefit from the intel without exposing the raw instructions. Great work @crep1x @ncaproni 👏 👉 blog.sekoia.io/eviltokens-an-…
Thomas Roccia 🤘 tweet media
English
3
18
48
10.6K
Mattison Schuch retweetledi
Rob T. Lee
Rob T. Lee@robtlee·
Registration is OPEN for Find Evil! the first hackathon for autonomous AI incident response. Built by the community, for the community. $22K+ in prizes. Mission: Make Protocol SIFT, the framework connecting AI agents to the SIFT Workstation's full toolset, into a fully autonomous incident response agent. SIFT Workstation is a beat to shreds, open-source incident response platform with 200+ tools. 19 years of community development. 60K+ downloads annually. No incident response background required. New to AI? Good. Get your hands on the tools and learn with us. Registration open April 1. Hackathon starts April 15. Submissions due June 15. Register: findevil.devpost.com Read more: robtlee73.substack.com/p/registration… Sponsored by @SANSInstitute
Rob T. Lee tweet media
English
3
49
121
24K
Mattison Schuch retweetledi
The DFIR Report
The DFIR Report@TheDFIRReport·
🎉New report out Monday 11/17 by @Friffnz, Daniel Casenove & @MittenSec! "The first instance of unauthorized access by the threat actor was a successful RDP logon to the beachhead host, a publicly exposed RDP server. The logon was performed using valid credentials, and... 1/3
The DFIR Report tweet media
English
1
6
13
3K
Mattison Schuch retweetledi
The DFIR Report
The DFIR Report@TheDFIRReport·
🎉 Announcing DFIR Labs! 🎉 Introducing our DFIR Labs based on real intrusions from our public reports and private threat briefs! Whether you're starting out or looking to deepen your skills, our labs can help. 1/2
English
1
125
484
133.1K
Mattison Schuch retweetledi
The DFIR Report
The DFIR Report@TheDFIRReport·
🚀 Exciting News Coming Soon! 🌟 🔍 We're launching an innovative platform to help boost your DFIR skills! 🙏 Thanks to our beta testers - your feedback was invaluable! ✨ Curious for a sneak peek? Head to our site to see what's coming!
English
2
19
128
27.1K
Mattison Schuch retweetledi
The DFIR Report
The DFIR Report@TheDFIRReport·
⭐️New report out Monday 10/30 by @iiamaleks, @MittenSec, & @Miixxedup!!⭐️ ✉️Initial Access began with a ZIP file delivered to a victim through email, which eventually lead to NetSupport. ➡️Want to receive an email when we publish a new report? ➡️➡️thedfirreport.com/subscribe/
The DFIR Report tweet media
English
1
32
112
19.7K
Mattison Schuch retweetledi
Stephan Berger
Stephan Berger@malmoeb·
1/ On a recent BEC investigation, I noticed the entry "Fraud reported - user is blocked for MFA" within the #Azure Audit logs from the compromised user (see screenshot below). I've never encountered this Activity, so let's dig in. 🧵
Stephan Berger tweet media
English
1
22
95
29.3K
Mattison Schuch retweetledi
Microsoft Threat Intelligence
Microsoft Threat Intelligence@MsftSecIntel·
A macOS vulnerability could allow an attacker with root access to bypass System Integrity Protection (SIP) and perform arbitrary operations on a device. Learn more about CVE-2023-32369, which we refer to as “Migraine”, and its patch in our latest blog: msft.it/6018gegrs
English
0
83
189
57.1K
Mattison Schuch retweetledi
Microsoft Threat Intelligence
Microsoft Threat Intelligence@MsftSecIntel·
Volt Typhoon, a Chinese state-sponsored actor, uses living-off-the-land (LotL) and hands-on-keyboard TTPs to evade detection and persist in an espionage campaign targeting critical infrastructure organizations in Guam and the rest of the United States. msft.it/6019gj8eH
English
13
276
525
239.4K
Mattison Schuch retweetledi
The DFIR Report
The DFIR Report@TheDFIRReport·
IcedID Macro Ends in Nokoyawa Ransomware ➡️Initial Access: IcedID XLS Macro ➡️Credentials: LSASS, Creds in Files ➡️Persistence: Scheduled Task ➡️Lateral: RDP, SMB, WMI, WinRM, Psexec ➡️C2: IcedID, Cobalt Strike, VNC ➡️Impact: Nokoyawa Ransomware thedfirreport.com/2023/05/22/ice… 1/X
English
2
134
259
66.4K
Mattison Schuch
Mattison Schuch@MittenSec·
RT @SentinelOne: 🍎 New from the front lines! The development of a Go implementation of CobaltStrike called ‘Geacon’ appears to be bringing…
English
0
3
0
11