Sam ☁️🪵

2.4K posts

Sam ☁️🪵

@Sam0x90

SOC/Intel | @SANSInstitute | @PacktAuthors https://t.co/itz9Mly1hK Love #PurpleTeaming #DE #CTI #DFIR

EMEA Katılım Ocak 2010

780 Takip Edilen1.1K Takipçiler

Sabitlenmiş Tweet

Sam ☁️🪵@Sam0x90·11 Kas

💜Adversary Simulation and Purple friends💜 I'm happy to share this simulation plan which regroups a TOP 35 @MITREattack TTPs from 22-23. Based on open source intel, it's meant to ease the onboarding of more into Purple! Have a look at the readme #CTI #TTP github.com/Sam0x90/CTI/tr…

English

103

383

74.9K

Sam ☁️🪵@Sam0x90·21 Şub

@RussianPanda9xx We got the wedding planned and all with sponsorship from eLS but you walked away 🤣💔

English

RussianPanda 🐼 🇺🇦@RussianPanda9xx·21 Şub

'Malware' lady here, I don't wear cybersecurity shirts going out, I don't look homeless, I don't talk about malware on dates, and I'm STILL single. this field is just cursed or me... 😂

vx-underground@vxunderground

I've seen nerds say, "how does the malware guy who doesnt go outside have a family and i dont?" Well, it's very shrimple. 1. I don't talk about what I do, ever. They don't understand malware and if I tried to explain it they'd be scared. 2. I don't tell anyone what I do on the internet, ever. If I told people I unironically talk to cyber terrorists and send the FBI pictures of cats they'd be scared. 3. I don't talk about computers or anything technology adjacent, ever. Computers are for nerds and normal people don't understand it. If I explained anything they'd be scared. 4. I dress normal. I wear generic middle class jeans from generic middle class stores. I wear generic shoes like Nikes. I don't wear cybersecurity shirts. All my shirts are cheap $8 shirts that are blank with no logo on it. Basically, be a normal person. Talk about dumb shit, like the weather or food, or something. Ask people about themselves (they love talking about themselves). You have to segregate internet person from IRL person. tl;dr malware is illegal and for nerds

English

249

18.4K

Sam ☁️🪵 retweetledi

Georgy Kucherin@kucher1n·3 Şub

It turned out there are many more payloads used in the Notepad++ attack! To stay undetected, its masterminds were COMPLETELY changing execution chains about every month. Here are more IPs used in the attack: 45.76.155[.]202 45.32.144[.]255 Read below for many other IoCs! [1/8]

English

236

1.2K

106K

Sam ☁️🪵 retweetledi

MoBustami@MoBustami·5 Oca

Happy New Year everyone. I wrote something sec0wn.blogspot.com/2026/01/from-n… Do I get an honorary #OSEP for analyzing their payloads? Lol. Maybe Gemini should though. H/T to GeminiPro for the assist

English

139

Sam ☁️🪵@Sam0x90·18 Ara

@chrissanders88 I like it because it shows immediately if someone works with logs everyday, you can't fake an answer. Usually good answers turn around 4688/sysmon 1, 4624, sysmon 3, I heard 1102 too.

English

523

Chris Sanders 🔎 🧠@chrissanders88·18 Ara

@Sam0x90 That's a fascinating question. What was your answer, or the best answer you've heard to this one?

English

956

Chris Sanders 🔎 🧠@chrissanders88·17 Ara

What's the best interview question you've been asked (or used) for a SOC Analyst/Forensic/Hunting/Threat Intel role?

English

105

18.8K

Sam ☁️🪵 retweetledi

Elastic Security Labs@elasticseclabs·14 Kas

#ElasticSecurityLabs uncovers #RONINGLOADER, a multi-stage loader utilizing signed drivers, PPL abuse, CI Policies, and other evasion techniques to deliver #DragonBreath's gh0st RAT variant. Check it out at ela.st/roningloader

English

242

69K

Sam ☁️🪵@Sam0x90·2 Eki

Doing "grep -iran" has never been so relevant 🙃

vx-underground@vxunderground

There is someone exposing IRGC (Islamic Revolutionary Guard Corps) stuff on GitHub. I'm not a IRGC geopolitical nerd, so I can't assess the value of the content. However, if you know what the fuck is going on, maybe you'll find it interesting: github.com/KittenBusters/…

English

105

Sam ☁️🪵@Sam0x90·20 Eyl

@banthisguy9349 Just go for it. If you think, it's not "novel", it's not trendy or someone did it already years ago, etc don't listen to those thoughts, just go for it and enjoy sharing!

English

Fox_threatintel@banthisguy9349·20 Eyl

I might create my first blog. What topics should I cover? Also if their are any leads, feel free to dm

English

3.4K

Sam ☁️🪵@Sam0x90·18 Eyl

GG @_dirkjan ! I wish to see more of this in the future: "After some testing and filtering with some fellow researchers that work on the blue side we came up with the following detection query" 👏

Dirk-jan@_dirkjan

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

English

342

Sam ☁️🪵 retweetledi

Renzon@r3nzsec·12 Eyl

We're hiring DFIR consultants (Senior & Principal) for Germany and KSA here at @Unit42_Intel Germany (must be german speaker) - jobs.smartrecruiters.com/PaloAltoNetwor… KSA (must be arabic speaker) - jobs.smartrecruiters.com/PaloAltoNetwor… Let me know if you have questions. Feel free to DM me ✌🏻#dfir

English

6.5K

Sam ☁️🪵@Sam0x90·28 Ağu

With all the fuss around #velociraptor thought I'd give a shootout to project LOST (LOL Security Tools). We started this together with @0xanalyst some time ago. Yes Velociraptor, osquery, defender, wazuh, and much more that would deserve to be documented 0xanalyst.github.io/Project-Lost/

English

521

Sam ☁️🪵@Sam0x90·4 Haz

If anyone needs to convert the DarkWebInformer json into csv here is a quick script to properly convert it: github.com/Sam0x90/QuickC…

English

Sam ☁️🪵@Sam0x90·3 Haz

@DarkWebInformer Anything could be useful. Happy to beta test if needed. Cheers

English

Dark Web Informer@DarkWebInformer·2 Haz

@Sam0x90 I have not done any more work on it since this post in april: x.com/DarkWebInforme…

Dark Web Informer@DarkWebInformer

I would say I'm already 50% there, but still weeks away.

English

108

Sam ☁️🪵@Sam0x90·2 Haz

@DarkWebInformer Live Threat Feed csv export is broken again. Any plan for API? 😃

English

117

Sam ☁️🪵@Sam0x90·2 Haz

@DarkWebInformer My bad you're right it works, but you're avoiding the real question 🙈

English

Dark Web Informer@DarkWebInformer·2 Haz

@Sam0x90 I was able to export fine.

English

Sam ☁️🪵@Sam0x90·27 May

@DarkWebInformer Looks like the last Everest victims are related to an SAP Success Factors breach

English

Dark Web Informer@DarkWebInformer·27 May

Ransomware Attack Update for the 26th of May 2025 darkwebinformer.com/ransomware-att…

English

4.3K

Sam ☁️🪵@Sam0x90·25 May

@AndreGironda @MITREattack I'm waiting for a better hardware so for now I'm limited to smaller models mistral:7b and nous-hermes2:10.7b. You need a good system prompt, some tweaking like Top K, Temperature, etc. The structure/chunking of the KB can vary the results too. It's not too bad to be honest.

English

143

Andre Gironda@AndreGironda·25 May

@Sam0x90 @MITREattack What models have you tried and how did they fare? Would you consider trying a Mistral model such as Nemo, or a very very large model such as DeepSeek R1 671b?

English

Sam ☁️🪵@Sam0x90·25 May

#CTI #LLM #RAG If anyone wants to use RAG with their LLM for the @MITREattack I've uploaded a quick script to convert json to md. Useful in your Ollama/Open WebUI setup. Chunking/embedding done auto by OpenWebUI. Then the model can refer to the KB. github.com/Sam0x90/AIstuf…

English

6.1K

Sam ☁️🪵 retweetledi

Windows Developer@windowsdev·19 May

Introducing MCP on Windows! msft.it/6016SjShg

English

313

1.9K

210.8K

Keşfet

@RussianPanda9xx @chrissanders88 @banthisguy9349 @_dirkjan @Unit42_Intel @0xanalyst @DarkWebInformer @elonmusk