M4nbat

@thetechhouseuk apply.workable.com/bridewell/

25yrs in InfoSec, 12 SANS courses, 9 GIAC certs, experience in infra, SOC, leading threat intelligence teams and 10+ job applications every day and nothing but an inbox full of rejection after rejection. wtf 😳

That's officially 100 days into 2026. I enjoyed taking part in the challenge this year. If anyone managed a full 100 days in there repo hit me up so I can add your repo to the list of participants and I may have also something for you 👀github.com/m4nbat/100_day…. #KQL #100daysofkql

Join us in Dublin Ireland on 22 May for three in-person #ThreatHunting workshops taught by great instructors. You'll learn hunting with #KQL, advanced techniques to overcome obfuscation, and attacker infrastructure hunting. Tickets: deathcon.simpletix.com

New #DEATHCon in-person event! 🗓️22 May 2026 ☘️Dublin, Ireland @ Croke Park 3 Threat Hunting workshops taught by @Wietze, Jibby Saetang, Kell Duda, and Gavin Knapp 🎟️Tickets limited to 100 max here: deathcon.simpletix.com Come for DEATHCon, stay for @BSidesDublin next day!

@BushidoToken 💯

I predict we will see more CTI vendors that purely just offer sets of APIs of useful data. The competition will shift to focus on who has the most unique and/or broadest coverage when it comes to data for CTI & TH. /🧵

🧵 One of the things I think many in the CTI industry are starting to learn is that we are no longer fixed to use UIs designed in ways that don’t make sense to you. I’ve been vibe coding HTML/JS “apps” to use APIs and build views of data the way I want them, with great results.

"It's Carrick you know, hard to believe it's not Scholes" 😁

🎥 New video: Security Detections MCP v1.4 AI-powered detection engineering workflows, grounded in real rule corpuses - not hallucinations. In this walkthrough: • Sigma + Splunk ESCU + Elastic + KQL unified search • Detection gap + coverage analysis • Built-in expert MCP prompts • MITRE ATT&CK MCP preview (Navigator layers next 👀) Repo: github.com/MHaggis/Securi… npm: npmjs.com/package/securi… Watch: youtu.be/GQX-iULXXo4

#100DaysOfKQL Days 10-31 #huntevil github.com/m4nbat/100_day…. Get involved .........

#100DaysOfKQL Day 7 - AsyncRAT ClickFix BSOD Campaign 🐭🪤🖱️🎯 github.com/m4nbat/100_day…

@RustyNoob619 @fr0gger_ @t3ft3lb @SquiblydooBlog @josh_penny 🥲

@fr0gger_ @t3ft3lb @SquiblydooBlog @josh_penny

#100DaysOfKQL 🎯Latest repos added here: #linked-repos" target="_blank" rel="nofollow noopener">github.com/m4nbat/100_day… 🛡️Latest queries: github.com/m4nbat/100_day…

yarGen-Go is out - full Go rewrite of yarGen - CLI + local web UI - generates YARA rules from malware samples - filters strings using large goodware databases - ASCII + UTF-16 string extraction - opcode extraction (PE + ELF) - detects base64, hex, reversed strings - magic header + filesize conditions - super rules across multiple samples - customizable scoring engine (SQLite, editable via UI) - optional LLM-based string selection It’s a rule-drafting assistant - it gives you a strong starting point, but you still need analyst review and refinement. Automatic YARA can only go so far. github.com/Neo23x0/yarGen…

Day 10: github.com/m4nbat/100_day… #100DAYSOFKQL #KQL #THREATHUNTING #CTI

Day 9: github.com/m4nbat/100_day… #100DAYSOFKQL #KQL #THREATHUNTING #CTI

Day 8 #100DaysOfKQL github.com/m4nbat/100_day… #kql 🔎 👾

@SecurityAura github.com/m4nbat/100_day…

I'm taking some inspiration from @SecurityAura's effort last year and I'm going to tackle creating 100 KQL queries in 100 days in 2026. REPO: github.com/m4nbat/100_day… Feel free to join in this year!!! #100daysofKQL #KQL🛡️🏹

@SecurityAura Requirements: Create GitHub repo - 100_days_of_kql Produce a 100 queries in the first 100 days of 2026. Post/ tweet on LI and X #100daysofkql @knappresearchlb Learn / Improve KQL skills and share insights The best completed challenge repo will get a 1337 challenge coin 🪙