Welch Sec

68 posts

Welch Sec banner
Welch Sec

Welch Sec

@wwwelchsec

I post honeypot data. 🍯 These are observed connections and not confirmed attackers. IPs may be compromised systems or researchers. Sharing for threat intel.

เข้าร่วม Şubat 2026
912 กำลังติดตาม22 ผู้ติดตาม
Welch Sec รีทวีตแล้ว
The DFIR Report
The DFIR Report@TheDFIRReport·
Threat Actors are "Bringing Their Own Forensics" In a recent ClickFix campaign, we saw threat actors likely related to Interlock Ransomware, running Volatility (vol.py) directly on victim machines. Commonly a tool for defenders, the TAs are using it to:
The DFIR Report tweet media
English
1
40
204
12.1K
Welch Sec รีทวีตแล้ว
Anton
Anton@Antonlovesdnb·
Day 3 of #ClaudeForBlueTeam We'll stick with the ATT&CK theme - working with the data kind of sucks on the website alone. It's static, you can't really take any notes and there's no cool graph view. Prompt Claude to make you a backlinked & tag filled Obsidian vault containing the ATT&CK data - and specifically data sources. From here, you can do some powerful stuff like look at what data sources are required for SaaS type techniques. You can also visualize detection coverage for a particular technique.
Anton tweet media
English
0
32
166
7.7K
Welch Sec รีทวีตแล้ว
Hunt.io
Hunt.io@Huntio·
💡 Threat Hunting in Splunk with Hunt's C2 Intelligence hunt.io/glossary/splun… Threat hunting in Splunk works best when logs are enriched with reliable intelligence, and using our Splunk Addon brings live C2 infrastructure and enriched IOC feeds directly into Splunk dashboards. Analysts can validate activity against curated intelligence, pivot on indicators, and run structured hunts without leaving their Splunk environment. With Splunk’s correlation engine and our high-fidelity feeds, teams can detect active attacker infrastructure faster and reduce noise in investigations. #ThreatHunting #ThreatIntelligence #CyberSecurity
Hunt.io tweet media
English
0
23
88
4.1K
Welch Sec รีทวีตแล้ว
Huntress
Huntress@HuntressLabs·
BEC isn’t new. But the way it works today is. What used to be fake invoices and phishing emails... is now full-on identity abuse inside your environment. 👇🧵
English
3
10
47
9K
Welch Sec รีทวีตแล้ว
Steven Lim
Steven Lim@0x534c·
Fresh *CLICKFIX* coffee brewing 😂 This one just showed up on my radar, defender you know what to do with it 🤭 coffeemaxusa[.]com #cybersecurity #clickfix #defender
Steven Lim tweet media
English
4
14
47
4.5K
Welch Sec รีทวีตแล้ว
Anton
Anton@Antonlovesdnb·
Day 2 of #ClaudeForBlueTeam Building visuals and presentations using ATT&CK can be a pain. Prompt Claude to build an ATT&CK MCP for you - then load this ATT&CK MCP in Claude Desktop. Now you can ask Claude to generate executive briefings for you, using rich ATT&CK data.
Anton tweet media
English
3
39
212
11K
Welch Sec รีทวีตแล้ว
Mandiant (part of Google Cloud)
Mandiant (part of Google Cloud)@Mandiant·
The ransomware landscape is shifting. While profits appear to be declining, actors are adapting their TTPs. In 2025, 77% of intrusions included data theft, 43% targeted virtualization infrastructure, and attackers pivoted to smaller orgs. Learn more: bit.ly/3PHt9T1
Mandiant (part of Google Cloud) tweet media
English
0
11
38
2.8K
Welch Sec รีทวีตแล้ว
Huntress
Huntress@HuntressLabs·
RMM abuse surged 277% last year, making up nearly a quarter of the incidents we observed. (Huntress 2026 Cyber Threat Report). Not because people don't care. Because these tools are trusted by default. Attackers noticed. And built a playbook around it. 🧵
English
1
18
55
5.7K
Welch Sec
Welch Sec@wwwelchsec·
🎉 Excited to start my WebHacking journey with @HackingHub_io! Ready to learn, grow, and hack some web apps! 💻✨
English
0
0
0
10
Welch Sec รีทวีตแล้ว
Huntress
Huntress@HuntressLabs·
A small business almost lost everything. Not to some advanced exploit... To a VPN login. Here’s how one overlooked security control nearly turned into a ransomware disaster. 🧵
English
2
15
88
12.1K

ค้นพบ

@hackinghub_io @elonmusk @BarackObama @taylorswift13 @cristiano @BillGates @NASA @nikifrancismediavine