0xPrashanthSec

👋 Hey Twitter, I’m Prashanth — SOC Lead, threat hunter & automation nerd. I build tools to: ⚙️ Convert Sigma rules to SIEM queries (Elastic, Sentinel) 🧠 Enrich IOCs from threat intel blogs 📅 Automate daily planning with GitHub Actions + Telegram 🔗 Explore my GitHub: github.com/0xPrashanthSec/ 💬 DM me if you want to collaborate or geek out on detection engineering.

@ZackKorman Using a service account for interactive sign-ins

So who in cybersecurity do I debate next? Who has bad opinions?

I just published BlueKit: The Phishing Kit That Makes MFA Irrelevant medium.com/p/bluekit-the-…

@AlteredSecurity This is really good; Thanks for sharing!

An Early Preview of Hacker Summer 2026 As we count down to Hacker Summer, we're sharing the first piece of Red Team research from the series, our latest deep dive into Global ARM API abuse and cross-tenant Azure attacks. Explore the blog: alteredsecurity.com/post/global-ar… This is just the beginning. More research, webinars, giveaways, and exclusive opportunities arrive throughout July. #HackerSummer2026 #AzureSecurity #RedTeaming #CloudSecurity #AlteredSecurity

I just published ClickFix + VLC DLL Sideloading: How Attackers Are Hiding RATs Inside a Signed Video Player medium.com/p/clickfix-vlc…

I just published Inside the Panic: Why CVE-2026–0257 is a Real Wake-Up Call for VPN Security medium.com/p/inside-the-p…

@syntaxish nah~

Is Claude working for yall?

I just published Hunting ADCS Attack Paths: Detecting ESC1–ESC6 Privilege Escalation in Active Directory medium.com/p/hunting-adcs…

@rucam365 Curious - what remediations are in place to deal with this?

Who else is seeing an increase in Azure CLI targeted Entra password sprays, among other things?

@SBousseaden @_devonkerr_ Nice..!

it works! detection coverage for RoguePlanet - LPE via Windows Defender vulnerability github.com/MSNightmare/Ro…

Hot take: silence after a breach isn’t caution — it’s a liability calculation. Dashlane hasn’t explained how 2FA was bypassed. Hasn’t directly contacted affected users. For a password manager, that standard isn’t acceptable. #CyberSecurity #InfoSec #Breach

Dashlane: ~20 encrypted vaults stolen after attackers bypassed 2FA. No explanation of how 2FA fell. No ransom info. No direct comms to affected users. “Systems weren’t compromised” + stolen vaults = pick one. #CyberSecurity #InfoSec #Breach #PasswordSecurity

This is fun: "nano is a lightweight SIEM in Rust on ClickHouse, with a piped query language, a real detection lifecycle, and AI that does actual investigation work." blog.nano.rs/posts/introduc…

@FreyaQueeni Humans!!

Delete one animal from Earth ...!!

Day 1 - Threat Flow: Elastic SIEM Agentic AI What we built Threat Flow - an agentic AI system that automates SOC alert triage end-to-end using Claude AI and Elastic SIEM. Core pipeline (Python MCP server) alert_parser.py - parses any raw SOC alert (JSON, plain text, email) using Claude + regex backstop; extracts IPs, hostnames, users, file hashes, domains, MITRE ATT&CK techniques, severity elastic_client.py - async Elasticsearch client; queries across all relevant log sources in parallel log_correlator.py - cross-references IOCs across multiple log sources, generates AI threat narratives per finding, risk-scores each IOC (hash: 90, IP: 70, domain: 65, user: 50, hostname: 40) report_generator.py - synthesizes a full incident report: executive summary, attack timeline, affected assets, recommended actions, verdict (TRUE POSITIVE / FALSE POSITIVE / UNDER INVESTIGATION / BENIGN POSITIVE) mcp_server.py - exposes all 5 tools over MCP stdio transport for Claude Desktop / Claude Code integration #threat_flow

I spent the last weeks building LLM benchmarks for a very specific reason: We want to use AI in RuneAI to help with THOR finding triage, and I needed a better baseline for model selection than generic LLM leaderboards. Security-event triage is its own thing. A model can be great at coding, reasoning or vulnerability writeups and still be a bad fit for deciding whether a messy endpoint finding should be suppressed, reviewed or escalated. In real deployments this will likely happen inside agentic workflows with tools, memory, context handling and feedback loops. But before testing the whole system, I wanted a clean baseline: How does the model behave when it only gets the enriched finding itself? Blog post with the reasoning and methodology: @cyb3rops/why-i-built-my-own-llm-benchmark-for-thor-finding-triage-c8492e3997dc" target="_blank" rel="nofollow noopener">medium.com/@cyb3rops/why-… Interactive benchmark results: nextron-labs.github.io/thor-ai-benchm… Repo: github.com/Nextron-Labs/t… Maybe useful for others building SOC / security-event triage benchmarks.

@odiesec yes! We do see these attacks now targeting MacOS as well.

Just a regular reminder that ClickFix is still out in the wild. I hit this popup while browsing the other day. The page tried to turn a fake verification step into command execution: open Run, paste from clipboard, press Enter. Simple technique, but still effective because it relies on the user doing the dangerous part manually.

An 18-year-old just did what billion-dollar water companies couldn't. Meet Mia Heller. A high school junior from Warrenton, Virginia who built a water filter in her garage that strips out 95.5% of microplastics from drinking water. That's better than most government treatment plants, which sit somewhere between 70% and 90%. Her secret weapon? Ferrofluid. A magnetized liquid made of oil and powder that latches onto microplastic particles. Then a magnet yanks them out. No membranes. No constant filter replacements. No endless maintenance bills. The ferrofluid even gets recycled, around 87% of it, in a closed loop. The spark for all of this wasn't a classroom project. It was a local newspaper article warning that her town's tap water was loaded with PFAS and microplastics, and that nobody was coming to fix it. So she watched her mom swap out filter after filter and thought, there has to be a smarter way. She built the prototype herself. Tested it with a homemade turbidity sensor. Then walked into the Regeneron International Science and Engineering Fair and walked out with a special award from the Patent and Trademark Office Society. Up against nearly 1,700 students from 62 countries. She's now eyeing a household version that sits under your kitchen sink. The future of clean water might not come from a lab in Silicon Valley. It might come from a teenager's garage in Virginia. Source: Smithsonian Magazine

Microsoft silently patched a privilege escalation flaw in Azure Backup for AKS. Researcher reported it. CERT/CC independently validated it (VU#284781). Microsoft then contacted MITRE: don't assign a CVE. No advisory. No exposure window. Defenders flying blind. #Azure #CloudSecurity #CVE #InfoSec #SOC