Security Engineering Leader @Datadoghq | Advisor | Mentor. Tweets are my own & do not reflect the opinions of my employer. bsky.app/profile/gregfoss.co…
Joined February 2009
- Tweets 1,960
- Following 2,569
- Followers 4,450
- Likes 9,493
226 Photos and videos
Greg Foss retweeted
Mar 6
This is how it’s supposed to work. This is how everyone levels up while protecting more people/orgs in parallel. More vendors should seek to mimic this type of collaboration.
We’re all on the same team…unless you only look at Security as a business, but that’s another tweet :)
Mar 6
Datadog 🤝 Okta: "The enhanced logic developed by Datadog’s own Security Research team during this collaboration has been contributed back to the public Okta Security Detection Catalog, ensuring that the broader security community benefits from this joint research regardless of their tooling"
Read more here: sec.okta.com/articles/2026/0…
3
6
1,045
Greg Foss retweeted
23 Oct 2025
🛡️ Launched BinHex.Ninja Security – browser extension blocking ClickFix attacks
✅ Real-time detection
✅ Clipboard protection
✅ Privacy-first & actively developed
📥 binhex.ninja/extension.html
📧 Feedback: re.team@binhex.ninja
🙏 Thanks to all who share anonymous data
2
13
38
22,689
Greg Foss retweeted
26 Aug 2025
#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6
57
655
2,646
409,017
Greg Foss retweeted
Tickets are now on sale for our #bsidesboulder annual event on 13 June! Your ticket purchase comes with lunch and a t-shirt. We expect our @KC7cyber CTF workshop will sell out given the limited seats, so get your ticket now.
eventbrite.com/e/bsides-boul…
11
5
3,565
Excited to share that @amrandazz and I will be speaking at @fwdcloudsec in Denver on June 30th! We’ll be diving into the many lessons we’ve learned from a year of threat hunting in the cloud.
fwdcloudsec.org/conference/n…
1
145
Greg Foss retweeted
10 Mar 2025
Something I'm really proud of: I made it to the number 1 spot on the AWS Vulnerability Disclosure Program Leaderboard! I'm excited to continue helping improve AWS' security posture and help root out categories of vulnerability in AWS services/technologies!
hackerone.com/aws_vdp/thanks
2
3
42
1,526
Greg Foss retweeted
3 Mar 2025
My presentation slides "UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior" @REverseConf are available online github.com/binarly-io/Resear…
4
82
226
23,404
Today our @datadoghq Security Research and Detection Engineering team released our first threat roundup report!
Datadog has unique visibility into threat actor activity targeting cloud environments - this report highlights our key findings from Q4 2024.
securitylabs.datadoghq.com/a…
1
1
240
Greg Foss retweeted
25 Oct 2024
Long-lived, unmanaged credentials remain a risk across all cloud providers. Learn more in our 2024 State of Cloud Security study: dtdg.co/dd-state-of-cloud-se…
2
4
1,382
Greg Foss retweeted
31 Jul 2024
🤝 @datadoghq Cloud Security Management Identity Risks uses #AWSIAM Access Analyzer to further improve the detection of permissions gaps to provide right-sized policy recommendations. Learn more about this integrated solution. go.aws/3A5sbIE
ALT Image of identity risks shown in Datadog Cloud Security Management Identity Risks
4
12
2,318
Greg Foss retweeted
10 Jun 2024
🔎 A guide to threat hunting & monitoring in Snowflake
Detecting initial access, defense evasion, persistent access, credential access, data collection, exfiltration
With example queries and what to look for in the results
By @JulieASparks, @sethsec
securitylabs.datadoghq.com/a…
26
63
6,969
Greg Foss retweeted
14 May 2024
Swee Lai Lee is an extremely talented threat researcher and malware analyst from my team. Laid off after 8 years as part of the Carbon Black acquisition into Broadcom
Based in Malaysia, spoke at RSA, analysis writeups, large-scale malware tests against vendor products
Hire her!
27
43
6,440
Greg Foss retweeted
15 Apr 2024
New from Datadog Security Research! We found a vulnerability in AWS Amplify that exposed IAM roles associated with Amplify projects, making them assumable by anyone in the world! Both the Amplify CLI and Studio had this behavior.
securitylabs.datadoghq.com/a…
1
28
79
9,508
New from Datadog Security Research! Analysis of SNS enumeration across AWS led to the takedown of a phishing site that was impersonating the French government in our latest blog:
securitylabs.datadoghq.com/a…
#CloudSecurity #AWS #Smishing #Phishing
1
229
Greg Foss retweeted
29 Nov 2023
You know who won't love this video? CrowdStrike
youtube.com/watch?v=9kAq-OO7…
15
38
201
38,474
Greg Foss retweeted
I've been in intrusion detection development my entire career. Allow me to offer some advice: It's OK to shut off signatures that are causing lots of noise.
Don't spend hours tuning them. Just shut them off. You are not participating in a Mitre Eval. No need to goose results.
You don't need to spot every single attack. You don't even need to spot most of them. What you need are high-fidelity alerts. Attackers do many things after they get initial entry onto a network. By watching for too much you will miss significant problems in the noise.
Don't let security marketers gaslight you into believing that unless you have 100% attack coverage you are vulnerable. It's actually the opposite. 100% coverage will often drown you in noise and make you less effective.
10
88
530
140,579
Greg Foss retweeted
1 Nov 2023
VMW Carbon Black TAU discovered 34 unique vulnerable WDF/WDM drivers (237 file hashes), including ones made by major chip/BIOS/PC makers. By exploiting the drivers, an attacker without privilege may erase/alter firmware, and/or elevate OS privileges. blogs.vmware.com/security/20…
5
84
187
63,521
Greg Foss retweeted
23 Oct 2023
🥳 Today is the release of Arch Cloud Labs' 50th blog post!
🪲Come explore how to abuse #gdb's debuginfo feature to arbitrarily transfer #ELF files into an environment, and send a little bit of data out of one
archcloudlabs.com/projects/d…
1
6
470
Greg Foss retweeted
7 Sep 2023
🚨UPDATE APPLE DEVICES ASAP - PHONES, IPADS, COMPUTERS, WATCHES🚨
@citizenlab found an Apple exploit used in the wild that can compromise to watch/see/hear/spy thru Apple devices.
Exploit doesn't require you to click, attacker just sends it via iMessage.
citizenlab.ca/2023/09/blastp…
17
395
778
207,725