Coffee Lover. Nerd. Does wild stuff in network sessions. VP of Analysis @TrinityCyber
Joined October 2020
- Tweets 109
- Following 643
- Followers 323
- Likes 204
9 Photos and videos
28 Jul 2025
Excited to be presenting at @BlackHatEvents with a sponsored session talk - diving into hidden and impactful threats.
Come see for yourself!
blackhat.com/us-25/sponsored…
50
Jeremy Brown retweeted
7 Nov 2023
We cannot thank @TrinityCyber enough for providing valuable intel on CVE-2023-20198 last month. 🤝 With this information, we acted quickly and got a tag out! Grateful to be able to work together to keep our customers safe secure.
6
17
3,271
3 May 2023
Had a blast chatting with @JasonSWalls for his new podcast, Epik Mellon.
Go check it out!
Subscribe to our #podcast, Epik Mellon, on YouTube (youtube.com/@EpikMellon) and on your favorite podcast platform now! First episodes feature @twintersunh, our CTO, and @AlteredBytes from @TrinityCyber. #networks #cybersecurity #broadband #wifi #ipv6
1
3
379
25 Apr 2023
Don’t miss this hot new collab between @TrinityCyber and @GreyNoiseIO where we provide some of the latest exploits used by Mirai, including CVE-2023-1389.
Sharing Intel benefits everyone. Go check it out!
greynoise.io/blog/active-exp…
1
5
1,461
25 Apr 2023
Massive win for the team!
We’re honored to be protecting USAF internet traffic and working together for better outcomes.
25 Apr 2023
.@TrinityCyber and @ATT deliver a new #cybersecurity solution to the @usairforce. Our Secure Internet Gateway offers automated threat prevention at scale and will greatly enhance #cyber protections for all federal agencies. Learn more: hubs.la/Q01MF_JZ0
1
3
209
21 Apr 2023
PaperCut server exploits are in the wild; here’s how you detect the first stage:
HTTP GET/POST URI ending in “SetupCompleted”
AND
HTTP Response “200 OK” header “Set-Cookie: JSESSIONID=“ with a valid token.
Go hunt for this!
#ThreatHunting
1
2
267
19 Apr 2023
.@TrinityCyber is actively stopping attacks on PaperCut servers connected to the internet. Exploit details are embargoed, but involve the use of JavaScript, encoded PowerShell, RMM agents and lead to ransomware.
@BleepinComputer
bleepingcomputer.com/news/se…
4
5
2,152
Jeremy Brown retweeted
10 Apr 2023
The #100DaysofYARA crew slayed it this year: big hustles fm @greglesnewich @shellcromancer @BitsOfBinary @wxs @Qutluch @notareverser @silascutler @dan__mayer @AlteredBytes @malvidin @th3_protoCOL @tlan @jstrosch @threathog @pmelson @Vert1cal_ & more. Props y'all.
YARA rules.
1
7
20
4,235
Jeremy Brown retweeted
18 Aug 2022
Time to listen to my latest podcast with @AlteredBytes where we talk beyond the packet and some best practices for cyber security #gigamon #cybersecurity bit.ly/3c2jVxt
1
4
2 Aug 2022
I’m looking for an experienced (3-5 years ) threat hunter who’s comfortable with both network traffic and static file analysis.
You find it, you can actively take it out with @TrinityCyber tech.
This you? Shoot me a DM
2
4
25 Jun 2022
Having grown up in a state that’s got trigger laws going into effect as we speak - I’m beyond disappointed at SCOTUS ruling.
This is a brutal attack on women’s health, bodily autonomy, and a 50 year regression for America.
I’ll always support the right to choose.
5
6 Jun 2022
Who’s at @RSAConference this week?
Hit me up in a DM. I’ll show you how we can modify malware and exploits inline for the benefit of security teams.
It just hits different.
1
4
30 May 2022
Here's some quick, handy VT searches for those hunting #Follina payloads:
1. XML Payload - "tag:xml and content:{2e 68 74 6d 6c 21 22}"
2. HTML Payload - "content:{22 6d 73 2d 6d 73 64 74 3a 2f 69 64 20 50 43 57 44 69 61 67 6e 6f 73 74 69 63}"
Good luck!
1
3
30 May 2022
Remember CVE-2021-40444 and HTML entity obfuscation?
Betting that’s next for #Follina droppers in the XML content. Keep that in mind for detections.
1
10 Apr 2022
This. This is how we bring the community together. It’s pretty awesome when you feel like you’ve got nothing to add because people are crushing it at YARA. Kudos @greglesnewich
10 Apr 2022
Day 100 #100DaysofYARA we made it! Reflecting on the last 100 days, it has been fun to see participation and encouragement (yes those things are possible on Twitter)
Some highlights ⬇️🧵
1
7
31 Mar 2022
#Spring4Shell is ramping up. It’s not as ubiquitous as #log4shell but you should still act now because it’s concerning and evolving quickly. We’ve deployed prevention and will update with new/novel techniques if seen.
Breathe, hydrate, and stay focused.
4
3
24 Mar 2022
Excited to go to @shmoocon this year. Big kudos to the team for pulling it off. Let’s do this!
1
2
25 Feb 2022
Don't sleep on LNK files. They are rich in metadata, structure, and techniques. Super easy to hide in other files too. Parse, analyze, and understand how they are abused in malicious campaigns.
Make sure that your EDR <> NDR systems expose them.
/1 🧵⬇️
2
51
189
25 Feb 2022
/4 How long might the campaign have been operationally viable?
1. LNK last modified: 10/03/2021
2. First VT submission: 10/06/2021 (12/56 detections)
Likely three days, assuming file wasn't modified by the first person to find it.
1
5
25 Feb 2022
/5 Lessons from a simple file
1. Techniques over indicators
2. Expect obfuscation, design systems to remove it
3. File metadata is a forensic goldmine
4. Parse content, derive metadata, expose threats
Inspiration: nsfocusglobal.com/apt-lorec5…
Credit: @NSFOCUS_Intl
2
20