Intelligence Capability Development consultant @Mandiant, studying the intersection of intelligence, risk, and business operations.
Joined November 2020
- Tweets 3,902
- Following 833
- Followers 565
- Likes 762
247 Photos and videos
Jun 13
So…anyone seen details on this?
Jun 11
On Mythos, from @MarkWarner in this morning's Senate Banking hearing: "the head of the NSA and Cyber Command came and said this tool broke into almost all of our classified systems, not in weeks, but in hours"; I had not seen that mentioned elsewhere?
1
230
Sav retweeted
Jun 5
I’m hiring a sr principal threat researcher. When big things happen on the internet, you’ll lead the threat research to hunt across our vast telemetry & write the threat briefs. Senior role w/ strong comms & collab experience.
jobs.paloaltonetworks.com/en…
6
18
50
10,327
Apr 28
Sometimes I put this on the projector and just shout “QUADBOX” at my wife until she is forced to acknowledge.
Apr 28
Today, we’re officially launching fully customizable multiview on @YouTubeTV.
Our @youtube teams made one of our most popular features even better. The new multiview builder gives you full control to mix and match live streams (including add-ons like @nfl Sunday Ticket), and build the personalized viewing experience you've been asking for.
55
Apr 27
Packers fans are everywhere
Apr 26
A 77-year-old Ukrainian grandmother fleeing the war was spotted by a drone while walking alone under fire.
They sent a UGV to rescue her.
To avoid frightening her, the ground robot was covered with a blanket bearing the message:
"Grandma, get on."
62
Sav retweeted
Apr 23
The Department of Justice, through U.S. Attorney Jeanine Ferris Pirro and Assistant Attorney General A. Tysen Duva of the Criminal Division, together with its partners, today announced a series of coordinated actions by the Scam Center Strike Force against Southeast Asian criminal organizations operating scam centers that have defrauded Americans of billions of dollars.
Read More Here: justice.gov/usao-dc/pr/scam-…
@USAttyPirro @FBI @SecretService @USTreasury @StateDept
ALT Dark image of numerous cell phones lying on tables, press release, in yellow text, April 23, 2026, in white text, Scam Center Strike Force Takes Major Actions Against Southeast Asian Scam Centers Targeting Americans, in white text, U.S. Attorney Jeanine Ferris Pirro, District of Columbia, in yellow text
43
273
919
201,291
Sav retweeted
Apr 22
Had an interview with a “crypto” recruiter. We talked for about 40 minutes, and then they asked me to look at some code.
Their first instruction was to clone the repo. I didn’t. They seemed surprised, so I told them I wanted a moment to check whether it was safe first.
I ran a quick analysis with Claude.
Turns out the code had a backdoor. It would copy my environment variables and send them to a remote server.
The recruiter went speechless and ended the call pretty quickly.
Be careful who you talk to. Scammers are real.
181
1,056
13,223
951,465
Apr 22
A special place in hell for the people indicted here.
Apr 22
Seeing western-based ransomware negotiators & incident responders deploying ransomware at victims & playing both sides of negotiation is sickening 🤮
21st century version of the 1990’s movie Backdraft
justice.gov/opa/pr/florida-m…
127
Sav retweeted
Apr 6
The @SLEUTHCON CFP closes next week. Don’t waste valuable time doing your taxes. Submit! Submit! Submit!
Mar 26
We want to hear from YOU 🫵 Got something you think would make a great talk at SLEUTHCON this year?
Full-talk speakers get a $500 honorarium, ALL speakers get the best swag!
Don't wait - submissions close April 17th at 11:59 (ET)! Learn more about our CFP and submit yours today
8
10
4,082
Apr 8
It’s nice to fantasize about a comprehensive integration into CI/CD pipelines to the point where we all get to hold hands and sip daiquiris on the beach, but you are still a river of fire and brimstone away from that level of tool and patch adoption.
Apr 8
If your response to a highly competent, but imperfect and resource sensitive, vulnerability hunting tool is to conclude this favours *defence*, you and your networks are ngmi.
One does not bug hunt their way to a defendable network. AI does not change that.
61
Apr 5
If there are any Delve customers left on @ZackKorman’s list, this should be some sort of blunt force instrument. A brand new “How cooked are we?” metric.
I'll refrain from commenting.
But if the founders would like to talk...
I've seen this show before.
1
3
764
The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at github.com/mandiant/flare-le…. Launched with:
- Malware Analysis Crash Course
- Go Reversing Reference
- Intro to TTD
6
401
1,257
65,275
Sav retweeted
Mar 31
Our blog on the Axios NPM supply chain attacks. We are attributing the incident to a suspected North Korean threat actor we track as UNC1069. That actor is financially motivated and DPRK historically leveraged supply chain attacks to target crypto. cloud.google.com/blog/topics…
1
23
62
4,690
Sav retweeted
Mar 31
We are still looking at the axios supply chain compromise, but we’ve attributed it to UNC1069, a suspected DPRK actor, who we covered in a blog this February. They are financially-motivated and historically DPRK uses these incidents to target crypto. cloud.google.com/blog/topics…
9
122
334
37,062
Sav retweeted
Mar 26
We want to hear from YOU 🫵 Got something you think would make a great talk at SLEUTHCON this year?
Full-talk speakers get a $500 honorarium, ALL speakers get the best swag!
Don't wait - submissions close April 17th at 11:59 (ET)! Learn more about our CFP and submit yours today
8
18
15,139
Sav retweeted
Mar 26
Hong Kong: On March 23, 2026, the Hong Kong government changed the implementing rules relating to the National Security Law. It is now a criminal offense to refuse to give the Hong Kong police the passwords or decryption assistance to access all personal electronic devices including cellphones and laptops. This legal change applies to everyone, including U.S. citizens, in Hong Kong, arriving or just transiting Hong Kong International Airport. In addition, the Hong Kong government also has more authority to take and keep any personal devices, as evidence, that they claim are linked to national security offenses. Read more: hk.usconsulate.gov/security-…
484
2,696
7,845
3,540,536
Sav retweeted
Mar 24
At RSAC Conference —> Google’s threat intelligence arm officially launched its anticipated disruptive cyber unit on Monday, which comes as the Trump admin seeks to create a more offensive, proactive US culture against hackers.
nextgov.com/cybersecurity/20…
6
37
126
35,237
Mar 23
Admin told me to post feet pics after dark
Mar 18
SLEUTHCON 2026 is coming! 🐍🐻🌲
Registration is open and our CFP is live!
We're back on June 5th, in-person in Arlington, VA and virtually. CFP closes April 17th tickets will sell out!
sleuthcon.com
#SLEUTHCON #SLEUTHCON2026 #Cybercrime
1
1
3
355
Mar 19
It's the most wonderful crime of the year! Here's the @SLEUTHCON CFP link to make your work to entertain/inform me: sleuthcon.com/submission-gui… .
I always hope for more talks from people with hands on interpersonal and platform fraud, which is generally under-covered. cc: @patio11
1
1
219