@IzySec profile picture
Izy @IzySec

Learning to break, working to secure.

Joined July 2017
  • Tweets 472
  • Following 354
  • Followers 339
36 Photos and videos
Check out GoLinHound: - Discovers Linux & SSH attack paths - Outputs OpenGraph JSON for BloodHound ingestion - Integrates with SharpHound and AzureHound data to unveil cross-technology attack paths github.com/RantaSec/golinhou…

GitHub - RantaSec/golinhound: A BloodHound collector written in Go that discovers Linux and SSH...

A BloodHound collector written in Go that discovers Linux and SSH attack paths. Outputs OpenGraph JSON and integrates with existing SharpHound and AzureHound data. - RantaSec/golinhound

github.com
2
34
76
4,149
Izy retweeted
Andrew Thompson
@ImposeCost
15 Apr 2025
Catch @IzySec's recent podcast discussing Rogue Remote Desktop Protocol: open.spotify.com/episode/5AG…

Windows Remote Desktop Protocol: Remote to Rogue

The Defender's Advantage Podcast · Episode

open.spotify.com
6
7
968
Izy retweeted
Mandiant (part of Google Cloud)@Mandiant
7 Apr 2025
Signed .rdp files are being used to trick users. GTIG observed a novel #phishing campaign targeting European government and military organizations, and has attributed it to a suspected Russia-nexus #espionage actor tracked as UNC5837. Read the details: bit.ly/4jrDcFD
58
161
13,514
Izy retweeted
Steve YARA Synapse Miller@stvemillertime
7 Apr 2025
1) I didn't know .RDP config files could be signed 2) RDP RemoteApps are crazy 3) I always appreciate a Fuzzy Snuggly Duck cloud.google.com/blog/topics…

Windows Remote Desktop Protocol: Remote to Rogue | Google Cloud Blog

A novel phishing campaign by Russia-nexus espionage actors targeting European government and military organizations.

cloud.google.com
3
55
206
13,152
Izy retweeted
Steve YARA Synapse Miller@stvemillertime
7 Apr 2025
Neat blog on RDP tradecraft, includes examples, practical recommendations on hardening, detection ideas etc.
Izy@IzySec
7 Apr 2025
Having convertible detection content is great, no doubt. What I think is underrated is blueteam-focused tradecraft intel. Red teams share it all the time, we should too. A threat group recently showed creativity with a known technique. Here's how it worked cloud.google.com/blog/topics…
3
16
2,559
Izy@IzySec
7 Apr 2025
Having convertible detection content is great, no doubt. What I think is underrated is blueteam-focused tradecraft intel. Red teams share it all the time, we should too. A threat group recently showed creativity with a known technique. Here's how it worked cloud.google.com/blog/topics…

Windows Remote Desktop Protocol: Remote to Rogue | Google Cloud Blog

A novel phishing campaign by Russia-nexus espionage actors targeting European government and military organizations.

cloud.google.com
1
13
44
6,375
Izy@IzySec
24 Oct 2024
Some solid work done by the team! Give them a read :)
Jared Wilson@JWilsonSecurity
24 Oct 2024
🌶️ Active Fortinet Zero-Day Exploitation ITW 🌶️ cloud.google.com/blog/topics… #zeroday #fortinet #inthewild
1
7
1,295
Izy retweeted
ACE Responder
@ACEResponder
18 Jun 2024
Windows audit policies, the events they enable and the relative volume of events they generate #ThreatHunting #DFIR
3
191
677
96,221
Izy@IzySec
12 Jun 2024
A sister team of mine is hiring. They do hard core detection engineering. You will be analyzing things you won't see elsewhere and writing a variety of content to detect it. Super technical role alongside some great folk.
John Connor@ConnorSecurity
12 Jun 2024
I'm excited to announce that I'm hiring two Detection Engineers for the Mandiant Detection Engineering Team! Come build detections at a global scale for cutting edge threats on an amazing team. Apply here google.com/about/careers/app… #DetectionEngineering #Mandiant #Detection
10
953
Izy retweeted
SEKTOR7 Institute
@SEKTOR7net
6 Mar 2024
Wondering what telemetry an EDR collects? Wonder no more! @Kostastsale and @ateixei run an EDR Telemetry Project, covering all major EDRs: "The main goal of the EDR Telemetry project is to encourage EDR vendors to be more transparent about the telemetry they provide". Blog: detect.fyi/edr-telemetry-pro… Table: docs.google.com/spreadsheets… Github: github.com/tsale/EDR-Telemet… #redteam #blueteam #telemetry
7
213
498
51,488
Izy retweeted
eversinc33 🤍🔪⋆。˚ ⋆@eversinc33
23 Jan 2024
Small experiment today, inspired by @kaganisildak, using RCON protocol, as used by e.g. CS 1.6 as a C2 channel for the lulz
13
71
427
60,022
Izy retweeted
Riccardo@dottor_morte
7 Nov 2023
It's a bittersweet moment, but our series of "Attacking an EDR" has come to an end! Me and @Her0_IT hope that you had as much fun reading it as we had writing it. riccardoancarani.github.io/2…

Attacking an EDR - Part 3

All good things must come to an end

riccardoancarani.github.io
29
105
9,314
Izy@IzySec
6 Nov 2023
Woooo, legoooo!
This tweet is unavailable
5
17
4,354
Izy retweeted
Jared Atkinson
@jaredcatkinson
1 Nov 2023
I've just released the next edition of the On Detection series. I investigate why detection rules based on Process Creation are often brittle or easily bypassed. I also provide a framework for discerning when it is appropriate and when it isn't. posts.specterops.io/on-detec…

Part 10: Implicit Process Create

specterops.io
7
88
237
47,998
Izy retweeted
Alexandre Borges
@ale_sp_brazil
26 Apr 2023
So far I've written 559 pages to help the security community: 1. exploitreversing.com/2021/12… 2. exploitreversing.com/2022/02… 3. exploitreversing.com/2022/05… 4. exploitreversing.com/2022/05… 5. exploitreversing.com/2022/09… 6. exploitreversing.com/2022/11… 7. exploitreversing.com/2023/01… 8. exploitreversing.com/2023/04…

Malware Analysis Series (MAS) – Article 1

The first article of MAS (Malware Analysis Series) is available for reading from: (link): Soon I have enough time, so I’ll publish an HTML version of it. Have an excellent day. Alexandre Borg…

exploitreversing.com
34
392
1,247
100,639
Izy retweeted
Jared Atkinson
@jaredcatkinson
20 Oct 2023
I've just released the 9th part of my On Detection series. In this post I demonstrate that we see actions in cyberspace at the Operational level and what that means for detection engineers. posts.specterops.io/on-detec…

Part 9: Perception vs. Conception

specterops.io
1
46
126
26,623
Izy retweeted
sǝʌǝN sɐp pᴉʌɐD@david_das_neves
15 Oct 2023
Great overview table of accounts that belong to tier 0. #mustView for every Sec and AD specialist. [Repo] TierZeroTable specterops.github.io/TierZer… #CyberSecurity #Identity #SpecterOps #shiftavenue
2
94
284
71,493
Izy retweeted
aptwhatnow@aptwhatnow
10 Oct 2023
mandiant.com/resources/blog/… In March of this year we began seeing similar blending efforts that we saw DPRK do during the pandemic, then 3CX popped off giving us more insight, then Andariel’s ROCKHATCH malware popped off with fingerprints of two other APTs in it….

Assessed Cyber Structure and Alignments of North Korea in 2023 | Mandiant | Google Cloud Blog

cloud.google.com
2
33
82
12,495
Izy retweeted
Jon Hencinski
@jhencinski
21 Sep 2023
Cisco intends to acquire Splunk: newsroom.cisco.com/c/r/newsr…

Cisco Intends to Acquire Splunk

The combination of these two innovative leaders makes them well positioned to lead in security and observability in the age of AI.

newsroom.cisco.com
3
21
44
15,889
Izy retweeted
Grzegorz Tworek
@0gtweet
5 Jul 2023
I'm super excited to announce the launch of my "Mastering Windows Internals" pilot program. The goal is to share my knowledge and experiences, along with offering practical insights on using the tools I've developed and continue to update.
12
45
328
53,980
Load more