You can find me here:

The Cybersecurity Company of the Year Award 🏢 celebrates a company delivering top-tier security services and products while leading with integrity and community spirit. The Community Winner for 2025 goes to @HuntressLabs. Congratulations! #SANSDMA

Congrats @RussianPanda9xx for winning the Community Cyber Defender Practitioner of the Year award in the 2025 SANS Difference Makers Awards! First award for a @HuntressLabs teammate! #SANSDMA

Congrats to @fr0gger_ for winning Innovation of the Year at the 2025 SANS Difference Makers Awards for his tool NOVA. An impressive tool enabling threat detection in a new AI based attack surface. #SANSDMA

We are kicking off the SANS Difference Makers Awards! It’s great to share space with so many people working to advance cyber security. I’ll be hanging out on behalf of @HuntressLabs. I’m also thrilled to see many friends like @fr0gger_ nominated! #SANSDMA

When sharing CTI on IPs, Context is Key 🔑 - First/Last Seen (Timestamps!) - Observables (like VPN brand / proxy network) - Hosting Provider (ASN) - DNS Records (relevant domains on the IP) - Purpose and/or Type (C2, Payload Host, Proxy, etc) 🫳🎤

It’s SANS Difference Maker Eve! #SANSDMA @HuntressLabs has a few folks nominated and is also nominated for Cyber Security Company of the Year! If you’re attending please come find me and say hello! 👋 See you tomorrow @SANSInstitute!

The 2025 SANS #HolidayHack Challenge is officially open! 🎄 Celebrate 10 yrs of festive hacking fun with fast micro-challenges, epic capstone puzzles, a new CTF-only mode, and more! Can you uncover what’s stirring beneath the 8-bit neighborhood? ❄️ Join free →

The @HuntressLabs blog has been on fire lately - tons of content and cool tradecraft around Linux, macOS & ESXi - honestly even I can’t keep up with it all and I work there and get to see all this come together 😅 Worth a bookmark: https://t.co/lbY5EiPJUL

Super hyped to share that @HuntressLabs published a Rapid Response blog on the recent #React2Shell post-exploitations observed. We discovered and analyzed a few payloads that were named #PeerBlight, #CowTunnel and #ZinFoq. We also observed a variant of #Kaiji malware. 3 Modelo's

⚠️ Super excited to release TWO React2Shell blogs with @xorJosh! https://t.co/eIZKQFLVBp https://t.co/ISyb5WXHOC We've been hunting down TAs causing havoc, scanning and exploiting React2Shell on the internet. Especially the ones making OPSEC Ls... One group we've tracked

Errybody screaming about React2Shell so we wanted to give ya something you haven't already heard😁 Here's a beast of a blog post on malware we've seen from post-exploitation, detailing a wild Linux backdoor and more -- all from the amazing & incredible @RussianPanda9xx & co.😎

It’s almost 2026 and everyone is talking about React2Shell. Wondering when @HuntressLabs is dropping something on it? We are cooking. Trust me, you will want to read this one.

CVE-2025-55182 (React2Shell) pre-auth RCE is likely to have a long tail time similar to Log4Shell Log4j injection and Telerik deserialisation vulnerabilities have in the past. This is already being weaponised by threat actors with public POCs available. https://t.co/DbrEsfTSrS

GUESS WHAT?! Our talk with @g0njxa is LIVE! https://t.co/dX4aL5zW9u Massive thank you to @virusbtn for having us - we had an amazing time! ❤️

My first @HuntressLabs blog is live: we break down some funky ClickFix lures that lead to a loader which uses steganography to extract shellcode and ultimately deliver LummaC2/Rhadamanyths stealers. Big thanks to @RussianPanda9xx for the help! 😇 https://t.co/6bsuwotzPC

New report by yours truly. Censys Threat Overview: Mapping Remcos C2 Activity at Internet Scale 👇👇👇

Some amateur analysis of #MacSync 👀 https://t.co/98Ee3GFpjr

Careful not to mix them up. One builds solid security tools. The other gives you a $100 gift card to talk about theirs.

We're seeing active exploitation for a recent 0-Day in WSUS which received an out of band update to it. 🔥 CC: @HuntressLabs 👇

🚨 Widespread SonicWall SSLVPN Compromises Detected Starting 10/4, and as recently as 10/10, Huntress observed a surge in SonicWall SSLVPN compromises. Threat actors are rapidly authenticating across devices—suggesting valid cred. use, not brute force.