⚡The team killed it on this end of the year release of ESCU 5.19! I'm so grateful to work with such talented and passionate people. @nas_bench, @raven_tait, @bareiss_patrick, @hackpsy, @rodsoto, @tccontre18, Lou Stella Release: https://t.co/smqTLl7Dfx Key highlights: 🐚

More sysadmins need to know this… User logon restrictions are free. Create a GPO and call it “DC Logon Restrictions - Domain Admins Only” Configure User Rights Assignment for DA accounts to log on locally on domain controllers and deny log on locally on end-user workstations.

Never underestimate a properly caffeinated user and a little PowerShell knowledge ☕🔑😆

Your Fall Reminder to always Hunt Naked. https://t.co/Xx79eeLBCM

Lua day. Someone has to be the reminder lol

🥳 Woah! we got a new #Kubernetes Goat 🐐 scenario on @ciliumproject Tetragon for eBPF-based runtime #security monitoring, detection & enforcement 🚀 🔥Try it out yourself at https://t.co/eAYy6XFenu 🌟 Give a start if you like https://t.co/7omjqBTYLr #CNCF #Hacking #Community

Isn’t it amazing that some of the best research and tools, is literally free because of some passionate skilled people devote their time to sharing?! 🙏🙌💪

[New Blog 📚] The Fragile Balance: Assumptions, Tuning, and Telemetry Limits In Detection Engineering If you ever struggle with false positives and the idea of tuning detections. This is for you. Read More - https://t.co/3m2NfpjHqf

Picture Paints a Thousand "Codes": STRT analyzed a Quasar RAT campaign using image steganography to hide payloads inside harmless-looking images. 🔍 In our latest blog: How it works Key TTPs Detection for #Splunk & #Cisco NTDR Read: https://t.co/Dsqvzdy7A6 #int3 Demo tool:

https://t.co/hYZrJW2Nkn now tracks over 290 RMMs, with new ones being added regularly. These tools provide legitimate functionality but are frequently repurposed by attackers. Read here: https://t.co/tnUFLYLTdi If you're not using them in your setup, why allow them to run?

So I was deep in my webshell era this week 🧙‍♂️🕸️💻 and—plot twist—I totally got owned... by myself 😂 Naturally, I pulled the classic move: Did I read the source? Nope. Did I run it anyway? YOLO 🪂💥 Next thing I know, it casually goes full ninja mode and drops: cmd.exe ➡️

🚨 NEW BLOG DROP 🚨 A little late to the CitrixBleed party… But still REALLY worth your time 🧠💥 💻 CitrixBleed (CVE‑2025‑5777) 🩸 Memory exposure ➡️ token hijacking 🛡️ Detection + mitigation tips inside! 👉 Read it now: https://t.co/vwtD7A3pGJ ⸻ 🔍 What you’ll learn: •🚔

🚀 Happy to share my latest blog on @splunk: "Unlocking Endpoint Network Security Insights with Cisco Network Visibility Module (NVM) and Splunk" 🔗 Check it out here - https://t.co/q0wbQGHcb0 In this post, I walk through how Cisco Network Visibility Module (NVM) works, the

Stoked to present the research #STRT did with our Talos friends alongside @nas_bench and John Levy! And it includes a sweet demo at the end. Come say Hi :)

Come see me at RSAC! I'll be speaking about common threat actor techniques seen in AWS intrusions, and why they're terrible! It'll be a Gordon Ramsey-style critique of cloud threat actors. In addition, we'll talk about how you can attack AWS environments better!

Introducing 🚀Eventlog Compendium 🚀 A new Streamlit app, that aims to be the go-to resource for understanding and playing with Windows Event Logs. Explore it 👉 https://t.co/wKrWWyOZLm Includes the following utilities and docs ⚙️ Build your own Advanced Audit Policy based on

SQL attacks are getting stealthier. Now is your chance to stay ahead with insights from the Splunk Threat Research Team on how your database can turn against you — and how to shut it down fast: https://t.co/4JQwLXtTGl #SplunkSecurity

The new documentation for contentctl https://t.co/p79SMrUG0L by Lou Stella is awesome. It now includes a straightforward guide for beginners, along with templates to streamline the testing and validation of Splunk content using GitHub Actions. If you haven't explored this

Cool people add ASCII art to their tools, at #STRT we add a a flag that `recognize` your value threat researcher♥️! https://t.co/sDusEVKJQR thank you @SnekCharmerr for letting me run with the silly.

https://t.co/qPi4gXSUZ7 now supports Linux attack and detection rules, in addition to Windows! With 88 new Linux attacks added, this open-source solution, aligned with Sigma and Splunk rules, takes multi-platform threat detection to the next level.