Tim MalcomVetter
@malcomvetter
Followers
12K
Following
26K
Media
613
Statuses
13K
Co-Founder/CEO at ⚡️ @Wirespeed_ Prev: @NetSPI @CYDERES @FishtechGroup @Walmart Red Team @Sp4rkCon @Optiv @fishnetsecurity. PhD Dropout. BJJ 🟪⬛️⬛️🟪🟪 ⳩
🌎
Joined May 2015
[INTERACTIVE BLOG] .Did you like Choose Your Own Adventure books as a kid?.Are you fascinated by Red Team adversary tradecraft? .Would you like stories inspired from the best defenders? . Then come Choose Your Own Red Team Adventure!.
12
159
489
RT @wirespeed_: 🧠Solve this math problem:.(Live Eval) + (Win10) - (Firewall) + (Russia) =❓.@wirespeed_ isn't ASM, but . In a customer ev….
0
1
0
⚠️We find ATO users and compromised stuff on nearly all evals. This time we found a Win10 box accidentally on the internet directly. They took it offline before it was popped. Very fortunate! ☘️.
🧠Solve this math problem:.(Live Eval) + (Win10) - (Firewall) + (Russia) =❓.@wirespeed_ isn't ASM, but . In a customer eval, we triaged the prior 90 days alerts & found a Russian threat actor brute forcing a Win 10 box on the internet without a firewall. #DodgedBullet
0
1
3
1 year ago today!!!.
📆🔙 FLASHBACK! One year ago *today* ⚡wirespeed posted our "Hello World" announcement, coming out of stealth and declaring our trajectory. 🎉. 🥳 Join us in celebrating our first year this week. We've built a ton . and we're just getting started. 🙌.
1
0
5
Well, that was awkward. Thanks?.
The Feds visited a @wirespeed_ customer to tell them they were targeted in a #ransomware attack that we contained in 8 minutes . four months later! 🧵
0
0
3
Very cool story involving a phish campaign abusing @Zoom infrastructure leading to 3 different account takeovers #ATO that @wirespeed_ triaged and contained in minutes across all 3! ⚡️.
@wirespeed_ is back at it again: crushed ONE #threatactor in a 3 victim #ATO across 2 different orgs. Unsolicitted @Zoom meeting invites abusing their attachment feature. All sub-second verdicts and containments within minutes. 🧵👇
0
0
4
RT @jeremiahg: Registration for the Cyber-Security Brazilian Jiu-Jitsu Smackdown (2025) is open! Held between @BlackHatEvents and @defcon (….
0
4
0
The attacker in this story began internally phishing with the compromised credentials in a matter of a couple minutes!.
🛑We stopped this breach during a FREE TRIAL in just 14 minutes!.- account takeover.- lateral movement by phish from a mobile IP address.- manual containment (because it was a trial).- all wrapped up through 100% automated analysis. Check it out:.
0
0
3
RT @rad9800: People often ask why I pivoted away from malware. Sometimes I ask myself the same question. After all, everything I've publis….
0
49
0
Does you boss require you to only buy "AI enabled" tech?. 💡I've got your answer for how to address him, right here, in a Jeff Bezos letter from 2015.
[NEW BLOG by @malcomvetter]. 💡What did Jeff #Bezos know way back in 2015 that perfectly predicts how we should use #AI today, especially for #security decisions?. 👇Do you use AI for Type 1 Decisions? Tell us!.
0
0
1
Here's what I see:.- duplicate alerts for same event.- alerts fire 12 hours apart.- actual login timestamp doesn't match detection timestamp.- but they're the same, due to CorrelationId.- "real-time" is 9 minutes later.- without E5 licensing, "unfamiliar" is all you get (Security.
Investigating Microsoft Login Detections can be such a pain. Can you list out all the problems below?
1
10
57
RT @wirespeed_: That feeling on Monday Morning when you got paged out over the weekend for something that didn't matter. 🥱 .
0
1
0
Help me out. Why does @awscloud do this in API calls? What am I doing wrong?. KubernetesUserDetails": {. "Uid": "aws-iam-authenticator:[redacted]:[redacted]",. "Groups": {. "0": "s",. "1": "y",. "2": "s",. "3": "t",. "4": "e",.
1
0
1
RT @haroonmeer: @malcomvetter is awesome….@jeremiahg is a legend….@RSnake is a legend. Purely based on the ppl involved, you probably wan….
0
2
0
RT @jeremiahg: Every once in a while I come across a new start-up with an innovative product and founders that excite and impress me. Found….
0
3
0
BIG NEWS DAY TODAY🎉. If you haven't already, give @wirespeed_ a follow and watch what we do in the SecOps space, bringing that offense/hacker mindset to fast, automated defense at scale!⚡️.
⚡We just announced our Seed Round Investment backed by cybersecurity legends!🚀. We 💜 the alignment with our amazing investors, led by Mairs & Power VC, Grossman Ventures (@jeremiahg @RSnake) RNP Capital, Gary Fish, Deke George, & Daren Cotter.💪 .
2
3
11
RT @ShowMeConSTL: Just a few weeks out!. From attack strategy to incident response to emerging tech risks—ShowMeCon 2025 is built for InfoS….
0
1
0
Do you review every sketchy login? We do!.
This happened yesterday!. Questionable login via ExpressVPN; no metadata to know this happens all the time. We pinged the user over Teams/Email, validating the login with OOB MFA!. 💡This is how security should be. Simple. Effective. Democratized to include the affected user.
0
0
4