Maarten van Dantzig

@MaartenVDantzig

I do DFIR & like incident response, threat intelligence, security operations and blue team stuff

Joined January 2011
94 Photos and videos Photos and videos

Tweets

You blocked @MaartenVDantzig

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @MaartenVDantzig

  1. Retweeted
    Apr 13

    For all command line heroes out there. The Timesketch CLI tool is out. Search your forensic timelines from the comfort of your terminal or do timeline analysis from your scripts!

    2 replies . 39 retweets 82 likes
    Undo
  2. Retweeted
    Mar 25

    RIFT Blog: Mining data from Cobalt Strike beacons, by It includes the open-source release of our historical Beacon dataset (2018-2022) and Python library called dissect.cobaltstrike for dissecting and parsing Cobalt Strike related data.

    71 retweets 92 likes
    Undo
  3. Retweeted
    Feb 23

    Folks are looking to Twitter for reliable information. Thing is, there are disinformation operations at play targeting... your retweet finger. Dubious claims & content abound. Videos are especially risky. Please exercise care. Don't be an unwitting amplifier.

    19 replies . 885 retweets 2,027 likes
    Show this thread
    Show this thread
    Undo
  4. Retweeted
    Feb 17

    New: is one of the most skilled hacker groups operating. , Lea Frey and I've spent close to a year chasing down leads. We were able to identify, we think, two developers, their employers, and from there, their ties to the FSB.

    34 replies . 790 retweets 1,933 likes
    Show this thread
    Show this thread
    Undo
  5. Retweeted
    Jan 23

    Using Timesketch? ⏳🔍 This is your chance to influence the project!

    We're looking for feedback 👍👎 on Timesketch ⏳🔍, please take 3min 🕒:
    5 retweets 2 likes
    Undo
  6. Retweeted
    28 Dec 2021

    Today, we're open sourcing a log4j JAR scanner. Throw it at a filesystem, detect vulnerable JARs, and even rewrite them in place. Includes a Go API to import the JAR parsing for other applications.

    8 replies . 626 retweets 1,915 likes
    Undo
  7. 10 Nov 2021

    English version of the article:

    1 reply . 11 retweets 21 likes
    Show this thread
    Show this thread
    Undo
  8. 10 Nov 2021

    Interesting story just published in the Netherlands: was allegedly compromised by a (sloppy) US intelligence contractor in 2016, in order to target reservation details for hotels in the Middle East.

    1 reply . 18 retweets 30 likes
    Show this thread
    Show this thread
    Undo
  9. Retweeted
    3 Nov 2021

    👁️🕰️Happy to share a new blog post connecting a few pieces: + + and DFTimewolf. How to use a new VT feature that allows Enterprise customers to download EVTX for a sandbox execution of submitted samples in DFIR. 🕰️👁️

    3 replies . 38 retweets 69 likes
    Show this thread
    Show this thread
    Undo
  10. 1 Nov 2021

    Common misconceptions about Windows EventLogs (by )

    1 reply . 5 likes
    Undo
  11. 7 Oct 2021

    Security professionals: hacking is bad Also security professionals: wow look at all this internal data from this hacked company

    2 retweets 11 likes
    Undo
  12. Retweeted
    13 Aug 2021

    Sigma integration in Timesketch. Today we merged a feature to show Sigma rules in the UI. You also have the ability to search your timelines based on the generated query.

    7 replies . 69 retweets 219 likes
    Show this thread
    Show this thread
    Undo
  13. Retweeted
    13 Jul 2021

    New blogpost out on Windows containers

    2 replies . 34 retweets 42 likes
    Undo
  14. Retweeted
    9 Jun 2021

    Repeat after me: ransomware is not about perimeter security, it's about how they were able to spread internally after the perimeter breach.

    So, folx: The Colonial Pipeline attack was the result of a leaked "legacy VPN profile" username and password that had been re-used somewhere and was in published password lists. There are tools for checking exposure of these things, but they require active monitoring.
    Show this thread
    6 replies . 50 retweets 182 likes
    Show this thread
    Show this thread
    Undo
  15. Retweeted
    25 Mar 2021

    The devil is in the (network) packets. Impressive investigation.

    Ever found malware by seeing something weird in a network capture? First time for me: . This is what I have been busy doing the last few weeks. Enjoy!
    1 retweet 6 likes
    Undo
  16. Retweeted
    8 Mar 2021

    I like the part where the attackers stolen the victim's EDR and ran it on their own infrastructure, resulting in SecureWorks being able to ID them.

    9 replies . 31 retweets 206 likes
    Show this thread
    Show this thread
    Undo
  17. Retweeted
    3 Mar 2021

    [1/2] Thrilled to be presenting at 𝗧𝗶𝗺𝗲𝘀𝗸𝗲𝘁𝗰𝗵 𝗦𝘂𝗺𝗺𝗶𝘁 𝟮𝟬𝟮𝟭 on Mar 10th! 📅 ✍ Registration's open and 𝗳𝗿𝗲𝗲: If you're a 𝗗𝗙𝗜𝗥 ninja 🥷 or a complete newbie 🤓 and want to hear the latest on Timesketch ⏳🔍, or learn about

    1 reply . 13 retweets 18 likes
    Show this thread
    Show this thread
    Undo
  18. Retweeted
    22 Feb 2021

    I'm excited to share our research in which we show that a 0-Day attributed to the Chinese APT31 was actually caught by the APT and replicated from Equation Group's 0-Day exploit for the same vulnerability. Here are some of the highlights — A long thread >>

    11 replies . 235 retweets 473 likes
    Show this thread
    Show this thread
    Undo
  19. Retweeted
    4 Feb 2021

    One of my few tweets in English, but with a pretty good reason 😄. Hackchallenges, the website I made in 2019 where kids can learn about cyber security by playing CTFs is now available in English:

    5 replies . 75 retweets 207 likes
    Show this thread
    Show this thread
    Undo
  20. Retweeted
    25 Jan 2021

    New blog post from TAG with details of a North Korean campaign targeting security researchers working on vulnerability research and development. Stay safe out there everyone!

    38 replies . 1,383 retweets 2,225 likes
    Show this thread
    Show this thread
    Undo

@MaartenVDantzig hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·