Yonathan KlijnsmaVerified account

@ydklijnsma

Head of Threat Research at . Trying to solve every puzzle I run into. PGP 0x7e6d96d628493171

Colorado, USA
Joined March 2010

Tweets

You blocked @ydklijnsma

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @ydklijnsma

  1. Pinned Tweet

    I'm always open for collaboration, I like our datasets used not gathering dust. We collect pDNS, masscan ipv4, crawl >2B pages a day, we index all aspects of this and it can be queried historical and is relational. Feel free to reach out via DM or email, always excited to hunt!

    Undo
  2. Using as a lure for Ursnif. That’s gotta trip up some people for sure.

    Undo
  3. As I’m still in recovery from my battle with cancer I will not be attending this year. Working to be good for joining Blackhat/DEFCON! However my awesome colleagues are at . Come talk with them about our data and platforms 🙃. You can find them at booth #4429.

    Undo
  4. Retweeted
    Jan 30

    Online sales spiked an incredible 13% this holiday season. Find out how attackers got in on the action in our 2019 Holiday Shopping Season Threat Review, a post-mortem of threats and vulnerabilities

    Undo
  5. Undo
  6. Here’s another one from our fury friends in apartment 28: atasuitsec[.]com => 88.80.148.38 SOA: you@can-get-no[.]info 🙃

    Undo
  7. I think wants me to switch to mobile, not sure though.

    Undo
  8. With only that latest one still live expect at least 1 more to pop up this month. 👋🏻

    Show this thread
    Undo
  9. Because some people asked, here’s APT28 infra from October till now. They setup around 2-3 C2s a month. 184.95.51.172 2020-01 😈 78.142.19.114 2019-12 💀 80.255.3.116 2019-12 💀 193.70.80.214 2019-11 💀 185.141.63.103 2019-11 💀 109.169.15.73 2019-10 💀 178.32.251.98 2019-10 💀

    Show this thread
    Undo
  10. Here’s the first (new) 2020 IP from our Russian friends in apartment 28: 184.95.51.172 Using an older known domain but the first server we saw being setup in 2020, around January 13th to be exact.

    Undo
  11. Person: “I need to get my debt paid off...” America: “Wanna give debt the boot in 2020?!” Person: “YES!” America: “Get more debt” 🤔

    Undo
  12. Now you can see why we named it Magecart 🙃 it’s where it started in 2014. A group normally skimming data through Mage.php when a cart checkout is done, started pioneering a client-side JS skimmer. The rest of the story can be read in our 2018 report:

    Undo
  13. Recovery from cancer radiation therapy is absolute hell. To those who made it through this already I envy you, you are amazingly strong.

    Undo
  14. Apparently I no longer run honeypots, since Friday they’re just all Citrix ADCs according to the internet.

    Undo
  15. Not an endorsement but ’s cloud platform is the most well worked out managed panel I’ve worked with in years. Simple and intuitive and easy to do maintenance. My only request would be some kind of visualIzation of all the infrastructure, its firewall, setup etc.

    Undo
  16. Radiation therapy for the cancer treatment is making me loose part of my beard. However, up till now I’ve lost hair right up to the cutoff I normally shave. If that’s stays that’s pretty handy. ☝🏻 I don’t recommend this as a way to maintain beards though, kinda invasive.🧐

    Undo
  17. I don't go to non-chain restaurants because I'm a hipster, I just lower the odds of getting skimmed via some Windows based terminal. Most non-chain places I go to have the embedded iOS based or Android terminals tablets. 🤷‍♂️

    Undo
  18. Retweeted
    18 Dec 2019
    Show this thread
    Undo
  19. Retweeted
    16 Dec 2019

    enhances other threats, surges, and who skimp on attribution don't survive. From the minds of RiskIQ experts, this is 2020:

    Undo
  20. Here’s a terrible diagram of what I mean. I can find the exact spot it starts failing for the middle section and the spot it works again for the top in terms of the continuous wire. How does this middle section spike and burn bulbs but not the top? I’m a wiring/electricity nub.

    Show this thread
    Undo
  21. Dumb electrical wiring question: - Christmas tree has three sections wired in series - Bottom section all bulbs works - Top section all bulbs work - Middle section passes a current from bottom to top but all bulbs instantly burn out there How does this work, how do I fix this 🤷🏻‍♂️

    Show this thread
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·