Matthew Dunwoody
@matthewdunwoody
Followers
10K
Following
23K
Statuses
6K
@GoogleCloud @Mandiant #AdversaryMethods Lead. Former #AdvancedPractices Security Researcher, Technical Intel Analyst, IR Consultant, Security Architect/TPM.
NoVa
Joined February 2013
I wrote up a TLDR primer on #PowerShell logging. Recommend implementing now, before an attack. #DFIR
9
209
385
RT @malcomvetter: Consider this your periodic reminder that basically every single EDR or MDM tool is just a C2 that you already installed.
0
1
0
RT @LynAldenContact: When you go to developing countries and see how many Chinese cars are on the road, it's shocking. They're not in the U…
0
789
0
RT @highmeh: Anyone in my network looking for security work? Looking for a purple team-ish role; someone who wants to flex between IR/SOC a…
0
37
0
RT @mthcht: Path masquerading Interesting technique, if you're hunting for this, you can directly search the unic…
0
14
0
RT @Byron_Wan: Some Chinese Temu merchants are padding their profits by using counterfeit postage labels to trick the US Postal Service int…
0
150
0
RT @cyb3rops: Omg—I was on vacation when this dropped, just found it now, and I love it! 💛 I’m gonna add this to my internal guide for new…
0
73
0
RT @ivanrouzanov: We are building a Sustaining Engineering team at CrowdStrike and are hiring software engineers with deep knowledge of Win…
0
5
0
RT @godslittlemacro: Feel free to RT. Not the hiring manager. AVP, Cloud Penetration Tester 110-185k. US-Remote. - Perform pentesting o…
0
2
0
RT @troyhunt: I’ve had a few people flag this with me as a “data breach”. It’s not, it’s authorised access. Not liking that authorisation d…
0
99
0
RT @HostileSpectrum: In the wake of SALT TYPHOON, demands for unrestricted warranted access on mere administrative demand, such as allegedl…
0
2
0
RT @fr0gger_: 📢 New Microsoft Threat Report: "ViewState Code Injection Attacks Using Publicly Disclosed Machine Key…
0
80
0
RT @Byron_Wan: 🚨 Another Sputnik moment in the horizon? Western drugmakers are striking more deals in China to access “bio-better” treatme…
0
105
0
RT @ITguySoCal: TL;DR 1) Enable Windows Firewall to prevent lateral movement 2) Enable packet logging for future forensics 3) disable loc…
0
85
0
RT @its_a_feature_: Many in the Mythic Community have asked for a way to standardize BOF/.NET execution within Mythic Agents. Today I'm rel…
0
33
0
RT @williballenthin: capa v9 brings a new scope for dynamic analysis: “span of calls” for matching a sliding window of API calls within a t…
0
44
0
RT @cyb3rops: If you decide to make your software available under an address you don’t control forever, don’t be surprised when someone els…
0
13
0
RT @CyberWarship: '' exploiting SCCM policies distribution for credentials harvesting, initial access and lateral m…
0
45
0
RT @ethereal__vx: Hiring for a Security Researcher Role. The ideal candidate should have a strong understanding of Windows Internals & Api…
0
19
0
RT @plusvic: The most important addition is a new feature that allows to enforce rule name and metadata style to your rule. Check this: htt…
0
6
0
RT @Carlos_Perez: So I grabbed the template for all 3 versions of 4768 for Kerberos, on version 1 the certificate thumbprint was added in…
0
5
0