Lukas Klein | @rantasec.bsky.social @RantaSec
Joined July 2021-
Tweets479
-
Followers60
-
Following169
-
Likes890
@shahardorf & I found a phishing campaign abusing oauth applications in Entra in more than 50 organizations! And i promise you that in this blog we explain how you can do it too! And provide all the IOCs 🤭 It's one of these blogs i would enjoy reading! wiz.io/blog/detecting…
Nice write-up by Alexander Goedeke on using MAGIC, Timesketch and Jupyter for scalable Microsoft 365 BEC investigations What I like most is the focus on repeatable workflows and automation instead of another “AI-powered DFIR” story Getting the right data at scale is often the hardest part securitylog.sva.de/2026/posts/sca…
We are releasing tracebit @x33fcon - a POC sensor aiming to fingerprint implants in memory using only lowlevel runtime telemetry. No signatures, no scanning. Only pagefaults. github.com/threathunters-…
This is big 🔥🔥 techcommunity.microsoft.com/blog/microsoft…
Who knew a really long string could make an Entra ID login disappear from the logs entirely? In our #blog, @nyxgeek breaks down how overflowing #Azure's sign-in logging mechanism allowed access tokens to be issued without a single log entry. Read it now! hubs.la/Q047xTVc0
Check out GoLinHound: - Discovers Linux & SSH attack paths - Outputs OpenGraph JSON for BloodHound ingestion - Integrates with SharpHound and AzureHound data to unveil cross-technology attack paths github.com/RantaSec/golin…
SpecterOps released "DumpGuard" along with a detailed article on how they were able to bypass Windows Credential Guard in both privileged and unprivileged contexts. I learned a ton about Isolated LSA and friends: specterops.io/blog/2025/10/2…
Fact: Remote service and scheduled task creation bypass firewalls on DCs and Win file servers because of SMB tunnelling. Solution: Create RPC filters that block MS-SCMR and MS-TSCH over named pipes. The latter has 3 UUIDs, so blocking the atsvc pipe is more elegant. #DSInternals
Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM. github.com/trustedsec/Tit…
The DSInternals.RpcFilters PowerShell module for Windows RPC filter management is out! Includes support for the new OpNum matching capability of Windows Server 2025. Looking forward to community feedback. github.com/MichaelGrafnet…
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
Can't kill sysmon.exe anymore? Cut it off from its own log by stopping ETW logger! LocalSystem required, of course.
Check out @elad_shamir's recent blog post to learn more about NTLM relay attacks. ⬇️ ghst.ly/4lv3E31
Catch @IzySec's recent podcast discussing Rogue Remote Desktop Protocol: open.spotify.com/episode/5AGW25…
Check out this new blog post from @_wald0 discussing the fundamental components & mechanics that enable the emergence of critical Attack Paths in Microsoft's increasingly popular Intune product. ⬇️ ghst.ly/3Cd5cwH
The Chinese threat intelligence report is here: mp.weixin.qq.com/s/3bmehaRuvaL5… It’s always nice to see reports from other parts of the world because they can give a different perspective. That said, the translation I read was super confusing so I’m sure I missed some details
The Chinese Computer Emergency Response Center announced that a U.S. intelligence agency hacked an advanced materials unit and an energy-focused company, stealing important trade secrets and intellectual property via trojans. globaltimes.cn/page/202412/13…
I finished my talk at BHEU! The attack methods and techniques shared in the talk are not a great deal, but I hope this serves as an opportunity to draw attention to the importance of security measures for Intune. Here is the tool released for the talk. github.com/secureworks/py…
Unauthenticated Remote Code Execution (RCE) on Domain Controllers (DC). It does not get worse than that. Probably will be included in #ransomware campaigns. Any technical analysis of CVE-2024-49112 published? CC: @gentilkiwi @harmj0y @_wald0
Daniel @DanielFlathDB
33 Followers 119 Following
infradev @infradev2
15 Followers 1K Following Interested in infrastructure development, cyber operations and security engineering
floating @speck415
30 Followers 2K Following
Carl Nykvist @CarlNykvist
200 Followers 1K Following
SquareZer0 @__squarezero__
161 Followers 2K Following Offensive security | AD, Azure, and wireless exploitation
Chris Thompson @_Mayyhem
3K Followers 487 Following Senior Security Researcher @SpecterOps https://t.co/Sz5fRYkX6u
Matthew Kolb @matthewkolb13
101 Followers 1K Following
Tim Brown @timb_machine
3K Followers 5K Following push(@twitter, 'Adversarial Engineer'); # i tweet in Perl
Qanon @qanonfree
1 Followers 5K Following
Mark Linton @marklinton
497 Followers 3K Following IT and Information Risk Professional. https://t.co/dP0nRLvCHK
Raven Cloud @BlueteamSecops
991 Followers 3K Following #cibersecurity #DFIR #Blueteam #Threathunting #CTI
Safiullah_Niazi @Safiull93168968
138 Followers 3K Following Leo ♌ 🦁| Strong Heart ❤️, Curious Mind 🧠| 'He who has a WHY to live for Can deal with any HOW' #CyberSecurityEngineer #AI Automation Engineer 💻
Abhinav Bajpai @_AbhinavBajpai
7 Followers 62 Following
Leo9108 @Leo910825
36 Followers 1K Following
Chuck @cspurling999
0 Followers 2K Following
︎ @0xocdsec
4K Followers 7K Following ︎ 🏴☠️ 🇪🇺 💚 🇺🇦 | computers & features | 💚 🏴☠️ party | 603,628 km² https://t.co/F5dgX7AEoL
FindmeX @LynnWsa
79 Followers 4K Following
_____ @H_ng_an
179 Followers 2K Following
Merill Fernando @merill
20K Followers 4K Following Ex-Microsoft PM | Tweets my own Built → https://t.co/QbUp63ffXf • https://t.co/8W7yvQi3jb • https://t.co/NFLDqDIY8h • https://t.co/tSWrIw8Ajh 📰 Newsletter→ https://t.co/tPzAEl0Zuq & https://t.co/894nfObWuU 🎙️ Podcast→ https://t.co/TBlNKTzn8t
Michael Koczwara @MichalKoczwara
25K Followers 2K Following Threat Researcher/Founder @Intel_Ops_io Threat Intelligence, Adversary Infrastructure Hunting, Curated TI Feed (Coming Soon) https://t.co/VQWaze6gaF
Ankur @Ankuryogi11
244 Followers 6K Following
kilger @kilger
310 Followers 4K Following
ice @ice98079542
60 Followers 4K Following
James W. @cyberbiz4
160 Followers 4K Following looking for a cyber position in blue team. Metro Vancouver, Canada. Defender, GIAC x 3, AWS, M365, Splunk, Azure
Andy Robbins @_wald0
36K Followers 2K Following Co-founder of SpecterOps. Co-creator of BloodHound. https://t.co/rub1i3Fs9g
Tony Gore @nullg0re
646 Followers 1K Following Security Researcher, US Marine Corps Veteran, Microsoft Most Valuable Researcher 2023 & 2024
pfransc @pfransces
41 Followers 2K Following
jokochimpa @jokochimpa
80 Followers 1K Following
Leonardo Porpora | @n... @n0sign4l
230 Followers 1K Following
Sebastian Vasquez S. @sebasvasquezs
397 Followers 3K Following Father, Fulbright/NYU, CISO, InfoSec Community Builder, Pentester, GFSInfosec CEO, CISSP, CARTP
tom @tom_muen
22 Followers 346 Following
Dirk-jan @_dirkjan
30K Followers 207 Following Hacker at @OutsiderSec. Researches AD and Azure (AD) security. Likes to play around with Python and write tools that make work easier.
Julian Wiegmann 🍻 @JulianWieg
253 Followers 425 Following I worked in infosec for too long, excuse my pessimism. you can also ping me on LinkedIn
Hilko Bengen / @hillu... @_hillu
364 Followers 424 Following Dormant account. Find me elsewhere, for example: - https://t.co/chlQOd8Lyl - https://t.co/H5Pb9iCtgH
test domain @User2Micro
703 Followers 5K Following
Frank Wiersma @frankwiersma_
180 Followers 5K Following Al developer by day, builder by night. GenAI @ TenneT. Freelance custom software & Al - https://t.co/kVPeP2HIkL. OSCP | AZ-104
thefLink @thefLinkk
1K Followers 151 Following
Hilko Bengen / @hillu... @_hillu
364 Followers 424 Following Dormant account. Find me elsewhere, for example: - https://t.co/chlQOd8Lyl - https://t.co/H5Pb9iCtgH
Yuval Gordon @YuG0rd
1K Followers 427 Following Security Researcher at Palo Alto Networks. Opinions are my own.
Daniel Bradley @DanielatOCN
2K Followers 268 Following Microsoft MVP, blogger and I write a little PowerShell
Pantelis @PantelisStoufis
847 Followers 345 Following Infosec @Apple | PGP: 0x62B08390 | Opinions are my own, unless retweeted
Fabian Bader @fabian_bader
10K Followers 890 Following #Security #Azure #AAD #MDE #M365 #AD #PKI #XDR #EntraID Microsoft MVP Tweets and opinions are my own @[email protected]
hasherezade @hasherezade
91K Followers 956 Following Programmer, #malware analyst. Author of #PEbear, #PEsieve, #TinyTracer. Private account. All opinions expressed here are mine only (not of my employer etc)
Eric Woodruff | MVP |... @ericonidentity
2K Followers 736 Following Chief Identity Architect @SemperisTech. Microsoft Security MVP, Entra nerd. Part-time hiker, full-time dad and partner. Opinions expressed are from my cat.
sapir federovsky @sapirxfed
5K Followers 199 Following Doing things @wiz_io And then doing more things at home | Failed research blog: https://t.co/j2HT1Tpscs | Trying to be more chill🧘♀️
Nikhil Mittal @nikhil_mitt
20K Followers 439 Following Hacker, Infosec Researcher, Military Affairs & History, PowerShell, AD and Azure pwner, Creator of Nishang and others :) Founder @alteredsecurity
Cloud IdentitySummit @identitysummit
665 Followers 14 Following Community event with focus on related topics to #AzureAD and Cloud #Identity in #Azure. Organized by the @AzureBonn Team.
Intel-Ops @Intel_Ops_io
2K Followers 4 Following Adversary Infrastructure Hunting & Training Curated Threat Intelligence Feed (Coming Soon) https://t.co/N9OKrTrvV0 https://t.co/3YFZfEbgpI
MDSec @MDSecLabs
16K Followers 2 Following Consultancy and Training for offensive security by trusted experts | https://t.co/HtHSYcDxoK | https://t.co/UvOhGA5xe2 | @nighthawk_c2
Maddie Stone @maddiestone
62K Followers 796 Following Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter. she/her.
Invictus Incident Res... @InvictusIR
2K Followers 32 Following Helping organizations respond to cyber incidents in the cloud | 🆘 24/7 support https://t.co/zfF62gimvm | 📚 Academy https://t.co/GH0u8tmjXJ
📔 Michael Grafnett... @MGrafnetter
3K Followers 134 Following Principal Security Researcher @SpecterOps, Microsoft MVP Identity & Access
Kuba Gretzky @mrgretzky
17K Followers 761 Following Creator of Evilginx - Reverse Proxy Phishing Framework for Red Teams: https://t.co/hPg644CTnM
TrustedSec @TrustedSec
78K Followers 763 Following End-to-end Cybersecurity consulting team leading the industry, supporting organizations, and giving back. #Hacktheplanet Blogs, news, webinars, and tools!
mgeeky | Mariusz Bana... @mariuszbit
15K Followers 965 Following 🔴 Offensive Security Developer @ Outflank, Red Team operator, ex-AV dev, ex- malware researcher 🫖 Green tea lover
Rhino Security Labs @RhinoSecurity
7K Followers 2K Following Rhino Security Labs is a top penetration testing and security assessment firm with a focus on cloud (AWS, GCP, Azure), network, and web application pentesting.
vx-underground @vxunderground
440K Followers 363 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Julian Wiegmann 🍻 @JulianWieg
253 Followers 425 Following I worked in infosec for too long, excuse my pessimism. you can also ping me on LinkedIn
Scoubi @ScoubiMtl
3K Followers 259 Following All Things BloodHound | InfoSec, Threat Hunting, Detection Engineering, DFIR and some personal stuff.
Munich Cyber Tactics,... @MCTTP_Con
543 Followers 3 Following 4th edition of our awesome con will happen, save the date 16-18th of september 2026 #mcttp
Elbsides / elbsides@i... @elbsides
509 Followers 594 Following Elbsides 2025 -Computer Security Conference - June 13th, 2025. No longer posting here-follow us on LinkedIn, @elbsides.bsky.social & @[email protected]
Grzegorz Tworek @0gtweet
38K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
LaurieWired @lauriewired
156K Followers 293 Following researcher @google; serial complexity unpacker; https://t.co/Vl1seeNgYK ex @ msft & aerospace
Pavel Yosifovich @zodiacon
15K Followers 915 Following Windows Internals expert, author, and trainer. Teaching system programming & debugging at TrainSec. Check out my books & courses! 🚀 #WindowsInternals #TrainSec
Mathias Fuchs @mathias_fuchs
3K Followers 951 Following Something with IR and Intelligence @InfoGuardAG, Certified Instructor and author @SANSInstitute (@SANSEMEA), Former Principal IR Consultant @Mandiant
CYBERWARCON @CYBERWARCON
6K Followers 569 Following #CYBERWARCON 2025 Registration and CFP are now open | 📧 Subscribe to receive updates at https://t.co/5lb0WvK6MJ
/ˈziːf-kɒn/ @x33fcon
7K Followers 1 Following When Red meets Blue... The very first security conference for Purple Teams on the planet
BSides Zurich @BSidesZurich
2K Followers 806 Following Stay tuned for more info or join our newsletter on the website. Brought to you by @BSidesHelvetia #BSidesZH Mastodon: @[email protected]
DEATHCon @DEATHCon2026
2K Followers 43 Following Online/live conference 13-14 November 2026 for Detection Engineering and Threat Hunting https://t.co/TpkIGjaqpx
NVISO @NVISOsecurity
3K Followers 56 Following NVISO is a European cybersecurity leader, established in 2013. Follow our @NVISO_Labs account for our latest research!
Vlad Stolyarov @vladhiewsha
834 Followers 303 Following burn all the 0-days at Google Threat Intelligence Group
Dragos, Inc. @DragosInc
27K Followers 5K Following Dragos is an industrial (OT/ICS/IIoT) cybersecurity company on a mission to safeguard civilization.
Merill Fernando @merill
20K Followers 4K Following Ex-Microsoft PM | Tweets my own Built → https://t.co/QbUp63ffXf • https://t.co/8W7yvQi3jb • https://t.co/NFLDqDIY8h • https://t.co/tSWrIw8Ajh 📰 Newsletter→ https://t.co/tPzAEl0Zuq & https://t.co/894nfObWuU 🎙️ Podcast→ https://t.co/TBlNKTzn8t
TROOPERS Conference @WEareTROOPERS
10K Followers 493 Following We are TROOPERS - IT-Security Conference & Trainings https://t.co/gO1lSzFuns Also at the infosec exchange @WEareTROOPERS
BSidesFrankfurt @BSidesFRA
292 Followers 88 Following 2026-09-10 BSidesFrankfurt Conference 2026-09-11 BSidesFrankfurt Workshops
WeLiveSecurity @welivesecurity
8K Followers 32 Following Award-winning security articles, views, insight and research directly from ESET's experts.






























