Patrick Bareiß @bareiss_patrick
Principal Security Research Engineer @Splunk Speaker: DeepSec Vienna, BlackHat Europe Arsenal patrick-bareiss.com München, Bayern Joined October 2015-
Tweets350
-
Followers1K
-
Following1K
-
Likes550
@d1rkmtr You name yourself an open source develop in LinkedIn. Then you should be able to make a PR to github.com/magicsword-io/…
@DWdoesDFIR Atomic Red Team is getting installed on the Linux and windows server. MLTK need to be installed manually.
🚨 SAP NetWeaver Webshells Spotted: CVE-2025-31324 in the Wild 🚨 Multiple reports confirmed active exploitation of SAP NetWeaver Visual Composer vulnerabilities (CVE-2025-31324). Attackers are dropping lightweight JSP webshells like the ones shared by Onapsis, captured by ShellSweepX below 👇 — easy to miss, devastating if ignored. 🧹 Enter ShellSweepX — an open-source project from Splunk Threat Research Team built to help defenders proactively hunt, detect, and analyze webshells across their environments. How ShellSweepX helps defenders: 🔹 Wide Coverage Uses 300+ webshell-focused YARA rules across JSP, PHP, ASPX, and others — not just signatures, but entropy, anomaly, and obfuscation detection. 🔹 Lightweight, Flexible, and Scalable ShellSweepX offers agent-based deployment across endpoints with a centralized management server to orchestrate sweeps. It supports webshell file collection, scheduled scans, and makes sweeping hundreds or thousands of systems seamless via API or web UI — all without heavy infrastructure requirements. 🔹 Integrated Threat Hunting Detailed triage output lets you pivot immediately: showing entropy, size, matches, metadata, and AI-assisted file analysis to catch even stealthy or customized webshells. 🔹 Automation-Ready Built with a REST API and frontend dashboard, ShellSweepX enables automatic sweeps, centralized hunting campaigns, and seamless integration into your existing IR playbooks and workflows. Ref: Onapsis: onapsis.com/blog/active-ex… Rapid7: rapid7.com/blog/post/2025… 🔥 Full project and how to get started: 👉 ShellSweep: github.com/splunk/ShellSw… 👉 ShellSweepX Blog: splunk.com/en_us/blog/sec…
Looking to secure your homelab #Kubernetes? This guide covers: • Container security: Static code analysis, scanning, minimal base images • Kubernetes hardening: RBAC, API security, etcd protection • Testing tools: kube-bench, checkov, red-kube buff.ly/9iaxULG
SQL Server can be exploited for system access, persistence, and code execution. Our STRT team's blog shows how attackers abuse stored procedures, CLR assemblies, and registry modifications—while providing detection rules to catch them in action. buff.ly/3TSJh6Q
Latin American banking trojan Grandoreiro expands globally, targeting 1,500+ banks with: • Sophisticated string encryption • Domain generation algorithm for C2 comms • Anti-sandbox techniques • Registry persistence • Outlook mail harvesting buff.ly/EimaGMN
Critical RCE vulnerabilities in Ingress-Nginx Controller (CVE-2025-1974, CVSS 9.8) affect versions ≤1.12.0 and ≤1.11.4. The webhook service (port 8443) is exploitable. Check your cluster with: kubectl get ValidatingWebhookConfiguration -A buff.ly/DTKxvSK
Excited to share this blog about our improved research.splunk.com! 📓splunk.com/en_us/blog/sec… Already seeing 20K+ active users in just 30 days since soft launch! Huge shoutout to @TyneDarke and the marketing team for this amazing piece, and to Lou Stella, @bareiss_patrick, @SnekCharmerr & the entire #STRT! 🧵1/4
New Splunk Attack Range got me like : lol github.com/splunk/attack_…
🚨 Big News for Splunk Attack Range Users! 🚨 We’ve just dropped a major update— @Snort 3 is now integrated into the Splunk Attack Range! 🎉🐍 Amazing work by @bareiss_patrick ! If you haven’t tried out Attack Range yet, it’s a breeze to get started! 🍃 Clone the repo: github.com/splunk/attack_… 📥 Run: python attack_range.py configure to easily select server OSs, enable Snort3 or Zeek, and more! 💻⚙️ And guess what? Some extra goodies like BadBlood, domain-joined systems, and Kali are all waiting. 🎁💣 It’s like making it rain for your test environment! ☔💸 Once you’ve got everything set up, you’ll be diving into a fresh batch of data in Splunk in no time! 📊🔍 Happy hunting, and may the logs be ever in your favor! 🕵️♂️🔐
🚨LOLRMM Update 🚂 You thought we were done? Nope. 🔥 Deduplication efforts are in the works 🔥 Experts (@_josehelps) are reviewing the site code to ensure we deliver the most epic LOLRMM experience. 🔥 More and more RMMs are being completed (@Kostastsale @nas_bench ) 🔥 Who wants more Sigma rules? Because, we got them. Autogenerated + easily found on individual RMM pages. Hoping the efforts are final soon and we can get this out the door! Be warned, it's a lot of data and we'll need lots of community ❤️ to make this 100%. Teaser:
Will be showing open source "Splunk Attack Range" at Black Hat Arsenal 2024 in Las Vegas with my colleague Patrick Bareiß @bareiss_patrick #strt #splunkattackrange #splunk #splunkthreatresearchteam #blackhatusa #blackhatarsenal #blackhat blackhat.com/us-24/arsenal/…
happy to share our latest #STRT Blog on #SnakeKeylogger! This includes the intriguing loader variant, Malware Analysis, TTPs we've extracted and a comprehensive list of our developed detections! 😊 #splunk #RE #int3 #blueteam #detectionengineering splunk.com/en_us/blog/sec…
🚨 #Splunk Threat Research Team Release 4.18.0!🚨 ✨ Key Updates: 🛡️ Kubernetes Security: Advanced detections for containerized environment threats, including unusual access and abuse scenarios. 🔒 Enhanced MFA Security in PingID: 4 new detections by Steven D., addressing critical aspects of digital authentication security. 🧩 Rhysida Ransomware Analytic Story: In-depth analytics for detecting Rhysida group behaviors and tactics. 🔄 Updated Analytics & Stories: Including NjRAT, RedLine Stealer, and firewall modifications. 🔍 Dive into detailed detections for Kubernetes abuses, multi-factor authentication challenges, and ransomware tactics. Release: github.com/splunk/securit… Content: Research.Splunk.com
Learn how the Splunk Threat Research Team is revolutionizing detection engineering efficiency. Get a sneak peek into Security Content v4.0's features. Essential reading for detection engineers, security analysts, and team leaders. splunk.com/en_us/blog/sec…
I didn't want to mention it, but after my last SANS preso on hunting drivers, I've decided to build a site similar to LOLBAS project presenting all known vulnerable Windows drivers. More to come. Until then, give it a follow. github.com/LOLDrivers-Pro…
Splunk STRT researchers describe the different tactics, techniques and procedures mapped to the ATT&CK framework leveraged by Agent Tesla remote access trojan. splunk.com/en_us/blog/sec…
Florian Roth ⚡️ @cyb3rops
221K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Dave Kennedy @HackingDave
231K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
Nasreddine Benchercha... @nas_bench
12K Followers 1K Following Detection @Splunk & @cisco | previously @nextronsystems | @sigma_hq & @magicswordio maintainer | Eternal Learner
The Haag™ @M_haggis
10K Followers 2K Following ⚔️ Prevention Engineering at MagicSword | Co-Host of Atomics on a Friday | LOLDrivers & Atomic Red Team Maintainer
Olaf Hartong @olafhartong
17K Followers 979 Following @FalconForceTeam | researcher with a camera | Microsoft MVP | Snow man role model
Christopher Peacock @SecurePeacock
7K Followers 2K Following #PurpleTeam | Ex @RaytheonTech MSSP, @SCYTHE_IO, & @GD_OTS | Taught at BlackHat & DEFCON | #100DaysofSigma | Keep exploring, keep learning, and stay curious
Alexandre Dulaunoy @a... @adulau
8K Followers 7K Following Enjoy when humans are using machines in unexpected ways. I break stuff and I do stuff. @[email protected]
Anton @Antonlovesdnb
6K Followers 4K Following Blue Team stuff | Trying to be a decent human being | @munkschool Grad | Hunt & Response @HuntressLabs
Steve YARA Synapse Mi... @stvemillertime
18K Followers 1K Following AI threat intelligence @google writing & sharing on adversary tradecraft, malware, threat detection, AI-nexus intel and all things #yara
Nicole Beckwith @NicoleBeckwith
42K Followers 7K Following Sr. Director, Security Engineering and Operations @cribl_io
Manuel Martín @ElVigilante_com
21 Followers 304 Following Cyber Defense Threat Hunter turned Founder Trying to outrun stupidity, one day at a time. 🔻 Read. Orient. Decide. Act.
Cyber Security Pengui... @CySecPenguin
67 Followers 3K Following Cyber security information is collected.
Bill @BillWeldsMetal
28 Followers 1K Following
AB20251 @AB20251189171
0 Followers 334 Following
crispyscientist @crispyscientist
8 Followers 697 Following
Asad Syed @SecurityTeam007
17 Followers 132 Following Passionate about #ArtificialIntelligence #Bigdata #CognitiveBiases #CyberSecurity #DataAnalysis #DataScience #DataViz #DeepLearning #MachineLearning
curseurs0s @curseurs
0 Followers 59 Following
IreneGodwin @499XWbBKoI0o7a4
38 Followers 1K Following
Ian Bell @ibell63
79 Followers 347 Following cybersecurity operations engineer | aviation enthusiast | tweets reflect my own opinions
catd9n @catd9n1
0 Followers 124 Following
Raven Tait @raven_tait
43 Followers 41 Following
T1nt1n @t1nt1nsn0wy
680 Followers 5K Following Noobie H4CK3R and researcher at @qualys. Prev @pwc. Views are my own :)
Muhammad @_cybersheriffX
177 Followers 1K Following Linux evangelist | Incident responder. Passionate about malware hunting. My loathing are simple: Opression, malwares, data leakage. RT 🚫endorsement
gigi patel @PatelGigi88220
2 Followers 33 Following
Heqer @Heqer5336
38 Followers 1K Following
z3gh0st @z3gh0st
173 Followers 708 Following 🇫🇷 Swiss knife CERT analyst @VINCI_CERT | DFIR | | CTI / CTI consumer | | Vulnerability Management | @[email protected] @z3gh0st.bsky.social
Arianna Kessler @AriannaKes15249
1 Followers 167 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/28N5WkzTmK
Le Ngoc Long @ngoc2304
10 Followers 748 Following
Marco Pedrinazzi @pedrinazziM
172 Followers 1K Following Interested in security research, detection engineering, DFIR, threat intelligence, AI security.
kais @kais_be
469 Followers 980 Following
Ema Jenson @NurFitriMuthma1
187 Followers 4K Following Love to travel and explore different countries/like to share experiences with successful people in different fields/like to invest in different projects in diff
James Ibrahim @JamesIb54140322
53 Followers 4K Following
Bhargav Rathod @malwr4n6
359 Followers 3K Following All things DFIR & Malware Analysis | macOS/iOS DFIR & Malware Research | Staff MDR Analyst @ Unit42 | OC-DFRWS | GIAC - GREM, GIME & Advisory Board Member
Ethical Anonymous @EthicalAnonymou
122 Followers 1K Following Hacktivist, justice, democracy, equality. Cybersecurity Expert. Mtro IT. Mtro Cybersec, CISA, CISM, CRISC, CEH, Sec+. Gamer 🎮 🕹
Swachchhanda Poudel @_swachchhanda_
166 Followers 378 Following Threat Researcher | Detection Engineer @nextronsystems | #sigma #yara https://t.co/LjJ2sh3CIE
Ron @ThantZin_Ron
2 Followers 396 Following
Heythare @Heythare4j_2qE
17 Followers 615 Following
Hardik Jain @HardikJain121
537 Followers 334 Following I Hunt Threats Before They Haunt You | Threat Hunter & CTI Analyst | CTM Program Builder | CTIA | ECIH | MITRE ATT&CK
Scritches JRC @scritches
594 Followers 6K Following This account is run by a feral service animal. All content is personal.
saravanan kalyanasund... @saravanankalya4
16 Followers 678 Following
BerniceRosa @CNaAERxo4s0H4mU
63 Followers 6K Following
Tarethean @Tarethean0gn2U
149 Followers 3K Following
emre @k_emre_kisa
14 Followers 517 Following
tonghuaroot @tonghuaroot
472 Followers 4K Following Staff Security Engineer. Cyber Security enthusiast, not Hacker. Focus on Application Security, Penetration testing. #OSCP #OSEP #MSCS #RedTeam #AppSec #WebSec
Mark Swanborough @MarkSwanb
255 Followers 613 Following Automation Leader @ Cisco CX focused on people/tech/data. Climber/Dad/Geek/Canyoner. Tweets my own, not CSCO. he/him
ali tavakoli @alitavakolsadra
3 Followers 123 Following
Lukáš Šišmiš @LukasSismis
40 Followers 79 Following
Florian Roth ⚡️ @cyb3rops
221K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Justin Elze @HackingLZ
71K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Kostas @Kostastsale
20K Followers 385 Following I like building things that solve real problems, working across cybersecurity, product, and research | 🇬🇷🇨🇦
Ali Hadi | B!n@ry @binaryz0ne
35K Followers 570 Following DFIR and Adversary Simulation | All posts reflect the views and interests of the person behind this account only |
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
Florian Hansemann @CyberWarship
88K Followers 46 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98M
Dave Kennedy @HackingDave
231K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
Chris Sanders 🔎 �... @chrissanders88
35K Followers 487 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSM
SwiftOnSecurity @SwiftOnSecurity
411K Followers 9K Following computer security person. former helpdesk.
Mehmet Ergene @Cyb3rMonk
14K Followers 454 Following Learn Threat Hunting, Detection Engineering, DFIR, and KQL https://t.co/uAlYlXIXot @BluRavenSec Microsoft Security MVP #ThreatHunting #DataScience
mRr3b00t @UK_Daniel_Card
123K Followers 8K Following Department of Cyber WAR. Member of the Counter Spider Collective. Wielder of AI to defend in Cyber Space. Ralph Vibe Specialist. VibeOps Operator!
MalwareHunterTeam @malwrhunterteam
254K Followers 37 Following Official MHT Twitter account. Check out ID Ransomware (created by @demonslay335). More photos & gifs, less malware.
Adam Chester 🏴�... @_xpn_
39K Followers 544 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOlmau2 | Insta at https://t.co/PqR6CZQ48T
The Hacker News @TheHackersNews
1.7M Followers 2K Following The #1 trusted source for cybersecurity news, insights, and analysis — built for defenders and trusted by decision-makers.
Nasreddine Benchercha... @nas_bench
12K Followers 1K Following Detection @Splunk & @cisco | previously @nextronsystems | @sigma_hq & @magicswordio maintainer | Eternal Learner
David J. Bianco @DavidJBianco
12K Followers 826 Following Threat Hunting, CTI, incident detection & response. SANS instructor. Special interest in helping newbies get started. He/Him. https://t.co/XcrBqQLUrP
The Haag™ @M_haggis
10K Followers 2K Following ⚔️ Prevention Engineering at MagicSword | Co-Host of Atomics on a Friday | LOLDrivers & Atomic Red Team Maintainer
Olaf Hartong @olafhartong
17K Followers 979 Following @FalconForceTeam | researcher with a camera | Microsoft MVP | Snow man role model
spencer @techspence
17K Followers 3K Following 🛠️ Former Sysadmin, now Pentester | Microsoft MVP | Helping IT teams make their environment harder to attack | @SecurIT360 & @CyberThreatPOV
Bad Sector Labs @badsectorlabs
9K Followers 526 Following Cybersecurity news, techniques, exploits, and tools every week at https://t.co/UgKmeEEjIV 🐘 @[email protected]
Dray Agha @Purp1eW0lf
6K Followers 3K Following Hunt & Response Senior Manager @HuntressLabs || "Competition is the law of the jungle, but cooperation is the law of civilisation” - Kropotkin
Nick Mavis @nickmavis
348 Followers 400 Following Senior Research Engineer at @TalosSecurity. CTF enthusiast, motorcycle lover, gamer dude.
Hare Sudhan @cyb3rbuff
175 Followers 348 Following Software engineer in cybersecurity. Living the best of both worlds. Open Source Contributor and Maintainer of #AtomicRedTeam
AJ King @ajkingio
179 Followers 733 Following Leading Threat Research @Splunk (@Cisco) | ex-@SnapAttackHQ | Detection Engineering | AI Tinkerer | Dad | https://t.co/ljHLotXEMm
AtomicsonaFriday @AtomicsonaFri
602 Followers 27 Following In the wild of cyberspace, 'Atomics on a Friday' is the El Camino of security testing. Guiding defenders with vital content to safeguard their organizations.
sydney @letswastetime
570 Followers 359 Following `thrunter` | opinions != employers | she/her | search "thrunting soundtrack" | eval link="https://t.co/7EA1367cqG"
Mckay Wrigley @mckaywrigley
228K Followers 373 Following I build & teach AI stuff. Founder @TakeoffAI + @AgentShare.
DFIR-IRIS @dfir_iris
1K Followers 4 Following Collaborative Incident Response investigation platform, for analysts by analysts. Free and Open Source
Andrew Morris (afk) @Andrew___Morris
21K Followers 3K Following 🔳 Internet listener. Founder/Chief Architect of GreyNoise Intelligence (@GreyNoiseIO)
RAKESH KRISHNAN @RakeshKrish12
4K Followers 117 Following Scam Hunter | Blockchain Investigator | Threat Intel Researcher | Sheds light on Dark Web| Read my findings https://t.co/sTD7UDFfUr https://t.co/ivvg7T74JX
hadojae @switchingtoguns
979 Followers 941 Following detects the things for TwinWave (Acquired by Splunk)
Filip Dragovic @filip_dragovic
7K Followers 1K Following My research unless stated otherwise. My opinions are my own and do not represent the views of my employer. Red Team @MDSecLabs
Grimmie @Gr1mmie
1K Followers 192 Following Sekuridy Resurshur. I'm just a potato meng. Speaker @defcon615, @ISC2CFL. Advanced Persistent Potato. Views != Employers
@[email protected]... @christruncer
11K Followers 465 Following Deputy Chief, Red Team, CISA && BJJ && Veil Framework / Open Source Dev, @christruncer.bsky.social
Jayesh Singh Chauhan @jayeshsch
1K Followers 407 Following CISO | Founder @cloudvillage_dc | Founder @cloudurancesec, Author @CS_Suite, Cloud Security Trainer
Cx01N @Cx01N_
653 Followers 48 Following | EE PhD Candidate | AF Officer | Director of Security Shenanigans @Bcsecurity | @EmpireC2Project |
Hubbl3 @_Hubbl3
492 Followers 25 Following CEO at BC Security LLC Infosec Professional | Engineer | Skier
BC Security @bcsecurity
9K Followers 52 Following Threat Emulation | Training | Red Team | Penetration Testing | Compliance Discord: https://t.co/4C5C3M1Tk9
offensivecon @offensive_con
28K Followers 1 Following OffensiveCon is a technical international security conference focused on offensive security only. Organised by @Binary_Gecko. Stay tuned #Offensivecon #Tokyo.
RuhrSec – IT Securi... @ruhrsec
1K Followers 1 Following Annual English speaking non-profit IT security conference with cutting-edge talks by renowned experts. Hosted by @hackmanit
RAE @Valkyrae
2.9M Followers 1K Following I stream on Twitch and YouTube :) @hihistudios • @100thieves • @wineaboutit69 • [email protected]
Anna Cramling @AnnaCramling
142K Followers 860 Following chess player and content creator | business inquiries: [email protected]
Hikaru Nakamura @GMHikaru
629K Followers 448 Following Proudly Team Falcons Chess Professional Content Creator Business email: [email protected]
Gi7w0rm @Gi7w0rm
19K Followers 819 Following Threat Intelligence Analyst | Projects: https://t.co/azRpNg9NJQ & https://t.co/SyvUfXpbmI | If I post false intel, contact me! Support me: https://t.co/5WgDqr0K8p 🇪🇺🇩🇪🇺🇦🌈
Guillermo Musumeci @gmusumeci
373 Followers 213 Following Certified AWS, Azure & GCP Architect | HashiCorp Ambassador | Terraform SME | Entrepreneur & Innovator | KopiCloud | Book Author | Husband & Dad of ✌
Abhay Bhargav @abhaybhargav
7K Followers 676 Following AppSec & AI Sec Expert | Black Hat, DEF CON Trainer | Building the future of AI-Native Secure Design and AI Code Security @SecurityReviewAI
Drew Church @drewchurch
435 Followers 375 Following Security Strategist / #SURGe @Splunk, IP Officer @navy_reserve | Tweets/Likes are my own and do not represent my employers.
Jos @0xFFJP
109 Followers 135 Following Hacking is like hammering. It's only illegal if you hit something without permission.
Paul Melson @pmelson
14K Followers 1K Following Author/Operator of @ScumBots. Blue Team by day, Blue Team by night. Opinions, typos, and bad grammar do not represent my employer. He/Him
Silas Cutler (p1nk) @silascutler
14K Followers 2K Following You may know me from your logs Principal Security Researcher @Censysio #Threats / #CTI / #Malware / #Hacking
Open Threat Research @OTR_Community
5K Followers 5 Following Empowering the InfoSec Community through Open Source projects and collaboration! https://t.co/T9YKVakZ9o
Carla Notarobot 🤖�... @CarlaNotarobot
22K Followers 1K Following Software Engineer 👩🏻💻 Bad Joke Sharer 😅 Tech Ranter 😬 All views are my own
Mika @cyberMeeks
705 Followers 591 Following DFIR and all things cybersecurity. Enthusiast, the general kind. Views my own.
Calum Hall @_calumhall
979 Followers 343 Following Co-Founder of Phorion 🔍| Threat Detection and Response Manager at GitHub 👨💻| macOS researcher 🍎 | BlackHat speaker 2021 📢 Opinions are my own
Matt Harrison @__mharrison__
170K Followers 922 Following AI + Python 🐍 + Data Science 🚀 trainer @__metasnake__ 🦜 Speaker ✍ Author 👨🏫 Instructor (@Stanford) 📣 DM for Sponsorship
Patrik Grobshäuser @ITSecurityguard
32K Followers 301 Following Security Research @ Assetnote https://t.co/RmFwv6ItrQ https://t.co/VCPfgTLLBN https://t.co/qylqwXgc9I https://t.co/uwZdquCB7l
Rohan Vazarkar @CptJesus
16K Followers 110 Following Penetration Tester and BloodHound Developer @specterops
Andy Robbins @_wald0
36K Followers 2K Following Co-founder of SpecterOps. Co-creator of BloodHound. https://t.co/rub1i3Fs9g





















