@redcanary Red Canary, a Zscaler company

Red Canary, a Zscaler company posts on X about red, how to, atomic, the most the most. They currently have [------] followers and [---] posts still getting attention that total [--] engagements in the last [--] hours.

Engagements: [--] #

• [--] Week [-----] +205%
• [--] Month [-----] -19%
• [--] Months [-------] +118%
• [--] Year [-------] +17%

Mentions: [--] #

• [--] Week [--] +20%
• [--] Month [--] -24%
• [--] Months [---] +282%
• [--] Year [---] +281%

Followers: [------] #

• [--] Week [------] +0.06%
• [--] Month [------] +0.08%
• [--] Months [------] +1.30%
• [--] Year [------] +2.80%

CreatorRank: undefined #

Social Influence

Social category influence stocks 12.75% technology brands 3.92% finance 3.92% social networks 0.98%

Social topic influence red 29.41%, how to 11.76%, atomic 10.78%, the most 6.86%, tools 5.88%, $zs #45, ai 3.92%, we are 2.94%, the new 2.94%, canary 2.94%

Top accounts mentioned or mentioned by @mitreattack @forensicitguy @zscaler @subtee @mattifestation @likethecoins @jsecurity101 @mhaggis @jschoen13 @killamjr @krollwire @brianebeyer @carbonblackinc @mitrecorps @olafhartongs @sadprocessor @kwm @verri3r @cyb3rward0g @mordorproject

Top assets mentioned Zscaler Inc (ZS) Crane Holdings, Co. (CR) Microsoft Corp. (MSFT)

Top Social Posts

Top posts by engagements in the last [--] hours

"Today Red Canary officially joins the @zscaler family 🎉 We are thrilled to mark this incredible milestone and join forces with the leader in cloud security to deliver unified security operations to help our customers strengthen their cyber defenses. Zscaler and Red Canary will enable the industrys most advanced SOC capabilities setting a new standard for the future of the security landscape. As we take this big step forward one thing will always remain true: We got you 💪 https://bit.ly/46y8BD5 https://bit.ly/46y8BD5"
X Link 2025-08-01T13:15Z 29.8K followers, [----] engagements

"If you've been online over the past few weeks there's a good chance you've heard of OpenClaw formerly known as Clawdbot. 🦞 The new AI tool has seen a surge in popularity but what does that mean for defenders 📺 Join Red Canary threat hunters Brittany Sattler and Tyler Winchester on the debut episode of SecOps Weekly today at [--] p.m. ET to learn how to proactively threat hunt for OpenClaw. We'll focus on modeling malicious behavior and identifying the specific artifacts left behind by vulnerable installations. 🔗 Register for SecOps Weekly here:"
X Link 2026-02-10T15:13Z 29.8K followers, [---] engagements

"Ever wonder how threat hunters connect the dots between a minor alert and a major threat ⚪ ➡ 🔵 Join Red Canary Threat Hunters Brittany Sattler and Tyler Winchester for a LinkedIn Live deconstruction of the threat hunt process. Theyll show you how they follow the trail to stop breaches and help organizations stay ahead of the curve. Catch it live on Tuesday February [--] at [--] p.m. ET/ [--] a.m. PT Register here: https://bit.ly/4thu2RA https://bit.ly/4thu2RA"
X Link 2026-02-05T19:45Z 29.8K followers, [---] engagements

"Alert fatigue isnt just an annoyanceits a vulnerability. When a major mining company found their previous MDR provider wasn't delivering value after a significant cyber event they knew they needed a partner that could do more than just send alerts. They needed a partner that could provide clarity. ☀ Since transitioning to Red Canary theyve unlocked massive operational capacity and realized over $500K in savings across incident investigations. Read the full case study to see how they improved their MTTR and cleared the path for proactive defense. ➡ https://bit.ly/3OmFpaQ https://bit.ly/3OmFpaQ"
X Link 2026-02-10T19:52Z 29.8K followers, [----] engagements

"Application control is a simple concept that is complicated to execute. If only you could default-deny everything and call it a day. 🪄 When your policies are too rigid some common breaking points include: ✅ legitimate workflows 🗝 legacy apps and unsigned binaries 👨💻 dev tools Learn how to rein in your allowlist with our new guide to mastering modern app control: https://redcanary.com/blog/security-operations/guide-to-mastering-app-control/utm_source=twitter&utm_medium=social https://redcanary.com/blog/security-operations/guide-to-mastering-app-control/utm_source=twitter&utm_medium=social"
X Link 2026-02-10T20:48Z 29.8K followers, [---] engagements

"The conversation around AI in cybersecurity has shifted rapidly from what if to how much. 🤖 Our four-part miniseries on AI in the SOC brought together Red Canary experts across data science security research and product leadership to demystify the reality of AI as it relates to security operations. 📺 Read our recap blog for high-level takeaways and videos of each episode: https://bit.ly/4rq4Kzi https://bit.ly/4rq4Kzi"
X Link 2026-02-12T20:02Z 29.8K followers, [----] engagements

"The only difference between a remote administration tool and a remote access trojan (RAT) is whos controlling it. Detection engineers @j_schoen13 and @killamjr are on the case. https://bit.ly/3suqkVQ https://bit.ly/3suqkVQ"
X Link 2021-08-19T19:11Z 29.8K followers, [---] engagements

"New from @jsecurity101: MSRPC to ATT&CK is an encyclopedia of comprehensive context about specific Remote Procedure Call protocols. https://redcanary.com/blog/msrpc-to-attack/ https://redcanary.com/blog/msrpc-to-attack/"
X Link 2021-11-10T18:42Z 29.8K followers, [---] engagements

"With help from our partners @KrollWire #RCIntel analyzed a BlackByte ransomware sample and uncovered details about its initial access post-exploitation and exfiltration phases prior to encryption. https://redcanary.com/blog/blackbyte-ransomware/ https://redcanary.com/blog/blackbyte-ransomware/"
X Link 2021-11-30T19:19Z 29.8K followers, [---] engagements

"The ZIP file and XLSB had formats similar to [---] (1).zip/123.xlsb. The Excel macros downloaded a Qbot binary with an OCX file extension to the TR-specific folder C:Watdan and executed it with the command regsvr32 C:Watdantle1.ocx"
X Link 2022-02-18T21:32Z 29.8K followers, [--] engagements

"NEW: Here's how to detect ChromeLoader a browser-hijacker that leverages PowerShell in some troubling ways. https://redcanary.com/blog/chromeloader/ https://redcanary.com/blog/chromeloader/"
X Link 2022-05-25T17:01Z 29.8K followers, [---] engagements

"Communication skills are often overlooked by technical teams that are hiring but writing briefing and creativity bring invaluable insight to any cybersecurity role. https://redcanary.com/blog/strong-communicators/ https://redcanary.com/blog/strong-communicators/"
X Link 2022-06-08T17:25Z 29.8K followers, [---] engagements

"The [----] Threat Detection Report is out Here are the top [--] threats we observed across our customer environments last year. How does this compare with what you observed https://redcanary.com/resources/guides/threat-detection-report/utm_source=twitter&utm_medium=social&utm_campaign=tdr2023 https://redcanary.com/resources/guides/threat-detection-report/utm_source=twitter&utm_medium=social&utm_campaign=tdr2023"
X Link 2023-03-22T16:00Z 29.8K followers, 64.5K engagements

"The Threat Detection Report is an actionable interactive resource to help you understand the most prevalent trends cyber threats & adversary techniques. Get the [----] report delivered as soon as it is published 👇 https://redcanary.com/resources/guides/threat-detection-report-coming-soon/utm_source=twitter&utm_medium=social https://redcanary.com/resources/guides/threat-detection-report-coming-soon/utm_source=twitter&utm_medium=social"
X Link 2024-03-04T16:30Z 29.8K followers, [----] engagements

"The [----] Threat Detection Report is out Featuring actionable insights for the most prevalent cyber threats and ATT&CK techniques your security team is likely to encounter. Read the full report now: https://redcanary.com/threat-detection-report/utm_campaign=2024-tdr&utm_source=twitter&utm_medium=social https://redcanary.com/threat-detection-report/utm_campaign=2024-tdr&utm_source=twitter&utm_medium=social"
X Link 2024-03-13T15:44Z 29.8K followers, 13.6K engagements

"📈 We've seen a spike in LummaC2 stealer activity over the last two months. Get detection guidance and more in this month's edition of Intelligence Insights. https://redcanary.com/blog/threat-intelligence/intelligence-insights-november-2024/utm_source=twitter&utm_medium=social https://redcanary.com/blog/threat-intelligence/intelligence-insights-november-2024/utm_source=twitter&utm_medium=social"
X Link 2024-11-21T18:09Z 29.8K followers, [----] engagements

"AI is transforming security operations. Keeping your strategy up to par is vital.💡 Join @redcanary and @zscaler on January [--] for an exclusive webinar to learn how expert-supervised AI is revolutionizing threat detection and response. These are insights you and your team cant afford to miss. Secure your spot here: https://bit.ly/3NlphGk https://bit.ly/3NlphGk"
X Link 2026-01-15T22:01Z 29.8K followers, [---] engagements

"Investigations just got a whole lot faster. ⚡ We are excited to unveil our new integration with @zscaler Internet Access (ZIA). Red Canary now pulls ZIA context directly into your investigations saving you time and enabling precise threat response without switching between platforms. Stop chasing data and start stopping threats. ➡ Check out the details: https://bit.ly/4qzG5YL https://bit.ly/4qzG5YL"
X Link 2026-01-26T15:00Z 29.8K followers, [----] engagements

"The queue isn't going to clear itself. Let AI help. 🤝 Join us tomorrow at [--] p.m. ET / [--] a.m. PT for Episode [--] of our AI miniseries on Red Canary Office Hours Our experts will be live to break down the real-world ROI of AI agents. Discover how to: ✅ Automate initial investigations ✅ Kill false positives ✅ Get the context you actually need Don't miss it. 🎥 https://bit.ly/3SQ3KoN https://bit.ly/3SQ3KoN"
X Link 2026-01-26T17:05Z 29.8K followers, [---] engagements

"Red Canary ATT&CKs (Part 1): Why Were Using ATT&CK Across Red Canary: https://hubs.ly/H09C4Fr0 https://hubs.ly/H09C4Fr0"
X Link 2018-01-05T18:58Z 29.8K followers, [---] engagements

"Red Canary ATT&CKs (Part 2): Designing ATT&CK Interfaces in Red Canary https://hubs.ly/H09D7VM0 https://hubs.ly/H09D7VM0"
X Link 2018-01-08T23:24Z 29.8K followers, [---] engagements

"Red Canary ATT&CKs (Part 3): Mapping Our Detectors to ATT&CK Techniques: https://hubs.ly/H09DQ6K0 https://hubs.ly/H09DQ6K0"
X Link 2018-01-10T00:16Z 29.8K followers, [---] engagements

"NEW BLOG ALERT: Introducing the Next Chapter of Atomic Red Team @subTee @M_haggis @brianebeyer #AtomicRedTeam https://hubs.ly/H0cF8pm0 https://hubs.ly/H0cF8pm0"
X Link 2018-06-14T16:45Z 29.8K followers, [---] engagements

"NEW BLOG ALERT: Threat Detection #9643: Cryptomining Enabled by Native Windows Tools @ForensicITGuy #threatdetection #threatythreatthursday https://hubs.ly/H0c_rf30 https://hubs.ly/H0c_rf30"
X Link 2018-07-12T19:28Z 29.8K followers, [--] engagements

"We're partnering with @CarbonBlack_Inc to bring you 'Threat Hunting with ATT&CK' a 3-part webinar series. Attend to learn how top security teams use @MITREattack as a roadmap to mature and expand their threat hunting programs. Learn more and register: https://hubs.ly/H0dthlF0 https://hubs.ly/H0dthlF0"
X Link 2018-08-21T15:18Z 29.8K followers, [---] engagements

"NEW BLOG How To Threat Hunt For PsExec Other Lateral Movement Tools by @ForensicITGuy https://hubs.ly/H0fBpSc0 https://hubs.ly/H0fBpSc0"
X Link 2018-11-19T21:31Z 29.8K followers, [---] engagements

"Side-by-side comparison of @MITREcorps and our top [--] @MITREattack techniques:"
X Link 2019-01-21T17:05Z 29.8K followers, [---] engagements

"Great tools for getting started with ATT&CK: [--]. @M_haggis recommends @olafhartong's ThreatHunting [--]. @subTee recommends PoSh_ATTCK by @SadProcessor [--]. @kwm recommends @MITREattack Navigator [--]. @verri3r recommends #AtomicRedTeam chain reactions https://hubs.ly/H0hwZNc0 https://hubs.ly/H0hwZNc0"
X Link 2019-04-19T15:05Z 29.8K followers, [---] engagements

"The .NET framework includes rich offensive capabilities that adversaries arent yet using but weve been thinking about detection anyway. https://redcanary.com/blog/detecting-attacks-leveraging-the-net-framework/ https://redcanary.com/blog/detecting-attacks-leveraging-the-net-framework/"
X Link 2020-01-22T21:05Z 29.8K followers, [--] engagements

"From the folks that brought you Atomic Red Team Chain Reactor is a new open source framework for composing executables that simulate adversary behaviors and techniques on Linux endpoints. https://redcanary.com/blog/chain-reactor-framework-for-linux/ https://redcanary.com/blog/chain-reactor-framework-for-linux/"
X Link 2020-01-28T19:37Z 29.8K followers, [---] engagements

"Invoke-AtomicRedTeam a PowerShell framework that makes it easier to execute Atomic Red Team tests is now an open source project of its own. This will make contributions and maintenance of both projects faster and easier for all involved https://github.com/redcanaryco/invoke-atomicredteam https://github.com/redcanaryco/invoke-atomicredteam"
X Link 2020-02-13T19:38Z 29.8K followers, [---] engagements

"Invoke-AtomicRedTeam started as a framework for executing atomic tests. Now it's much more than that so we spun it out as its own open source project. Here are some key new features: https://redcanary.com/blog/invoke-atomicredteam-leaves-the-nest/ https://redcanary.com/blog/invoke-atomicredteam-leaves-the-nest/"
X Link 2020-04-15T20:33Z 29.8K followers, [---] engagements

"After working hundreds of short term incident response engagements weve learned a lot about how to prevent and mitigate ransomware infections. Here's a ransomware survival guide. https://bit.ly/2Ek5qEp https://bit.ly/2Ek5qEp"
X Link 2020-08-26T18:28Z 29.8K followers, [---] engagements

"Considering the spate of recent ransomware incidents affecting hospitals we decided to share the ten detection analytics that helped us stop one earlier this month. #Ryuk https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/"
X Link 2020-10-29T22:50Z 29.8K followers, [---] engagements

"Big news ya'll: @Cyb3rWard0g will be hosting our next Atomic Friday on December [--] Join us for a deep dive into @Mordor_Project and learn strategies for expediting data analysis. https://bit.ly/33AKlil https://bit.ly/33AKlil"
X Link 2020-12-02T16:20Z 29.8K followers, [--] engagements

"BOLO for increased #Qbot activity delivering Cobalt Strike & #Egregor ransomware. If you see Qbot & recon/Cobalt Strike activity move fast because a ransomware payload may be imminent. Behavioral analytics & detection opportunities in this thread. #RCintel #qakbot"
X Link 2020-12-02T19:56Z 29.8K followers, [---] engagements

"NEW: "Yellow Cockatoo" is Red Canary Intel's name for a cluster of activity executing an in-memory .NET RAT on victim machines across a wide range of industries. Detection opportunities abound https://bit.ly/3oqFEzG https://bit.ly/3oqFEzG"
X Link 2020-12-04T20:19Z 29.8K followers, [---] engagements

"NEW from @mattifestation: "Effective threat research is built on a foundation of asking specific deliberate questions in an attempt to reduce a broad objective into something more achievable measurable and resilient against evasion." http://bit.ly/3oyVBUl http://bit.ly/3oyVBUl"
X Link 2020-12-08T18:13Z 29.8K followers, [---] engagements

"Due to its privileges the Windows NT AUTHORITYSYSTEM account is a juicy target for adversaries across all versions of Windows operating systems. @ForensicITGuy walks through how to hunt for telltale GetSystem commands in offsec tools. https://bit.ly/3op7sVi https://bit.ly/3op7sVi"
X Link 2021-01-06T19:07Z 29.8K followers, [---] engagements

"Silver Sparrow is a cluster of activity that includes a binary compiled to run on Apples new M1 chips but lacks one very important feature: a malicious payload. #RCintel https://redcanary.com/blog/clipping-silver-sparrows-wings/#technical-analysis https://redcanary.com/blog/clipping-silver-sparrows-wings/#technical-analysis"
X Link 2021-02-19T00:21Z 29.8K followers, [---] engagements

"Red Canary's @likethecoins and @ForensicITGuy will be discussing our recent Silver Sparrow research including what we've learned since publishing. Tune in at 2pm EST today"
X Link 2021-02-22T15:44Z 29.8K followers, [---] engagements

"We've gotten a ton of requests for access to Silver Sparrow samples. We didn't link to them when we first published our research but we've added links since. For convenience you can find the samples here: Version 1: Version 2: https://www.virustotal.com/gui/file/c7dd06b20b64b64d3b155b6b77c2778a08ef6a6c0396d7537af411258e57af1e/details https://www.virustotal.com/gui/file/1decb4070db4dfe5d68ba502cf3a67de96a69ea6f3acfa4454795f96472ccc0d/details https://www.virustotal.com/gui/file/c7dd06b20b64b64d3b155b6b77c2778a08ef6a6c0396d7537af411258e57af1e/details"
X Link 2021-02-22T22:28Z 29.8K followers, [---] engagements

"There's an overwhelming amount of information on Exchange server exploitation and web shell activity. Based on our observations here's some simple guidance on remediation detection and categorizing activity clusters: #RCintel https://bit.ly/2OGNkAY https://bit.ly/2OGNkAY"
X Link 2021-03-09T21:29Z 29.8K followers, [---] engagements

"Detecting precursor activity is a great way to diminish or prevent a ransomware outbreak. One behavior weve encountered in numerous IR engagements involves adversaries renaming a popular file sharing utility and heres how you can detect it. #RCintel #incidentresponse 1/6"
X Link 2021-03-18T22:08Z 29.8K followers, [---] engagements

"Introducing VSCode-ATT&CK a new open source plug-in that lets you query the @MITREattack framework without clicking out of your code editor. https://bit.ly/3g9epIU https://bit.ly/3g9epIU"
X Link 2021-04-14T15:35Z 29.8K followers, [---] engagements

"Detect or do not detect there is no try. On Star Wars Day we're sharing some strategies for detecting malicious file transfer activity. #MayThe4thBeWithYou https://bit.ly/2RrWbI9 https://bit.ly/2RrWbI9"
X Link 2021-05-04T19:18Z 29.8K followers, [---] engagements

"In our third Diary of a Detection Engineer @mattifestation and @StarSlaughter invite you to an official meeting of the SOC Analysts club https://bit.ly/2SFc7b3 https://bit.ly/2SFc7b3"
X Link 2021-06-16T19:05Z 29.8K followers, [---] engagements

"The Atomic Red Team maintainers are excited to launch atomic tests for @MITREattack techniques used on cloud and containers https://bit.ly/3x36Nxg https://bit.ly/3x36Nxg"
X Link 2021-07-13T17:42Z 29.8K followers, [---] engagements

"Director of Intelligence for Red Canary @likethecoins tries to focus her teams time and efforts not on alarming rhetoric about ransomware attacks but rather developing an actionable rapid response. H/T @SCMagazine https://www.scmagazine.com/feature/advocates/katie-nickels-keeping-calm-to-carry-on https://www.scmagazine.com/feature/advocates/katie-nickels-keeping-calm-to-carry-on"
X Link 2021-09-20T16:57Z 29.8K followers, [--] engagements

"Hundreds of security researchers have used our VSCode-ATT&CK plug-in to access the @MITREattack framework from the comfort of their code editor. Here are some new features that have been added to the tool over the last few months. (1/5) https://redcanary.com/blog/vscode-attack/ https://redcanary.com/blog/vscode-attack/"
X Link 2021-09-29T22:14Z 29.8K followers, [---] engagements

"New blog from @likethecoins: While ingesting feeds of indicators or identifying state-sponsored adversaries can be part of your approach cyber threat intelligence is a much broader field than any specific tool or data source. https://redcanary.com/blog/intel-team/ https://redcanary.com/blog/intel-team/"
X Link 2021-09-30T14:45Z 29.8K followers, [---] engagements

"DETECTION OPP: Were seeing increased Qbot activity including new TTPs that we havent previously associated with this threat. While we havent observed the ultimate payload delivered by Qbot this trend is concerning given that Qbot is often a precursor to Conti ransomware. 1/6"
X Link 2021-10-12T19:24Z 29.8K followers, [---] engagements

"We're proud to share this great piece of news. Congratulations to @likethecoins and the full list of winners and nominees. Our security community is better because of your dedication and leadership. Congratulations to Katie Nickels (@likethecoins) on her @CyberScoopNews award for Cyber Industry Leadership 🎉 Read the full list of winners here: https://t.co/GiHFiFdluF Congratulations to Katie Nickels (@likethecoins) on her @CyberScoopNews award for Cyber Industry Leadership 🎉 Read the full list of winners here: https://t.co/GiHFiFdluF"
X Link 2021-10-19T17:22Z 29.8K followers, [--] engagements

"Kicking off a new series highlighting the most fruitful endpoint data sources for threat detection @mattifestation goes deep into one of the most omnipresent: process command line. https://redcanary.com/blog/process-command-line/ https://redcanary.com/blog/process-command-line/"
X Link 2021-10-20T15:51Z 29.8K followers, [---] engagements

"SQUIRRELWAFFLE is a malware loader that first emerged in September [----] and is often a delivery mechanism for Qbot. Weve seen it rapidly deliver Cobalt Strike and Bloodhound which we frequently observe preceding impactful threats like ransomware. 1/4"
X Link 2021-11-03T16:03Z 29.8K followers, [---] engagements

"📯 You can now find Atomic Red Team tests in the Defender for Endpoint Evaluation Lab Test your security controls against the most common @MITREattack techniques in just a few clicks. Read @msftsecurity's blog here: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/evaluation-lab-expanded-os-support-amp-atomic-red-team/ba-p/2993927 https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/evaluation-lab-expanded-os-support-amp-atomic-red-team/ba-p/2993927"
X Link 2021-11-22T20:00Z 29.8K followers, [---] engagements

"In Oct. we observed a lot of the same threats weve grown accustomed to seeing each month. However the end of the month saw a surge from a previously prolific phisher pushing a familiar foe: Qbot. Read more in our November Intelligence Insights: https://redcanary.com/blog/intelligence-insights-november-2021/utm_campaign=IntelInsights&utm_source=twitter&utm_medium=social https://redcanary.com/blog/intelligence-insights-november-2021/utm_campaign=IntelInsights&utm_source=twitter&utm_medium=social"
X Link 2021-11-24T17:25Z 29.8K followers, [---] engagements

"In the second edition of Better know a data source @jsecurity101 makes a case for monitoring process integrity levels particularly between parent and child processes. https://redcanary.com/blog/process-integrity-levels/ https://redcanary.com/blog/process-integrity-levels/"
X Link 2021-12-09T16:51Z 29.8K followers, [---] engagements

"Qbot climbs in threat rankings Emotet is back and an ADSelfService Plus RCE vulnerability likely increased detections involving webshells. Read the full December intelligence insights now: https://redcanary.com/blog/intelligence-insights-december-2021/utm_source=twitter&utm_medium=social https://redcanary.com/blog/intelligence-insights-december-2021/utm_source=twitter&utm_medium=social"
X Link 2021-12-28T15:58Z 29.8K followers, [---] engagements

"The Atomic Red Team community's been asking for a Python execution framework for years. Earlier this month @MSAdministrator and @swimlane delivered. Atomic Operator is an open source python-based framework for executing atomics across platforms. https://redcanary.com/blog/atomic-operator/ https://redcanary.com/blog/atomic-operator/"
X Link 2021-12-28T19:25Z 29.8K followers, [---] engagements

"Red Canary recently introduced eBPF to our Linux sensor. At a high level @FridayOrtiz explains what eBPF is and how it helps us protect our customers. https://redcanary.com/blog/ebpf-for-security/ https://redcanary.com/blog/ebpf-for-security/"
X Link 2022-01-04T18:47Z 29.8K followers, [---] engagements

"Introducing the Red Canary Ransomware Detection Toolkit. Weve rounded up our best guides resources and open-source tools in one place so you dont waste a minute searching. https://redcanary.com/resources/guides/ransomware-detection-toolkit/utm_source=twitter&utm_medium=social https://redcanary.com/resources/guides/ransomware-detection-toolkit/utm_source=twitter&utm_medium=social"
X Link 2022-01-11T21:07Z 29.8K followers, [---] engagements

"NEW: @mattifestation and @AstleJimmy shine a light on Microsofts Antimalware Scan Interface (AMSI) which can help defenders zero in on in-memory payloads. https://redcanary.com/blog/amsi/ https://redcanary.com/blog/amsi/"
X Link 2022-01-12T16:56Z 29.8K followers, [---] engagements

"Like others in the community weve seen exploitation of VMware Horizon today. In addition to looking for the IP 185.112.83.116 you can also detect this in endpoint telemetry by looking at the PowerShell command line that spawns from ws_tomcatservice.exe. 1/6 Getting word of mass exploits against VMware Horizon with C2 (#CobaltStrike) to 185.112.83.11680 & [----]. Potentially log4j related. Anyone else seeing similar Getting word of mass exploits against VMware Horizon with C2 (#CobaltStrike) to 185.112.83.11680 & [----]. Potentially log4j related. Anyone else seeing similar"
X Link 2022-01-14T21:20Z 29.8K followers, [---] engagements

"We use eBPF at Red Canary to gather security telemetry directly from the Linux kernel. Now you can too. https://redcanary.com/blog/ebpf-for-security/utm_source=twitter&utm_medium=social https://redcanary.com/blog/ebpf-for-security/utm_source=twitter&utm_medium=social"
X Link 2022-01-22T14:06Z 29.8K followers, [---] engagements

"Over the past few hours weve observed malicious phishing emails associated with the delivery affiliate TR in multiple customer environments. The infection scheme was consistent executing in the following pattern: OneDrive phishing page - ZIP download - malicious XLSB - Qbot"
X Link 2022-02-18T21:31Z 29.8K followers, [---] engagements

"Mimikatz ascends the threat ranks Emotet increases phishing campaigns and the new Coral Crane activity cluster emerges. Check out January's Intelligence Insights: https://redcanary.com/blog/intelligence-insights-february-2022/utm_source=twitter&utm_medium=social&utm_content=derivative https://redcanary.com/blog/intelligence-insights-february-2022/utm_source=twitter&utm_medium=social&utm_content=derivative"
X Link 2022-02-24T23:45Z 29.8K followers, [---] engagements

"The [----] Threat Detection Report is out Join us in counting down the most prevalent threats we encountered in our customers' environments last year. We'll reveal a new threat every hour in this thread (Or just download the report & see them all now) https://redcanary.com/resources/guides/threat-detection-report/utm_source=twitter&utm_medium=social&utm_campaign=2022tdr https://redcanary.com/resources/guides/threat-detection-report/utm_source=twitter&utm_medium=social&utm_campaign=2022tdr"
X Link 2022-03-22T13:00Z 29.8K followers, [---] engagements

"SocGholish reclaims the top spot Redline activity is on the rise and detections associated with Raspberry Robin increase.all of this and more in the latest edition of Intelligence insights from #RCIntel. https://redcanary.com/blog/intelligence-insights-march-2022-3/utm_source=twitter&utm_medium=social&utm_campaign=derivative https://redcanary.com/blog/intelligence-insights-march-2022-3/utm_source=twitter&utm_medium=social&utm_campaign=derivative"
X Link 2022-03-24T15:49Z 29.8K followers, [---] engagements

"New from @jsecurity101: Nearly all activity in Windows can be tied back to an identity using access tokens. Therefore having the ability to track a token back to its source would provide invaluable visibility for incident response detection and more. https://redcanary.com/blog/access-tokens/ https://redcanary.com/blog/access-tokens/"
X Link 2022-04-14T15:37Z 29.8K followers, [---] engagements

"SocGholish falls from first place Yellow Cockatoo rebounds and Qbot campaigns leverage Windows Installer packages. All of this and more in the latest edition of Intelligence Insights from #RCIntel https://redcanary.com/blog/intelligence-insights-april-2022/utm_source=linkedin&utm_medium=social&utm_campaign=derivative https://redcanary.com/blog/intelligence-insights-april-2022/utm_source=linkedin&utm_medium=social&utm_campaign=derivative"
X Link 2022-04-27T20:19Z 29.8K followers, [---] engagements

"First identified by @timmedin nearly a decade ago "Kerberoasting" remains a popular post-exploitation technique among ransomware groups like Conti. We chatted with Tim about relevant data sources and how to fill in visibility gaps with #AtomicRedTeam. https://redcanary.com/blog/marshmallows-and-kerberoasting/ https://redcanary.com/blog/marshmallows-and-kerberoasting/"
X Link 2022-05-11T16:59Z 29.8K followers, [---] engagements

"NEW from @RCintel: @ForensicITGuy and @LaurenLeigh522 analyze a Gootloader sample and provide detection opportunties for follow-on activity. https://redcanary.com/blog/gootloader/ https://redcanary.com/blog/gootloader/"
X Link 2022-05-12T16:06Z 29.8K followers, [---] engagements

"What is Raspberry Robin Read on for high-fidelity opportunities to detect known behaviors & background on how we decided to cluster this activity. https://redcanary.com/blog/raspberry-robin/utm_campaign=blog&utm_source=twitter&utm_medium=social&utm_content=derivative https://redcanary.com/blog/raspberry-robin/utm_campaign=blog&utm_source=twitter&utm_medium=social&utm_content=derivative"
X Link 2022-05-15T06:56Z 29.8K followers, [---] engagements

"The #BumbleBee dropper/downloader continues to change. Were now seeing odbcconf.exe load the malicious DLL (rather than Rundll32). While odbcconf.exe can execute DLL files we dont commonly observe it doing so in the wild so this is an interesting change #RCIntel"
X Link 2022-06-28T17:38Z 29.8K followers, [---] engagements

"The security community is embracing the fact that whatever functional label you place on Cobalt Strike its here to stay its implicated in all variety of intrusions and its our duty to defend against it. https://redcanary.com/threat-detection-report/threats/cobalt-strike/utm_source=twitter&utm_medium=social https://redcanary.com/threat-detection-report/threats/cobalt-strike/utm_source=twitter&utm_medium=social"
X Link 2022-09-23T17:51Z 29.8K followers, [---] engagements

"💡 Operational Atomic Red Team hour per week 1.) Select a test: 2.) List relevant defensive telemetry sources 3.) Perform the test review results document 🔖 📊 Track progress with this free tool https://docs.google.com/spreadsheets/d/1YAK27jpd7j1xveWg80M56JUgJdx3xcN9K8PF02LOejs/edit#gid=1271696862 https://redcanary.com/blog/atomic-habits/ https://atomicredteam.io/atomics/ https://docs.google.com/spreadsheets/d/1YAK27jpd7j1xveWg80M56JUgJdx3xcN9K8PF02LOejs/edit#gid=1271696862 https://redcanary.com/blog/atomic-habits/ https://atomicredteam.io/atomics/"
X Link 2023-02-16T17:28Z 29.8K followers, [----] engagements

"The free-to-use software is intended to help researchers monitor and analyze macOS system events much like ProcMon for Windows systems. Join @PartyD0lphin and Matt Graeber for a webinar on how to use a new free tool RedRoc. https://redcanary.com/resources/webinars/redroc-uncaged-macos-telemetry/utm_source=twitter&utm_medium=social&utm_campaign=redroc-webinar https://redcanary.com/resources/webinars/redroc-uncaged-macos-telemetry/utm_source=twitter&utm_medium=social&utm_campaign=redroc-webinar"
X Link 2023-04-05T14:17Z 29.8K followers, 34.2K engagements

"#RedCanaryBookClub 📚 - If you are getting started in cybersecurity operations evolving your existing SOC or engaging with a SOC regularly may we recommend "11 Strategies of a World-Class Cybersecurity Operations Center""
X Link 2023-05-19T18:39Z 29.8K followers, 10.1K engagements

"🚨 New open source release: eBPFmon supercharges bpftool to help you better understand the eBPF programs running in your environment. https://redcanary.com/blog/ebpfmon/ https://redcanary.com/blog/ebpfmon/"
X Link 2023-06-12T18:25Z 29.8K followers, 16.9K engagements

"In honor of @taylorswift13's upcoming Eras Tour stop in Red Canarys hometown of Denver @Susannigans presents you with [--] reasons why Swifties should consider a career in cybersecurity: https://redcanary.com/blog/taylor-swift-cybersecurity/ https://redcanary.com/blog/taylor-swift-cybersecurity/"
X Link 2023-07-12T15:32Z 29.8K followers, 16.6K engagements

"Were exploring one of the years most prevalent MITRE ATT&CK techniques: PowerShell. Learn how adversaries abuse the Windows configuration management framework and how you can observe and detect malicious and suspicious commands and behaviors. https://youtu.be/FDpAAY8haUU https://youtu.be/FDpAAY8haUU"
X Link 2023-07-31T21:58Z 29.8K followers, 10.4K engagements

"Protecting Linux from cyber attacks critical tactic #7: Harden your Linux system. For more critical tactics take a look at our Linux Security Checklist: https://redcanary.com/resources/guides/linux-security-checklist/utm_source=twitter&utm_medium=social https://redcanary.com/resources/guides/linux-security-checklist/utm_source=twitter&utm_medium=social"
X Link 2023-10-26T15:44Z 29.8K followers, 25.3K engagements

"LOLBins are a fascinating and somewhat scary concept because they are legitimate system tools that adversaries abuse to carry out cyberattacksoften undetected. This video explores some of the tricks adversaries use to haunt our digital domains. https://www.youtube.com/watchv=VhU3aYk3I8M&list=PLWPSNJXUawziloErVNgKHigYtx4MZxwQ0&index=15 https://www.youtube.com/watchv=VhU3aYk3I8M&list=PLWPSNJXUawziloErVNgKHigYtx4MZxwQ0&index=15"
X Link 2023-10-30T20:24Z 29.8K followers, 14.2K engagements

"DarkGate emerged as the #6 threat in our Intelligence Insights last month. Our Intel team identified a detection opportunity for this new malware-as-a-service (MaaS). Read more: https://redcanary.com/blog/intelligence-insights-october-2023/utm_source=twitter&utm_medium=social https://redcanary.com/blog/intelligence-insights-october-2023/utm_source=twitter&utm_medium=social"
X Link 2023-11-03T17:20Z 29.8K followers, 12.3K engagements

"We're hiring Threat Hunters (Or thrunters if you're so inclined) Our Intelligence team is growing too https://jobs.lever.co/redcanary/19b941f0-5da2-4858-bed3-a79027947229 https://jobs.lever.co/redcanary/428c9759-f654-49c9-b6f3-bb9147c9a932 https://jobs.lever.co/redcanary/19b941f0-5da2-4858-bed3-a79027947229 https://jobs.lever.co/redcanary/428c9759-f654-49c9-b6f3-bb9147c9a932"
X Link 2023-11-20T22:29Z 29.8K followers, 11.9K engagements

"Detection engineer @wilyhanshan was working his way through the queue when a peculiar event caught his eye. The eventhe would later learnwas a likely precursor to a known ransomware payload that had recently surfaced in the wild. https://redcanary.com/blog/bitsadmin/ https://redcanary.com/blog/bitsadmin/"
X Link 2024-01-09T21:05Z 29.8K followers, [----] engagements

"What does a typical cloud intrusion actually look like Watch clips from our latest Detection Series webinar on prevalent cloud techniques. https://redcanary.com/blog/cloud-attack-techniques/utm_source=twitter&utm_medium=social https://redcanary.com/blog/cloud-attack-techniques/utm_source=twitter&utm_medium=social"
X Link 2024-01-31T20:15Z 29.8K followers, [----] engagements

"The [----] Threat Detection Report is out Featuring actionable insights for the most prevalent cyber threats and ATT&CK techniques your security team is likely to encounter. Read the full report now: https://redcanary.com/threat-detection-report/utm_campaign=2024-tdr&utm_source=twitter&utm_medium=social https://redcanary.com/threat-detection-report/utm_campaign=2024-tdr&utm_source=twitter&utm_medium=social"
X Link 2024-03-13T16:00Z 29.8K followers, 30.4K engagements

"While there are some shared best practices with Windows environments developing detection logic for Linux systems is a distinct art. https://redcanary.com/blog/linux-security/detection-engineer-guide-to-linux/utm_source=twitter&utm_medium=social https://redcanary.com/blog/linux-security/detection-engineer-guide-to-linux/utm_source=twitter&utm_medium=social"
X Link 2024-05-02T14:30Z 29.8K followers, [----] engagements

"PowerShell reclaimed its place as the most prevalent technique we detected in [----] as adversaries continued abusing the tool to execute commands and evade defenses. Learn more in the [----] Threat Detection Report: https://redcanary.com/threat-detection-report/techniques/powershell/utm_source=twitter&utm_medium=social https://redcanary.com/threat-detection-report/techniques/powershell/utm_source=twitter&utm_medium=social"
X Link 2024-05-29T18:40Z 29.8K followers, 34.6K engagements

"Best practices for Linux threat detection: 🕵♂ Focus on distinguishing between an administrator and an adversary 📈 Develop detectors that identify anomalies in activity 🏷 Explore alternative ways of grouping processes https://redcanary.com/blog/linux-security/detection-engineer-guide-to-linux/utm_source=twitter&utm_medium=social https://redcanary.com/blog/linux-security/detection-engineer-guide-to-linux/utm_source=twitter&utm_medium=social"
X Link 2024-10-09T18:59Z 29.8K followers, [----] engagements

"Whether you spell out M-S-H-T-A or pronounce it "Mish-ta" the Windows built-in binary for executing Microsoft HTML Application (HTA) script code is worth keeping an eye on. 👀 Lately adversaries have been leveraging mshta.exe in paste-and-run (aka Clickfix or fakeCAPTCHA) campaigns. 🔎 Learn what to look for your in environment in this year's [----] Threat Detection Report: 🎬 Watch the full video with Principal Threat Researcher Matt Graeber here: https://youtu.be/vkFsn1KcEto https://redcanary.com/threat-detection-report/techniques/mshta/utm_source=twitter&utm_medium=social"
X Link 2025-04-15T19:58Z 29.8K followers, [----] engagements

"✨ Red Canary ➕ @zscaler Today we are announcing Zscalers agreement to acquire Red Canary. Its a major milestone in our journey. This is a significant step forward in our mission to improve security operations not just for our customers but for the entire cybersecurity community. 🧵"
X Link 2025-05-27T20:34Z 29.8K followers, 26.5K engagements

"Take a technical deep dive into the Windows API with analyst @Bewg12: http://ow.ly/i4an30dL2WD http://ow.ly/i4an30dL2WD"
X Link 2017-08-09T22:25Z 29.8K followers, [---] engagements

"Threat Detection 3163: Using Alternate Data Streams to Bypass User Account Controls https://www.redcanary.com/blog/using-alternate-data-streams-bypass-user-account-controls/ https://www.redcanary.com/blog/using-alternate-data-streams-bypass-user-account-controls/"
X Link 2017-09-08T17:13Z 29.8K followers, [---] engagements

"3 Practical Ways for Lean Security Teams to Boost Their Defenses - via @subTee http://ow.ly/JK4Q30fteMU http://ow.ly/JK4Q30fteMU"
X Link 2017-09-27T17:56Z 29.8K followers, [---] engagements

"Excited to release our test cases based on @MITREattack. Small and highly portable detection tests: https://github.com/redcanaryco/atomic-red-team https://github.com/redcanaryco/atomic-red-team"
X Link 2017-10-11T22:06Z 29.8K followers, [---] engagements

"Atomic Red Team: @subTee walks through how to use the new testing framework for defenders: http://ow.ly/L4wI30fZJJL http://ow.ly/L4wI30fZJJL"
X Link 2017-10-19T16:47Z 29.8K followers, [---] engagements

"Watch a short video to learn how to use Atomic Red Team to test your detections: https://hubs.ly/H099nRm0 https://hubs.ly/H099nRm0"
X Link 2017-11-18T16:06Z 29.8K followers, [---] engagements

"Not all DLLs are created equally. Learn the basics of the Windows architecture. https://hubs.ly/H09qBgS0 https://hubs.ly/H09qBgS0"
X Link 2017-12-16T21:48Z 29.8K followers, [---] engagements

"What does lateral movement using WinRM & WMI look like How to detect & mitigate this threat. #ThreatyThreatThursday https://hubs.ly/H09J4v10 https://hubs.ly/H09J4v10"
X Link 2018-01-18T23:48Z 29.8K followers, [---] engagements

Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing