bohops @bohops
Red/Purple/Research | Adversary Services @xforce red bohops.com The Land of Pleasant Living Joined August 2017-
Tweets8K
-
Followers15K
-
Following481
-
Likes13K
New blog post is up looking at what GEPA is, and how it can be used for refining prompts for security agents. specterops.io/blog/2026/06/0…
Notably, those approved by the current Cyber Verification Program aren’t included in this group. Bummer, I have some cool experiments to test it 😔
For a small group of cyber defenders and critical infrastructure providers, we are also launching Claude Mythos 5. Mythos 5 shares the same underlying model as Fable 5, but with the safeguards lifted in some areas.
shipping v5 of LitterBox after way too many late nights real EDR in the loop now. drop an agent on your VM, fire payloads at it, alerts land back with full call stacks. Elastic Defend + Fibratus work. new UI + better performance — notes in the release. github.com/BlackSnufkin/L…
@TheAIShrink the timeline is relative, hence "soon". and it is doesn't happen all at once.
It has never been about "safety" or "security". It's about compute. And the cost for that compute is coming to a frontier model near you soon.
Anthropic just proposed a global system to pause AI research to keep the world safe. They believe society isn't ready for how fast Claude and other AI is advancing and that putting a global speed limit on frontier research may one day be necessary.
@5mukx Do you host private projects/repos on GitHub that you never intend to share? If so, I would highly recommend a self-hosting solution. Bad enough public accounts and repos get taken down, but there is no reason to lose other valuable work and/or risk provider access to them.
For more than 20 years, I have supported MSRC, dating back to my times as a security researchers at eEye. I have spoken at conferences, defended their program & methods publicly, & shared examples and results of productive collaboration even when many, many researchers strongly disagreed with me. That history makes this especially difficult to say. The current treatment of security researchers is deeply disappointing. Trust between vendors & the research community is hard-earned & easily lost. Researchers are not the enemy. They are often the first line of defense for customers, helping identify and responsibly report issues before malicious actors can exploit them. Alienating these individuals carries real consequences for the security ecosystem as a whole. I've spent decades advocating for constructive engagement between Microsoft & the security community. What we all are seeing today falls short of the standards that built that relationship in the first place. I hope this message reaches the people who still remember why that relationship mattered. Not because researchers are asking for special treatment but because mutual respect, transparency & good-faith engagement have always produced better outcomes for everyone involved. Microsoft's relationship with the security community was once viewed as a model for the industry. I truly hope it can be again.
I think we're entering an era where brutal honesty is needed from cybersecurity and ai companies. No fear mongering, real threats only.
Asked folks what they actually want from a SIEM. the answer: just make it work, and a little AI is fine. So I built nano, an open-core (AGPL), rust on clickhouse, fast search, a real detection lifecycle, 1-line install. Let me know what you think! nano.rs
This is fun: "nano is a lightweight SIEM in Rust on ClickHouse, with a piped query language, a real detection lifecycle, and AI that does actual investigation work." blog.nano.rs/posts/introduc…
@_josehelps @anton_chuvakin I worked with @dansec_ in the past, and though I have not personally used his new SIEM yet, I'd imagine the quality is there given his very in-depth expertise in the subject area. I'm looking forward to giving a test run myself.
Agents need better tools for reversing! I'm releasing declib (previously libbs), with a new CLI today that gives agents CLI access to 4 decompilers (IDA, Ghidra, Binja, angr), parity feature support to most MCP (12 features), and the ability to sync those changes across decs!
Very cool. Unwind data means we can stomp PIC over a DLL and get nice call stacks.
‼️🚨 BREAKING: Another researcher skipped coordinated disclosure entirely and dropped a critical 1-click GitHub token theft in public because he doesn't want to deal with MSRC. In his own words: "I really don't want to deal with MSRC on VSCode bugs." The bug: just clicking a link can hand an attacker a GitHub token that reads AND writes to all your repos, including private ones. It lives in github[.]dev, GitHub's browser-based VSCode editor, which passes the browser an OAuth token that isn't scoped to a single repo. That token can touch everything you can. Researcher Ammar Askar found that VSCode's sandboxed "webviews" leak keyboard events to the main editor. A malicious repo opened via one link can simulate keystrokes, install a local extension that skips VSCode's publisher-trust check, and exfiltrate your token. He published a working proof-of-concept. He says when he reports github[.]dev bugs, GitHub tells him they're out of scope and to go report to MSRC, and a prior VSCode bug he reported was silently fixed with no credit. One commenter summed up the mood: "MSRC has turned into Feedback Hub."
OAIC's CFP is now open! The first conference dedicated to the cutting edge of the offensive use of AI is returning for its second year. Speakers will enjoy three nights at a four-star beachfront resort, which includes all meals and drinks, three exclusive parties, and a Michelin-star welcome dinner. Please see sessionize.com/offensive-ai-c… for accepted topics.
Over the past several days, we have been listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile. We deeply value the security community, and will continue to take your feedback seriously. To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate. We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products. Each year we process a high volume of vulnerability reports. That volume continues to grow and will continue with the rise of AI-enabled research. We acknowledge that some interactions have fallen short and are working to learn from them. Many of us have experience on both sides of this work, as researchers reporting vulnerabilities and as responders triaging and assessing them. That perspective informs how we approach this feedback and the importance we place on getting it right, particularly as the volume and complexity of research continues to grow. The security community plays a vital role in helping us protect customers. We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.
@kulinacs I am but 4.6 still gets the job done for now
Opus 4.7/4.8 model access is meaningless if the actual Claude Code security exception is not honored like it is for Sonnet 4.6. Let's be real - it's not about security, it's about compute/resources. Maybe I'm wrong, but Anthropic should at least be open about it.
Florian Roth ⚡️ @cyb3rops
221K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Florian Hansemann @CyberWarship
88K Followers 46 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98M
Justin Elze @HackingLZ
71K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Adam Chester 🏴�... @_xpn_
38K Followers 538 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOlmau2 | Insta at https://t.co/PqR6CZQ48T
Dave Kennedy @HackingDave
231K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
chompie @chompie1337
89K Followers 1K Following hacker, exploit developer/weird machine mechanic head of X-Force Offensive Research (XOR) @IBM
Mike Felch (Stay Read... @ustayready
17K Followers 2K Following Offensive @ TrustedSec | Hacking since Renegade BBS backdoors | Prior CrowdStrike/BHIS | In Christ's grip | Fighter for truth | K1HAQ
DirectoryRanger @DirectoryRanger
37K Followers 102 Following This account assembles and disseminates information related to Active Directory and Windows security.
Vincent Yiu @vysecurity
32K Followers 345 Following Director, Red Team / Offensive Security. Help organizations safeguard their businesses from the bad guys.
Rad @rad9800
10K Followers 708 Following ex-founder. building solutions to secure organizations. prev @deceptiq_ (acq.), now at @thinkstcanary All thoughts / opinions (if at all) are my own.
mgeeky | Mariusz Bana... @mariuszbit
14K Followers 950 Following 🔴 Offensive Security Developer @ Outflank, Red Team operator, ex-AV dev, ex- malware researcher 🫖 Green tea lover
DebugPrivilege @DebugPrivilege
41K Followers 2K Following Not active anymore on X. Problem solver with a passion for troubleshooting complex issues.
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / mobile research @ ▓▓▓▓▓ / Team 501 / ex IBM Capability Lead & FireEye TORE / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
Josh @passthehashbrwn
10K Followers 296 Following Adversarial Simulation at IBM, tweets are mine etc.
n00py @n00py1
14K Followers 966 Following Retweeter of InfoSec/Offsec/Pentest/Red Team. Occasional blogger/Independent security research.
x86matthew @x86matthew
23K Followers 203 Following system emulation / reverse-engineering / binary analysis. @the_secret_club
𒐪Z.A.P𒐪 @Zappit3
1K Followers 3K Following 𒐪𒐪Stardust𒐪𒐪 No bs, just me myself and I, - Swedish/Finnish. Pizza and kebab lover, no need to fake personalities. ᕙ( 
xfil @XFILSec
1 Followers 58 Following XFIL Security Solutions, LLC is a boutique cybersecurity consulting firm.
lgandx @lgandx
20 Followers 22 Following Been collecting your credentials for more than a decade. Now on the AI train.
Aleck Plouffe @veFwLujd
0 Followers 12 Following
Ghader @beonesto
29 Followers 479 Following Infosec Enthusiast | Cybersecurity Explorer Always learning, always digging deeper. :-)
Indiana @Indiana_J0
0 Followers 157 Following
Espoir_pro @jrespoir6
79 Followers 455 Following Trust in the Lord with all thine heart; and lean not unto thine own understanding. #Umwana_w'umunyamulenge #IDUBU #kugera_kumutonyi_wa_nyuma_wamaraso
ZENITH @ALIVE830
0 Followers 4K Following
Kenza | ⴽⴻⵏⵣ�... @Tr3s0r
3K Followers 4K Following Procrastinator in chief. Talks about CS security sometimes. @TheTr3s0r is my account for mutuals only @[email protected] sec+, cisa+, BTL1 she/her/هي
computer @uiii_767
3 Followers 42 Following
0xb000bd @0xb000bd
2 Followers 84 Following
cr3ghost @cr3ghost
1K Followers 296 Following A student passionate about reverse engineering, windows internals, anti-cheat research, malware research, and exploit research. Aspiring red teamer.
nt!RajKit @NtRajkit
8 Followers 268 Following
SlyBits @slybits101
2 Followers 101 Following
Ayman Mo @MoMo1a9
0 Followers 758 Following
LeerBox @RX3
37 Followers 222 Following Keep it simple, that’s how you stay fly. Welcome to my World !!
bdcd @bdcdhm3z
4 Followers 295 Following
zeze ⛈️ @zeze7w
222 Followers 428 Following @TXOneNetworks Senior Threat Researcher / @HacksInTaiwan Staff
Artificially Intellig... @ArtiIntelligent
297 Followers 7K Following Insanity is doing the same thing over and over and expecting different results...
99% safe AI, @shutdowntheai
111 Followers 6K Following
bamba bathily @2b_622_b
2K Followers 3K Following |follow me, it's the easiest way to know me🙃🙂||geeksec|🛡️Cybersecurity Awareness ||#Cybersécurité|| #CyberDiplomacy|#ChildProtection||@cybersec221 Founder||
marc @m2rc_p
416 Followers 709 Following red team @ somewhere ctf player and occasional fps videogamer 21
C@p7@în Fłîn7 @_TheATeam
10 Followers 381 Following My tweets are my own. I cyber from time to time.
Atakilti Tigabu @AtakInjector
12 Followers 388 Following
Untra 💎 @untra
172 Followers 2K Following Programmer, mathematician, rad dude and your friend https://t.co/YfeUrKf0gz Fullstack engineer at 🦅 https://t.co/ZfAOGpndpQ 🏔️ CO cybersecurity / devops / dank memes
SpaceBurn @SpaceBurn_
147 Followers 2K Following I’ll get back to you on that one 🇦🇺 | he/him | 🏳️🌈 | Private: @SpaceBurn_Priv
ShubhS @_ShubhShukla
104 Followers 441 Following Cyber Security Engineer, Financial Services (City of London, England), UK.
XD @L0rdMrcS
100 Followers 754 Following Um cara duma cidade numa ilha dum mundo que está deixando de ser azul. ;)
Ryan Hanson @ryHanson
7K Followers 897 Following Security Researcher hunting for weird bugs. Research Science Director @Atredis
nuno almeida @_nunoalmeida_
346 Followers 1K Following https://t.co/XAm7rpp1qN shenanigans • cyber stuff • married to @annie_power • @Hack_South • @BSidesCapeTown
Land @dlende_
3 Followers 582 Following
Egemen @egmwn_
26 Followers 385 Following
wackaid @wackaid
33 Followers 2K Following ai - security researcher - 👕🐀- friendly neighborhood nerd & starter builder
Joris Ignoul @IgnoulJoris
24 Followers 634 Following
My name here @explore54
0 Followers 4K Following
CURE @curepaint
23 Followers 423 Following
BJORKA @RealBjorkanism
697 Followers 7K Following
Florian Roth ⚡️ @cyb3rops
221K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Florian Hansemann @CyberWarship
88K Followers 46 Following Father, Founder @HanseSecure, Pentesting, Student, ExploitDev, Redteaming, InfoSec & CyberCyber; -- Mastodon: https://t.co/KFSKYUN98M
Justin Elze @HackingLZ
71K Followers 5K Following CTO @TrustedSec | Former Optiv/SecureWorks/Accuvant Labs/Redspin | Race cars
Adam Chester 🏴�... @_xpn_
38K Followers 538 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOlmau2 | Insta at https://t.co/PqR6CZQ48T
Grzegorz Tworek @0gtweet
38K Followers 2K Following My own research, unless stated otherwise. Not necessarily "safe when taken as directed". GIT d- s+: a+ C++++ !U !L !M w++++$ b++++ G-
Dave Kennedy @HackingDave
231K Followers 6K Following Founder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Pod. God + Family/Hacker/CSO/USMC/Intel/Fitness. Make the world a better place.
chompie @chompie1337
89K Followers 1K Following hacker, exploit developer/weird machine mechanic head of X-Force Offensive Research (XOR) @IBM
Mike Felch (Stay Read... @ustayready
17K Followers 2K Following Offensive @ TrustedSec | Hacking since Renegade BBS backdoors | Prior CrowdStrike/BHIS | In Christ's grip | Fighter for truth | K1HAQ
ippsec @ippsec
123K Followers 365 Following
DirectoryRanger @DirectoryRanger
37K Followers 102 Following This account assembles and disseminates information related to Active Directory and Windows security.
Binni Shah @binitamshah
141K Followers 165 Following Linux Evangelist, Malwares, Security enthusiast ,Investor,World Economy, Finance,Contrarian , Philanthropist , Reformist , Sigma female [email protected]
Vincent Yiu @vysecurity
32K Followers 345 Following Director, Red Team / Offensive Security. Help organizations safeguard their businesses from the bad guys.
Rad @rad9800
10K Followers 708 Following ex-founder. building solutions to secure organizations. prev @deceptiq_ (acq.), now at @thinkstcanary All thoughts / opinions (if at all) are my own.
mgeeky | Mariusz Bana... @mariuszbit
14K Followers 950 Following 🔴 Offensive Security Developer @ Outflank, Red Team operator, ex-AV dev, ex- malware researcher 🫖 Green tea lover
DebugPrivilege @DebugPrivilege
41K Followers 2K Following Not active anymore on X. Problem solver with a passion for troubleshooting complex issues.
b33f | 🇺🇦✊ @FuzzySec
33K Followers 1K Following 意志 / mobile research @ ▓▓▓▓▓ / Team 501 / ex IBM Capability Lead & FireEye TORE / I rewrite pointers and read memory / AI Psychoanalyst / Teaching @CalypsoLabs
EZ @IAMERICAbooted
3K Followers 2K Following Like = tuning the algorithm. Episodically hyperbolaciously satirical. Janitor at Contoso & Fabrikam. Posts don't represent my employer(s).
NetworkChuck @NetworkChuck
254K Followers 726 Following Believer. Beard. Coffee. Tech. Youtube. Check the link in my bio to see my latest video!
Jakob @jakobdylanc
382 Followers 950 Following Token plumber @OpenRouter, prev @AMDEmbedded. Check out my side project llmcord!
freefirex @freefirex2
2K Followers 161 Following Research Practice Lead @Trustedsec gamer and nature enthusiast
dreadnode @dreadnode
3K Followers 112 Following Where security agents run. AI infrastructure to build, evaluate, and deploy with confidence.
X-C3LL @TheXC3LL
5K Followers 630 Following Just a biologist that loves to break cyber-stuff. Ka0labs / @AdeptsOf0xcc / ID-10-Ts member. 🦉
nyxgeek @nyxgeek
8K Followers 4K Following rebel scum, nerfherder, dogged and relentless. Midnight Computer Lab H/P/V/A/C Directory - https://t.co/kjwuy6Pqx5
Soumyani1 @reveng007
1K Followers 2K Following Red mind. Blue mission. Turning attack tradecraft into detections | CRTO | CRTP | @BlackHatEvents 2024 Arsenal, @WWHackinFest 2024 Presenter and @BSidesSG 2023
Mike Manrod @CroodSolutions
2K Followers 2K Following CISO and faculty by day, adversary emulation/tools by night, bad jokes and memes all the time.
solst/ICE of Astarte @IceSolst
31K Followers 2K Following Voidweaver @AstarteSecurity - Pentester turned seceng turned meeting canceller - meetup https://t.co/E4rlINC0U6 - conf tracker https://t.co/tReNhuhANF
Aaron Grattafiori @dyn___
6K Followers 2K Following Offensive Security / AI Red Teaming @ NVIDIA. Ex-GenAI and OffSec Red Teaming Lead at Meta. Ex-Principal Consultant and Researcher @ NCC Group/iSEC Partners.
Sam Sabetan @samsabetan
88 Followers 80 Following
Chris Thompson @_Mayyhem
3K Followers 487 Following Senior Security Researcher @SpecterOps https://t.co/Sz5fRYkX6u
Cedric Van Bockhaven @c3c
979 Followers 354 Following
Nick Powers @zyn3rgy
2K Followers 255 Following Adversary Simulation @SpecterOps | Previously @Rapid7 & @Protiviti
Krishna Trivedi @Krish8376
4 Followers 82 Following
Roberto Martínez @r0bertmart1nez
16K Followers 3K Following Cybersecurity Strategist | Practice Lead | Researcher & Professor | Published Author & Keynote Speaker 🇨🇦🇪🇺🇲🇽
Enno Rey @Enno_Insinuator
7K Followers 2K Following Old-school network security person. Founded https://t.co/jnQuHO036k & @WEareTROOPERS. Occasionally blogging at https://t.co/67lpbmCajA
Andi Bombadillo @AndiBombadillo
7 Followers 128 Following
The Bingus Man @NotNordgaren
3K Followers 930 Following The internets cat Is this how I send a tweet? My opinions are yours. Orange cat crashouts from time to time... @hackercatprod
Sean Metcalf @PyroTek3
37K Followers 679 Following Identity Security Architect @ TrustedSec. Microsoft Certified Master #ActiveDirectory & former Microsoft MVP. Co-Host @ Enterprise Security Weekly. He/Him. #BLM
MagicSword @magicswordio
1K Followers 30 Following It Ends with Us! ⚔️Watch 📺 https://t.co/zofSxbxVDA Follow 🥷 https://t.co/kGRIGi9ayg Read 📓 https://t.co/BowPLUlcB0
dinosaurlover38 @_dinolover38
773 Followers 173 Following 0-day monkey | IBM X-Force Offensive Research (XOR)
John S @JohnS38353871
13 Followers 489 Following
JS0N Haddix @Jhaddix
176K Followers 7K Following CEO, CISO, Trainer, Hacker, and Speaker. Cybersecurity + Hacking + AI + Sec Leadership @arcanuminfosec
Smukx.E @5mukx
23K Followers 224 Following Adversary Simulation | Malware Researcher & Red Teamer | 0x16 Y/o
Today In Infosec @todayininfosec
40K Followers 1 Following Tweeting news from the world of information security that occurred or was announced on today's date in a previous year. Managed by @stevewerby.
Cerbersec @cerbersec
4K Followers 216 Following I make things to break things | Red Team @MDSecLabs | Opinions are my own
whitecyberduck @whitecyberduck
4K Followers 669 Following Ayub Jabril Yusuf | 🇸🇴🇺🇸 (he/him) | Hacker @SpecterOps | GSE • OSCP
Cody Thomas @its_a_feature_
8K Followers 311 Following Mythic Developer (https://t.co/Uz4fOxIUbe) | @SpecterOps @[email protected] | @its-a-feature.bsky.social
Cody Ambrose @ryan_ambro3
59 Followers 386 Following Real Central NJ Soccer Stats/Data Analytics | Tottenham Hotspur Supporter | Philadelphia Union Supporter | Soccer Fanatic | Food Lover | Runner
Trends for United States
You might like
