I am preparing for an internal talk on career advice learned from working security crises. My notes 🧵

During the Mandiant FLARE team's webinar series "The Sample," you will hear stories of notable #malware samples they have reverse engineered. Tune in this Thursday for the first installment of the series. Register 👉 mndt.info/3LAMFtF

Get you a keeper who can save AND score 💪

🔥I'm looking for a manager for the Mandiant (part of Google Cloud) #AdvancedPractices Research team! 🦅 If you want to: 1⃣manage high-performing experts 2⃣find evil and codify attacker methodologies 3⃣work on a team at the front lines of security ...this may be for you. jobs.smartrecruiters.com/Mandiant/74399…

Flying was a (pi)lot of fun! 10/10 recommend 🛫

Just received my flag* as well for my time at Mandiant (part of Google Cloud)! It was a big deal for me to hit the 5 year mark in my career while doing cool research with AP ❤️🦅 Stoked I have a memento *majestic cat not included

One of my favorite malware analysis utilities just got a big update!

🎉 SUPER EXCITED to announce I'll be presenting at DEFCON this year! forum.defcon.org/node/242292

This is an awesome blog on attacker VPN usage! 🤩 Come for the walkthrough of Jared Wilson’s fun research and stay for the fantastic list of hunting examples/rules that will get your creative juices flowing 👏🏽

#MSTIC 🛡️ & #DART 👻 are now hiring Hunt Analysts who live at the intersection of incident response and threat intelligence. Have experience in both areas? Come join us! Hunt Analyst 🕵️: careers.microsoft.com/us/en/job/1446… careers.microsoft.com/us/en/job/1439…

This looks handy! Started using Jupyter notebooks for research/analysis in the past year and it’s *the best*

Microsoft has discovered a post-compromise capability we’re calling MagicWeb, which the threat actor tracked as NOBELIUM is using to maintain persistent access to environments they have compromised. In-depth technical analysis and hunting guidance here: msft.it/6016jeB4i

Congrats to my Mandi....uh Google friends! Excited to see what y'all accomplish with that Google ☁️ scale! 🥳

Not sure how I missed this one but PSA for red team friends 🚨update Cobalt Strike if you haven’t

If anyone is considering taking the CySA+, CompTIA is doing an open beta for the new version and it’s only $50

A threat group tracked by Microsoft as DEV-0196 is linked to an Israel-based private sector offensive actor (PSOA) known as QuaDream, which reportedly sells a suite of exploits, malware, and infra. Read our analysis in collaboration with The Citizen Lab: msft.it/6010gy5fA