user avatar
Greg Lesnewich
@greglesnewich
great, now I'm on twitter
Joined May 2020
790
Following
3,756
Followers
  • user avatar
    Greg Lesnewich
    @greglesnewich
    May 24, 2023
    Of course that’s your contention. You’re a first-year threat intel analyst. You’ve just read up on the MITRE ATT&CK framework and are convinced every problem is solve-able with a T-code
    user avatar
    Glenn
    @GlennLuk
    May 23, 2023
    Of course that’s your contention. You’re a first-year associate on Morgan Stanley’s international desk. You just finished reading Business Insider and are convinced that the CCP has taken out a trillion dollars of debt …
    109K
  • user avatar
    Greg Lesnewich
    @greglesnewich
    Jul 12, 2022
    Little after school project 🔬🔭 a few examples of common encoding/encryption mechanisms to help newer analysts learn to eyeball them:github.com/g-les/Misc/blo… heavily inspired by work from @c3rb3ru5d3d53c and @cyb3rops 💝 was fun to get some practice using Jupyter notebooks
  • user avatar
    Greg Lesnewich
    @greglesnewich
    Dec 10, 2021
    there's nothing like the disappointment of chasing down a hot new exploit, where the only IP sending a probe not from a TOR node initiates a multi-step chain all leading to... a cryptominer
  • user avatar
    Greg Lesnewich
    @greglesnewich
    Jul 5, 2023
    What, dear reader, are in your opinion, some of the best conference talks on discovering & tracking APT groups? Think less “here’s a stock profile of this actor”, more “here’s how we found this thing” I’ll start:
    55K
  • user avatar
    Greg Lesnewich
    @greglesnewich
    Dec 8, 2021
    are you new to using YARA or are seasoned vet? are you looking for a warm, collaborative environment to get creative new ideas with random internet friends? if so, #100DaysofYARA is for you! Kicks off Jan 1, join us won't you?
  • user avatar
    Greg Lesnewich
    @greglesnewich
    Nov 17, 2023
    Do you want to learn YARA to track malware but don't know where to start? In anticipation of #100DaysofYARA we're giving away 3 free seats to AND's YARA Course! To enter, reply to this tweet with what malware you want to track. Most creative responses by Friday 2023-11-24 win!
    49K
  • user avatar
    Greg Lesnewich
    @greglesnewich
    Mar 29, 2021
    For everyone buying a @shodanhq account today, give @ninoseki 's Shodan Dojo a shot to learn how to track evil!
    GitHub - ninoseki/shodan-dojo: Learning Shodan through katas
    From github.com
  • user avatar
    Greg Lesnewich
    @greglesnewich
    Aug 28, 2023
    🚨 Job Openings! Our team is looking to hire for 2 positions on our APT tracking team. Primary responsibilities & day-to-day will be disrupting state-aligned or state-sponsored actors trying to deliver malware, phish, or otherwise engage with our customers, in email data.
    38K
  • user avatar
    Greg Lesnewich
    @greglesnewich
    Jan 1, 2023
    Happy new year and happy #100DaysofYARA to all those subjected to them! Toying with some longer tutorials on GitHub for this go round, on a likely weekly basis. Today's subject matter: a look at triage and bulk analysis, and rule writing for LNK files github.com/g-les/100Dayso…
    16K
  • user avatar
    Greg Lesnewich
    @greglesnewich
    Nov 16, 2022
    #100DaysofYARA #100DaysofYARA2 gang! We've got a game plan for Jan 1! 100 Days of YARA is a self-enforced challenge to learn YARA for the first time, or learn new techniques for creating rules, or submit rules for cool malware you've observed! 🧵
  • user avatar
    Greg Lesnewich
    @greglesnewich
    Apr 10, 2022
    Day 100 #100DaysofYARA we made it! Reflecting on the last 100 days, it has been fun to see participation and encouragement (yes those things are possible on Twitter) Some highlights ⬇️🧵
  • user avatar
    Greg Lesnewich
    @greglesnewich
    Dec 5, 2023
    The whole gang got up for this one to wrap up on TA422 (aka APT28, Fancy Bear, Forest Blizzard, FROZENLAKE, BlueDelta, Sednit, etc.) spraying n-day exploits August through November proofpoint.com/us/blog/threat… TL,DR:
    21K
  • user avatar
    Greg Lesnewich
    @greglesnewich
    May 12, 2022
    I started this week with the Proofpoint @threatinsight team. I’ll be working alongside the hyper talented APT crew @Zydecaa @aRtAGGI @ChicagoCyber and #CristaNeedsATwitter and I’ve been learning from them all daily I’ll be working DPRK 🇰🇵 so any tips are appreciated!
  • user avatar
    Greg Lesnewich
    @greglesnewich
    Sep 26, 2023
    The next CTI blog is gonna blow minds…. Actor: 1 of 4 active APT groups Setting: a high value target TTPs: one new one detections: banging IOCs: in an image - not on VT ATT&CK: not done bc is more work Outlook: actor will continue doing this Share of voice: Number 1 💪
    15K