Share this page!

Enter Twitter Thread URL to Unroll

Needs to be the full URL like: https://twitter.com/threadreaderapp/status/1644127596119195649

How to get URL link on Twitter App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Matthew Dunwoody Profile picture
Matthew Dunwoody
@matthewdunwoody
@GoogleCloud @Mandiant #AdversaryMethods Lead. Former #AdvancedPractices Security Researcher, Technical Intel Analyst, IR Consultant, Security Architect/TPM.
Aug 12, 2018 9 tweets 3 min read
In my experience, once an attacker is tipped off to a response, a few things can happen. What happens likely depends on where they are in their mission, mission priority, tolerance for being publicly identified, etc. It also likely depends on how badly they think they're burned. A victim identifying a phishing doc or phishing backdoor doesn't necessarily mean the op is blown. In fact, it may give the victim a false confidence if they found the initial infection but didn't follow lateral movement. Same if an attacker loses a couple of implants out of many
Nov 10, 2017 13 tweets 4 min read
Some observations about Russian #APT29, after dealing with them for years (my views, not my employer's): #APT29 has used generic phishing emails, like "efax notification". They work on gullible users and hinder identification as targeted attack.