This post was originally published here by Danny Akacki.
On the heels of our “Hunting For Web Shells” webinar, I wanted to follow up with a short post that came from an attendee question. I’m paraphrasing here but it was something along the lines of,
“I’m new to the infosec world, where can I go to learn more about things like web shells or overall information security?”
My answer was immediate and unequivocal, Twitter is where you need to be. I don’t know where I’d be today both in the evolution of my career as a person without such an epic treasure trove of people and information readily available 24 hours a day, 7 days a week, 365 days a year.
Any time there is a new breach, new technology, or new hacker philosophy, you can find at least 20 people with opinions on any subject, research to back up their opinions and others commenting on it. The hacker community has carved a deep niche into the Twitterverse and whether you’re new to this field or well worn and battle scarred, there is never a shortage of education to be found there.
For the sake of my sanity and yours, I’m not releasing the entire InfoSec Social Media firehose on you all at once, I have started with two of my main areas of interest, Digital Forensics and Incident Response (DFIR) and Offensive Security (Red Teaming, Penetration Testing, etc.). The third list is a snippet of a larger list that I’ve curated over the last year or so. It’s an excerpt of my “Quality Over Quantity” list. If I deleted my Twitter tomorrow and started all over again, this is the list of people I’d re-follow immediately. The official list about 80 accounts long but I have narrowed it down to my Top 20. A painful endeavor I assure you.
So, without further ado but with some caveats, I present some of my favorite InfoSec Twitter accounts. These are people and pages that have helped shaped my hacker worldview for the better. Now for the caveat, this is by no means an exhaustive list. I’m sure someone will tell me I’ve made a grave oversight at not mentioning some of their favorite people. I welcome those comments because I’m always looking for new and interesting accounts to follow. We can all stand to learn something new. Enjoy.
P.S. Shameless plug, you can also find me at www.twitter.com/dakacki
Harmj0y -co-founder of Empire, BloodHound and the Veil-Framework
KaliTut – A blog dedicated to Penetration Testing, Tutorials on hacking and security
My personal “Quality Over Quantity” list.
Da_667 – author of “Building Virtual Machine Labs: A Hands-On Guide”
If you want to learn more about hunting for web shells, be sure to check out “Three Threat Hunting Starting Points.” Additionally, if you have insights into information security or hunting, be sure to add your voice on Twitter.