Dwyer

@_Dwyer_

Threat research is the name of my game. I know enough to know that I have a lot to learn. opinions are my own

Joined January 2017

362Following

3KFollowers

Pinned

Dwyer@_Dwyer_ · Jun 6

my boy's wicked smart

JJonny Johnson@JonnyJohnson_ · Jun 6

Have you ever wondered if there was a way to deploy a "Remote EDR"? Today I'm excited to share research I've been working on for the past couple months. This dives into DCOM Interfaces that enable remote ETW trace sessions without dropping an agent to disk. Includes a detailed…

463

Pinned

Dwyer@_Dwyer_ · Jan 27

Man...the DeepSeek takes today are piping hot

210

Pinned

Dwyer@_Dwyer_ · Dec 19

I still can't believe that shrink wrap wrapping paper never took off

221

Dwyer@_Dwyer_ · Jul 23

I had a great time replicating this exploit and even tho it’s being used for bad stuff you gotta appreciate the elegance of vuln chaining. However, we can’t ignore that while the vulns change the outcomes remain the same. binarydefense.com/resources/blog…

_Dwyer_'s tweet card. Explore how CVE-2025-53770 mirrors past web application exploits like ProxyLogon and Confluence RCE, revealing that despite new vulnerabilities, attacker tactics remain strikingly consistent — from...

3.0K

Dwyer@_Dwyer_ · Jul 20

would you look at that...yet another zero day that can be detected by looking for the web enabled process spawning command interpreters.

271

Dwyer@_Dwyer_ · Jul 12

RE: CVE-2025-47812 - Pretty please can everyone proactively put in detections looking for their web enabled processes spawning command interpreters. IR friends, I put together this repo of artifacts and log files a couple years ago that may help: github.com/TactiKoolSec/M…

_Dwyer_'s tweet card. Common framework for designing a detection and response framework for the most common MFT solutions - TactiKoolSec/MFT-Detect-Response

288

Dwyer@_Dwyer_ · Jul 8

Yooo you heading to @BSidesPGH ?!? Come find me and the @Binary_Defense team and let's catch up on all things threats, detections, and infosec community! PS - hit up table 20 for a chance to win a prize!

768

Dwyer@_Dwyer_ · Jul 1

Dudes... please enable Detailed File Share auditing in your environment. All these attackers who switched over to the Impacket suite still run the default configs and it takes like 2 seconds to find them.

_Dwyer_'s tweet image. Dudes... please enable Detailed File Share auditing in your environment. All these attackers who switched over to the Impacket suite still run the default configs and it takes like 2 seconds to find them.

335

268

55.0K

Dwyer@_Dwyer_ · Jun 9

Detection Engineering team is growing. New job posting: recruiting.paylocity.com/Recruiting/Job…

5.0K

Dwyer@_Dwyer_ · Jun 3

Calling all XSOAR engineers! recruiting.paylocity.com/recruiting/job…

3.0K

Dwyer Retweeted

Binary Defense@Binary_Defense · Apr 14

CryptoJS is showing up in phishing kits more and more. But here's the good news, you don't have to be a reverse engineer to break them down. @_Dwyer_, Deputy CTO and head of ARC Labs, walks you through how to analyze these attacks like a pro. Because the more you understand…

2.0K

Dwyer@_Dwyer_ · Mar 31

Blue, my OpenAI assistant, is adopting my personality more and more...

222

Dwyer@_Dwyer_ · Mar 25

Installing prereqs or setting up simulation platforms for detection engineering can be a pain when you just want some test data. Might as well make sure my C# skills don't disappear completely.

_Dwyer_'s tweet image. Installing prereqs or setting up simulation platforms for detection engineering can be a pain when you just want some test data. Might as well make sure my C# skills don't disappear completely.

169

Dwyer@_Dwyer_ · Mar 18

Nothing like listening to SRV while writing Python to really drive home how bad you are at things in one sitting.

227

Dwyer@_Dwyer_ · Mar 14

I spent the last few days getting trashed by my coworkers for watching hoof trimming and car detailing videos to relax. I cannot be the only one!

321

Dwyer@_Dwyer_ · Mar 13

This is becoming a thing. So much so that we're hosting a webinar to talk about what we're seeing in terms of EDR killers, bypasses, and silencers. binarydefense.com/resources/webi…

4.0K

Dwyer@_Dwyer_ · Mar 4

Another JS based Microsoft 365 credential harvesting campaign. Wanna learn how to analyze these yourself? Click the link binarydefense.com/resources/blog…

_Dwyer_'s tweet card. ARC Labs recently discovered a JavaScript based credential harvesting campaign leveraging fake voicemail notifications as a lure to capture Microsoft 365 credentials.

444

Dwyer@_Dwyer_ · Jan 21

Absolute banger. youtube.com/watch?v=jgkQy2…

201

Dwyer@_Dwyer_ · Jan 15

I'm not kidding, I really think that learning how to work with and manipulate CSV/JSON/XML data in Python and PowerShell is the most useful skill I've acquired in my career. 10/10 would recco.

1.0K