Matt Bromiley
@bromiley.io
⚙️ AI Security R&D @ Prophet Security
🎓 IR/TH/Incident Management Instructor
🎙️ Frequent Guest on Cybersecurity Defender's Podcast
🔍 Where to Find Me: https://github.com/bromiley
🎓 IR/TH/Incident Management Instructor
🎙️ Frequent Guest on Cybersecurity Defender's Podcast
🔍 Where to Find Me: https://github.com/bromiley
Pinned
Matt Bromiley
@bromiley.io
· Jul 20
Feels like a fresh start, so let's make it one. Nice to meet you :)
I'm a #cybersecurity nerd | security ai r&d
@prophetsecurity.bsky.social | frequent trainer
@sansinstitute.bsky.social, @blackhatevents.bsky.social, and other conferences | Cybersecurity Defenders Podcast | forever #blueteam.
I'm a #cybersecurity nerd | security ai r&d
@prophetsecurity.bsky.social | frequent trainer
@sansinstitute.bsky.social, @blackhatevents.bsky.social, and other conferences | Cybersecurity Defenders Podcast | forever #blueteam.
BSky Outreach - Anyone here an Obsidian user (for notes, "second brain", etc.)? Anyone want to sing their praises in a reply; I'm curious what your experience has been like.
August 11, 2025 at 2:18 PM
BSky Outreach - Anyone here an Obsidian user (for notes, "second brain", etc.)? Anyone want to sing their praises in a reply; I'm curious what your experience has been like.
Usage spent towards troubleshooting Anthropic connectivity shouldn't count against your daily quota...
August 11, 2025 at 5:58 AM
Usage spent towards troubleshooting Anthropic connectivity shouldn't count against your daily quota...
Has anyone been able to get Notion's MCP to stay connected for more than 1 hour? This thing is about as stable as a baby deer.
August 11, 2025 at 2:00 AM
Has anyone been able to get Notion's MCP to stay connected for more than 1 hour? This thing is about as stable as a baby deer.
Reposted by Matt Bromiley
During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs.
github.com/olafhartong/...
Slides available here:
github.com/olafhartong/...
github.com/olafhartong/...
Slides available here:
github.com/olafhartong/...
GitHub - olafhartong/BamboozlEDR: A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes.
A comprehensive ETW (Event Tracing for Windows) event generation tool designed for testing and research purposes. - olafhartong/BamboozlEDR
github.com
August 6, 2025 at 8:49 PM
During my #BHUSA talk I've released many ETW research tools, of which the most notable is BamboozlEDR. This tool allows you to inject events into ETW, allowing you to generate fake alerts and blind EDRs.
github.com/olafhartong/...
Slides available here:
github.com/olafhartong/...
github.com/olafhartong/...
Slides available here:
github.com/olafhartong/...
Reposted by Matt Bromiley
day 1 of black hat 2025 in the books 🤓💙🌈
never a dull moment nerding with @eric.zip and @bromiley.io
@blackhatevents.bsky.social #BlackHatUSA
never a dull moment nerding with @eric.zip and @bromiley.io
@blackhatevents.bsky.social #BlackHatUSA
August 3, 2025 at 3:27 AM
day 1 of black hat 2025 in the books 🤓💙🌈
never a dull moment nerding with @eric.zip and @bromiley.io
@blackhatevents.bsky.social #BlackHatUSA
never a dull moment nerding with @eric.zip and @bromiley.io
@blackhatevents.bsky.social #BlackHatUSA
Just to think, there _are_ people distracted by the MLK files.
July 21, 2025 at 11:44 PM
Just to think, there _are_ people distracted by the MLK files.
T-minus 12 days until my favorite humans - @eric.zip & @whit.zip - and I deliver our Advanced Security Operations and Threat Hunting training at @blackhatevents.bsky.social.
If you're a SOC analyst and/or work in IR, we'd love to have you. Come level up with us :)
www.blackhat.com/us-25/traini...
If you're a SOC analyst and/or work in IR, we'd love to have you. Come level up with us :)
www.blackhat.com/us-25/traini...
Black Hat
Black Hat
www.blackhat.com
July 21, 2025 at 4:13 PM
T-minus 12 days until my favorite humans - @eric.zip & @whit.zip - and I deliver our Advanced Security Operations and Threat Hunting training at @blackhatevents.bsky.social.
If you're a SOC analyst and/or work in IR, we'd love to have you. Come level up with us :)
www.blackhat.com/us-25/traini...
If you're a SOC analyst and/or work in IR, we'd love to have you. Come level up with us :)
www.blackhat.com/us-25/traini...
If you’re in IR/SOC, this is a guy to follow!
Feels like a fresh start, so let's make it one. Nice to meet you :)
I'm a #cybersecurity nerd | security ai r&d
@prophetsecurity.bsky.social | frequent trainer
@sansinstitute.bsky.social, @blackhatevents.bsky.social, and other conferences | Cybersecurity Defenders Podcast | forever #blueteam.
I'm a #cybersecurity nerd | security ai r&d
@prophetsecurity.bsky.social | frequent trainer
@sansinstitute.bsky.social, @blackhatevents.bsky.social, and other conferences | Cybersecurity Defenders Podcast | forever #blueteam.
July 21, 2025 at 3:09 PM
As is @philhagen.com !! Sharing the DFIR love
Matt is awesome and you should most definitely follow him!
Feels like a fresh start, so let's make it one. Nice to meet you :)
I'm a #cybersecurity nerd | security ai r&d
@prophetsecurity.bsky.social | frequent trainer
@sansinstitute.bsky.social, @blackhatevents.bsky.social, and other conferences | Cybersecurity Defenders Podcast | forever #blueteam.
I'm a #cybersecurity nerd | security ai r&d
@prophetsecurity.bsky.social | frequent trainer
@sansinstitute.bsky.social, @blackhatevents.bsky.social, and other conferences | Cybersecurity Defenders Podcast | forever #blueteam.
July 21, 2025 at 3:08 PM
As is @philhagen.com !! Sharing the DFIR love
Feels like a fresh start, so let's make it one. Nice to meet you :)
I'm a #cybersecurity nerd | security ai r&d
@prophetsecurity.bsky.social | frequent trainer
@sansinstitute.bsky.social, @blackhatevents.bsky.social, and other conferences | Cybersecurity Defenders Podcast | forever #blueteam.
I'm a #cybersecurity nerd | security ai r&d
@prophetsecurity.bsky.social | frequent trainer
@sansinstitute.bsky.social, @blackhatevents.bsky.social, and other conferences | Cybersecurity Defenders Podcast | forever #blueteam.
July 20, 2025 at 6:08 PM
Feels like a fresh start, so let's make it one. Nice to meet you :)
I'm a #cybersecurity nerd | security ai r&d
@prophetsecurity.bsky.social | frequent trainer
@sansinstitute.bsky.social, @blackhatevents.bsky.social, and other conferences | Cybersecurity Defenders Podcast | forever #blueteam.
I'm a #cybersecurity nerd | security ai r&d
@prophetsecurity.bsky.social | frequent trainer
@sansinstitute.bsky.social, @blackhatevents.bsky.social, and other conferences | Cybersecurity Defenders Podcast | forever #blueteam.
Defenders out there - CVE-2025-53770 is an unpatched, actively exploited vulnerability in SharePoint. If you have on-prem SharePoint facing the Internet, roll up your sleeves.
Microsoft's guidance:
1. Configure the Windows AMSI integrations and deploy Defender AV.
2. Disconnect from the Internet.
Microsoft's guidance:
1. Configure the Windows AMSI integrations and deploy Defender AV.
2. Disconnect from the Internet.
July 20, 2025 at 6:06 PM
Defenders out there - CVE-2025-53770 is an unpatched, actively exploited vulnerability in SharePoint. If you have on-prem SharePoint facing the Internet, roll up your sleeves.
Microsoft's guidance:
1. Configure the Windows AMSI integrations and deploy Defender AV.
2. Disconnect from the Internet.
Microsoft's guidance:
1. Configure the Windows AMSI integrations and deploy Defender AV.
2. Disconnect from the Internet.
They’ve done it again…
🚀 Just launched: DetectionForge — a purpose-built platform for crafting, testing & validating @limacharlie.io detection rules.
Perform detection unit tests & multi-org backtesting + import/export IaC
🔗 Try it: detectionforge.ddi.sh
💻 GitHub: github.com/Digital-Defe... #detectionengineering #secops
Perform detection unit tests & multi-org backtesting + import/export IaC
🔗 Try it: detectionforge.ddi.sh
💻 GitHub: github.com/Digital-Defe... #detectionengineering #secops
DetectionForge
DetectionForge - A comprehensive detection engineering environment for crafting, validating, and testing LimaCharlie detection rules
detectionforge.ddi.sh
June 19, 2025 at 6:48 PM
They’ve done it again…
Reposted by Matt Bromiley
ATTN NERDS:
we'll be teaching at @blackhatevents.bsky.social during hacker summer camp again!
come join me and @eric.zip and @bromiley.io for our 4-day training: Advanced Security Operations and Threat Hunting 🤓🔥💙
www.blackhat.com/us-25/traini...
we'll be teaching at @blackhatevents.bsky.social during hacker summer camp again!
come join me and @eric.zip and @bromiley.io for our 4-day training: Advanced Security Operations and Threat Hunting 🤓🔥💙
www.blackhat.com/us-25/traini...
May 20, 2025 at 10:29 AM
ATTN NERDS:
we'll be teaching at @blackhatevents.bsky.social during hacker summer camp again!
come join me and @eric.zip and @bromiley.io for our 4-day training: Advanced Security Operations and Threat Hunting 🤓🔥💙
www.blackhat.com/us-25/traini...
we'll be teaching at @blackhatevents.bsky.social during hacker summer camp again!
come join me and @eric.zip and @bromiley.io for our 4-day training: Advanced Security Operations and Threat Hunting 🤓🔥💙
www.blackhat.com/us-25/traini...
No matter where in the world you go, one thing remains the same: the guy at the gym who slams weights down and then looks around to see who noticed.
🤦♂️
🤦♂️
March 17, 2025 at 7:38 AM
No matter where in the world you go, one thing remains the same: the guy at the gym who slams weights down and then looks around to see who noticed.
🤦♂️
🤦♂️
Kendrick Lamar just owned 2025.
February 10, 2025 at 1:41 AM
Kendrick Lamar just owned 2025.
Reposted by Matt Bromiley
ATTN NERDS:
We'll be at @blackhatevents.bsky.social USA again this year!
Registration is now open for our Advanced Security Operations and Threat Hunting course 🤓🔥💙
Join @eric.zip, @bromiley.io, and @whit.zip for our 4-day training: www.blackhat.com/us-25/traini...
We'll be at @blackhatevents.bsky.social USA again this year!
Registration is now open for our Advanced Security Operations and Threat Hunting course 🤓🔥💙
Join @eric.zip, @bromiley.io, and @whit.zip for our 4-day training: www.blackhat.com/us-25/traini...
February 7, 2025 at 5:48 AM
ATTN NERDS:
We'll be at @blackhatevents.bsky.social USA again this year!
Registration is now open for our Advanced Security Operations and Threat Hunting course 🤓🔥💙
Join @eric.zip, @bromiley.io, and @whit.zip for our 4-day training: www.blackhat.com/us-25/traini...
We'll be at @blackhatevents.bsky.social USA again this year!
Registration is now open for our Advanced Security Operations and Threat Hunting course 🤓🔥💙
Join @eric.zip, @bromiley.io, and @whit.zip for our 4-day training: www.blackhat.com/us-25/traini...
Reposted by Matt Bromiley
Secure Annex can now be used directly from with @limacharlie.io 's SecOps Cloud Platform. Installed agents give visibility into extensions utilized and are now enriched. These attributes can be used to run D&R rules for immediate response to issues.
https://limacharlie.io/blog/automating_browser_e…
https://limacharlie.io/blog/automating_browser_e…
LimaCharlie & Secure Annex: Browser Extension Security
Automate browser extension security monitoring with LimaCharlie and Secure Annex. Learn about detection rules, vulnerability monitoring, and comprehensive management tools for enhancing your…
limacharlie.io
January 30, 2025 at 5:25 PM
Secure Annex can now be used directly from with @limacharlie.io 's SecOps Cloud Platform. Installed agents give visibility into extensions utilized and are now enriched. These attributes can be used to run D&R rules for immediate response to issues.
https://limacharlie.io/blog/automating_browser_e…
https://limacharlie.io/blog/automating_browser_e…
Another week, another episode of The Cybersecurity Defender's Podcast in the books with @tekgrunt.bsky.social !!
More podcasting news on the horizon for me, but always a fun weekly chat with Chris @limacharlie.io.
Check the podcast out here: limacharlie.io/podcast
More podcasting news on the horizon for me, but always a fun weekly chat with Chris @limacharlie.io.
Check the podcast out here: limacharlie.io/podcast
January 29, 2025 at 6:39 PM
Another week, another episode of The Cybersecurity Defender's Podcast in the books with @tekgrunt.bsky.social !!
More podcasting news on the horizon for me, but always a fun weekly chat with Chris @limacharlie.io.
Check the podcast out here: limacharlie.io/podcast
More podcasting news on the horizon for me, but always a fun weekly chat with Chris @limacharlie.io.
Check the podcast out here: limacharlie.io/podcast
Amplifying this for awesome conferences and unique CFP opportunities!
PraSec is a high-quality, invite-only conference held in Prague. I've known the organizers for years, and they love taking care of their speakers and attendees.
Check out the 2024 program on their website to get a idea of the talks, and get your own invite by submitting a talk!
Check out the 2024 program on their website to get a idea of the talks, and get your own invite by submitting a talk!
🐷 PraSec 11 CFP
We are excited to announce the Call for Papers for the third edition of the PraSec Conference, which will be held on September 18–19, 2025, in Prague.
If you have an interesting topic to share with ou...
docs.google.com
January 29, 2025 at 3:21 PM
Amplifying this for awesome conferences and unique CFP opportunities!
Good article and statistics on lengths of time for adversary activities. I always like seeing this annual statistics to get an idea of how things have "improved", for either side.
Key figure: An average of 48 minutes "breakout time".
A quick 🧵
Key figure: An average of 48 minutes "breakout time".
A quick 🧵
January 29, 2025 at 2:52 PM
Good article and statistics on lengths of time for adversary activities. I always like seeing this annual statistics to get an idea of how things have "improved", for either side.
Key figure: An average of 48 minutes "breakout time".
A quick 🧵
Key figure: An average of 48 minutes "breakout time".
A quick 🧵
If you haven't yet subscribed to @johntuckner.me's @secureannex.com "Just Browsing" newsletter, then your inbox is clearly suffering.
However, a little something that caught my eye today:
"...some individual users have as many as 6 browsers installed on their devices!"
A quick 🧵...
However, a little something that caught my eye today:
"...some individual users have as many as 6 browsers installed on their devices!"
A quick 🧵...
January 27, 2025 at 6:55 PM
If you haven't yet subscribed to @johntuckner.me's @secureannex.com "Just Browsing" newsletter, then your inbox is clearly suffering.
However, a little something that caught my eye today:
"...some individual users have as many as 6 browsers installed on their devices!"
A quick 🧵...
However, a little something that caught my eye today:
"...some individual users have as many as 6 browsers installed on their devices!"
A quick 🧵...
As if @haroonmeer.canary.love and company couldn’t get any better, I must now find a way to play Padel with them!
A close (but awesome) first win for Ale Galán & Chingo against the current world number 1s.
@thinkstcanary.canary.tools have a bunch of Padel addicts and we are pretty firmly on team Galan. 💪💚
@thinkstcanary.canary.tools have a bunch of Padel addicts and we are pretty firmly on team Galan. 💪💚
January 27, 2025 at 2:18 AM
As if @haroonmeer.canary.love and company couldn’t get any better, I must now find a way to play Padel with them!
One of my favorite weekly activities: Recording the Cybersecurity Defender's Podcast with @tekgrunt.bsky.social. I love that @riversidefm.bsky.social gives us quick snippets and pictures to share. Watch out for the next episode soon!
January 23, 2025 at 8:00 PM
One of my favorite weekly activities: Recording the Cybersecurity Defender's Podcast with @tekgrunt.bsky.social. I love that @riversidefm.bsky.social gives us quick snippets and pictures to share. Watch out for the next episode soon!