sydney
letswastetime.bsky.social
sydney
@letswastetime.bsky.social
| search "thrunter"
| eval specialty="Purple Team, Treat Hunter, Lifting Heavy Things"
OpenClaw isn't malware. It's a legitimate tool that store credentials, retain memory, and act autonomously. That's what makes it dangerous when misused.

Full behavioral breakdown in our latest Hunt Mode post.

🦀 nebulock.io/blog/hunting...
Hunting OpenClaw and Agentic AI Through Behavior | Nebulock blog
This Hunt Mode breaks down the behaviors that give away OpenClaw (formerly ClawdBot / MoltBot), regardless of how it is packaged, renamed, or delivered.
nebulock.io
February 3, 2026 at 9:00 PM
You don’t need a desk to build.

I used AI more from my phone last month than from my desk. What mattered was removing friction and building where ideas show up.

👉 New on @thorcollective.bsky.social Dispatch:
dispatch.thorcollective.com/p/you-dont-n...
January 27, 2026 at 3:37 PM
“I’m not a developer” is a self-imposed limit.

If you’ve written a query, a script, or an automation to fix a problem, you’re already building.

In the latest @thorcollective.bsky.social Dispatch, we talk about why building is a core security skill.

dispatch.thorcollective.com/p/why-you-sh...
January 20, 2026 at 4:30 PM
DigitStealer is an excellent example of where macOS malware is heading: multi-stage, modular, and using legit macOS tools like it belongs there.

Detect the attack, not the sample.
Shoutout Jamf Threat Labs 🙌

nebulock.io/blog/hunting...
January 15, 2026 at 7:59 PM
80 posts. @thorcollective.bsky.social kept hitting publish.
This year was about doing the work, writing it down, and sharing it anyway.
If you read, argued, bookmarked, or built alongside us, thank you.
Happy New Year. Happy thrunting.

dispatch.thorcollective.com/p/80-posts-l...
January 1, 2026 at 4:22 PM
It's happening!

Meet the Agentic Threat Hunting Framework (ATHF).

Tired of copy-pasting the same hunt template over and over? Same. I built a framework designed for an AI-assisted future that adds structure, memory, and context to every hunt.

Come check it out!

nebulock.io/blog/agentic...
December 11, 2025 at 2:01 PM
November’s @thorcollective.bsky.social Dispatch Debrief is live with SCADA weirdness, Taylor’s Version SOC vibes, and purple team chaos.

Come thrunt with us.

dispatch.thorcollective.com/p/dispatch-d...
November 25, 2025 at 3:15 PM
Reposted by sydney
🚨New post on @THOR_Collective Dispatch🚨

“Aligning Risk Management and Threat-Informed Defense Practices (Part 2)” by Micah VanFossen

What happens when you sync risk, controls, and threat intel to drive real-security outcomes.

dispatch.thorcollective.com/p/aligning-r...

#thrunting #grc
Aligning Risk Management and Threat-Informed Defense Practices (Part 2)
We’re back with part two of a series analyzing how to align common GRC tasks/teams with SecOps and threat-informed defense practices.
dispatch.thorcollective.com
November 20, 2025 at 4:16 PM
Reposted by sydney
🚨New post on @THOR_Collective Dispatch🚨
Purple teaming isn’t shiny. It’s delays, blockers, tickets & pivots. And that’s okay.
open.substack.com/pub/thorcoll...
#thrunting #PurpleTeaming
Purple Teaming in the Real World: When Everything Goes Off the Rails (and That’s Normal)
People love the glossy version of purple teaming:
open.substack.com
November 18, 2025 at 2:00 PM
Have you ever run the best hunt of your life and then forget how two weeks later?
Same.

Meet the PEAK Threat Hunting Template. Built to make your hunts repeatable, reviewable, and impossible to lose.

👉 Read on THOR Collective Dispatch - dispatch.thorcollective.com/p/the-peak-t...
November 13, 2025 at 8:47 PM
🎤 The Autonomous SOC (Taylor’s Version)
Guest post with @kassafras09.bsky.social

AI hype is loud. Most teams are just automating chaos.
Fix the basics first. Then scale the magic.

Read it on @thorcollective.bsky.social Dispatch.

dispatch.thorcollective.com/p/the-autono...
The Autonomous SOC (Taylor’s Version)
Opening Act: Welcome to the SOC Show
dispatch.thorcollective.com
November 11, 2025 at 3:41 PM
In the latest @thorcollective.bsky.social guest post, Sam Hanson breaks down two TTP-driven hunts — KurtLar_SCADA and a weird .NET Modbus binary — proving simple hypotheses > chasing IOCs.

IOCs show where the fire was.
TTPs show where it will be.

dispatch.thorcollective.com/p/hunting-be...
dispatch.thorcollective.com
November 6, 2025 at 3:45 PM
October delivered AI agents, time mastery, and purple team curveballs. From scaling hunts like code to aligning GRC with threat-informed defense, this month’s Dispatch lineup from @thorcollective.bsky.social hit every layer of the stack.

Full recap here:
dispatch.thorcollective.com/p/dispatch-d...
Dispatch Debrief: October 2025
Seven Dispatch drops that prove hunting smarter beats hunting harder.
dispatch.thorcollective.com
October 30, 2025 at 3:15 PM
Finding nothing ≠ failing the hunt.
Sometimes “nothing” is the loudest signal that your defenses worked.

@jotunvillur.bsky.social breaks down how to measure the quiet wins in in one of my favorite @thorcollective.bsky.social Dispatch posts:

dispatch.thorcollective.com/p/measuring-...
Measuring the Hunt When You Find “Nothing”
Because sometimes success looks like silence.
dispatch.thorcollective.com
October 28, 2025 at 3:03 PM
In this week’s @thorcollective.bsky.social Dispatch, Sam Hanson lays out how to move beyond indicator-based hunting and build detection muscle that actually scales.

👉 dispatch.thorcollective.com/p/hunting-be...
October 9, 2025 at 7:01 PM
If tstats gives you speed and eventstats gives you context...timechart gives you shape.

This week’s @thorcollective.bsky.social SPL Dispatch breaks down how to use timechart to uncover rhythm, automation, and the a cron job masquerading as “normal.”

dispatch.thorcollective.com/p/the-shape-...
dispatch.thorcollective.com
October 7, 2025 at 11:15 PM
Threat hunting falls apart when your “docs” live in Slack threads.

Part 2 of the @thorcollective.bsky.social Dispatch Agentic Threat Hunting series covers the first step to scaling: put your hunts in a GitHub repo and give your AI bestie memory.

dispatch.thorcollective.com/p/agentic-th...
October 2, 2025 at 10:15 PM
✨ To get you ready for Taylor Swift’s latest album… ✨

🎶 Check out Life of a Detection Girl - a playlist I created inspired by Taylor Swift and Alex Hurtado, with a touch of cyber woven in.

Give it a listen and let me know your favorite track!

suno.com/playlist/5cf...
Life of a Detection Girl by @letswastetime | Suno
✨ inspo by alex hurtado & taylor swift ✨
suno.com
October 1, 2025 at 4:18 PM
Reposted by sydney
We at @thorcollective.bsky.social are waking you up before September ends, because a new Ask-a-Thrunt3r episode just dropped with:

2K subscriber milestone 🎉
15 baseline examples
The great data vs. data debate
Plus: Is Git the future of hunting collab?

🎧: dispatch.thorcollective.com/p/ask-a-thru...
Ask-a-Thrunt3r: September 2025 Recap 🐏
Mainly ramblings. And maybe some wisdom.
dispatch.thorcollective.com
October 1, 2025 at 4:26 AM
From temporal to behavioral, baselines are the thrunter’s compass. September’s Dispatch from @thorcollective.bsky.social shows how to use them to sharpen the hunt and includes ten baseline hunts you should be running now.
🔗 dispatch.thorcollective.com/p/dispatch-d...
September 26, 2025 at 3:15 PM
Reposted by sydney
You can’t find weird if you don’t know normal.

@thorcollective.bsky.social
just dropped 10 baseline hunts you can shine in the dark parts of your env and magnify the adversaries from the noise.

Join us for all the thrunting 👉: open.substack.com/pub/thorcoll...

#threathunting #infosec
September 23, 2025 at 8:51 PM
✨ Representation is STILL a security issue. ✨
@thorcollective.bsky.social Dispatch with @kassafras09.bsky.social from March. The message still stands.
• Fix biased job reqs
• Put diverse voices on panels
• Mentor future hackers
• Model inclusive leadership
dispatch.thorcollective.com/p/why-we-nee...
Why We Need More Women and Intersectional Diversity in Cyber (And How to Get There)
Representation matters in cybersecurity. Here’s why—and what we can do about it.
dispatch.thorcollective.com
September 18, 2025 at 3:49 PM
Cybersecurity needs more than hackers in hoodies.

In this week’s @thorcollective.bsky.social Dispatch, Courtney Shar shares how project management skills like risk alignment, process design, and team coordination directly strengthen security programs.

👉 dispatch.thorcollective.com/p/beyond-hac...
dispatch.thorcollective.com
September 16, 2025 at 3:15 PM
Reposted by sydney
🚨New post on @thorcollective.bsky.social Dispatch 🚨

Certis Foster didn't hunt for it.
It revealed itself.

The key? Plotting behavior in 3D space:

🕒 Time
🗺️ Terrain
🎯 Behavior

Outliers can’t hide in 3D.

dispatch.thorcollective.com/p/cant-hide-...

#threathunting #thrunting #THORcollective
Can't Hide in 3D
In a sea of millions of security events, one workstation literally stood out, floating high above all the others when I transformed flat logs into a 3D visualization.
dispatch.thorcollective.com
September 5, 2025 at 12:31 AM
If you don’t know what “normal” looks like in your environment, you’re not hunting...you’re hoping.

Our latest @thorcollective.bsky.social Dispatch post breaks down 5 baselines every thrunter needs.

Map normal. Track drift. Catch threats.

Read here: dispatch.thorcollective.com/p/you-cant-f...
You Can't Find Weird If You Don't Know Normal
Five baselines with hunt queries you can run today
dispatch.thorcollective.com
September 2, 2025 at 3:15 PM