Colins Security Blog

11 object(s)

Tweetdeck for Threat Intel

Twitter is undeniably a great resource for learning about security. A lot of people share information on malware, phishing, new vulnerabilities, exploits and more. Sometimes it can be difficult to filter out the non-security social media content. This blog post walks through setting up Tweetdeck for threat intelligence so that you can stay informed without giving up your Twitter memes!


Tweetdeck is a dashboard application for management of Twitter accounts. It was originally an independent app and was acquired by Twitter in 2011. Tweetdeck is composed of columns that you can customize to show different content.


There are a few different types of columns you can create with the “Add column” button. The search feature is what I use for a threat intelligence focused setup.


Search Filters

Searching can be used to find text or hashtags and has 3 search modifies, AND/OR/NOT. More information the search filter syntax can be found in the Twitter Documentation. Below are the search filters I use with Tweetdeck:

Malware and Phishing

“Open directories” are listing of files on a web server. Sometimes directories are intentionally left open but mostly are an outcome of laziness. Threat actors sometimes leave directories open with malware or phishing kits hosted. #opendir is a gold mine of good intel on twitter.


Phishing sites shared on AND phishing

Phishing Kits:


Online malware & sandboxes: OR OR hybrid-analysis

Indicators of Compromise:

malware AND IOC

Vulnerabilities and Exploits

Common vulnerabilities and exposures (cve) and proof of concept (poc):

"cve-" AND poc

Open source exploits:

exploit AND ( OR

Other Good Queries

#bugbountytip OR #bugbountytips

Hopefully this post has shown how powerful tweetdeck can be with the right searches! Have any cool/useful tweetdeck search queries? Let me know on twitter! - @th3_protoCOL