David Oxley
Senior leader for Cyber Threat Intelligence analysis at Amazon. @CitizenLab.ca Research Fellow. Former federal agent. Fan of space, books, tech, and Mother Nature🌪️. Personal account. 🇺🇸 🇺🇦 🇹🇼 #ThreatIntel
Storm chasing: https://bsky.app/profile/wxdox.com
- Proud to share new research by Amazon Threat Intelligence detailing recent activity by Sandworm/APT44 🇷🇺 targeting US and European energy, critical infrastructure, and managed security provider networks via vulnerable and misconfigured network edge devices. #threatintel aws.amazon.com/blogs/securi...
- A new blog this evening from Amazon Threat Intelligence detailing ongoing China-nexus cyber actors leveraging React2Shell (CVE-2025-55182): aws.amazon.com/blogs/securi...
- Reposted by David OxleyNEW: The classic anime "Ghost in the Shell" turned 30 years old this week. Despite coming out at the dawn of the internet, it was incredibly prescient in terms of imaginig a future where governments use hackers for espionage, people use malware to spy on their loved ones, and much much more.
- On the heels of @dlshad.net and @davidmagnotti.bsky.social’s presentation at #CYBERWARCON, happy to share the associated AWS Security blog post (with IOCs) aws.amazon.com/blogs/securi...
- Hope to see many of you at #CYBERWARCON tomorrow! As always, if you see me in the AWS shirt, don’t be afraid to say hi, and please don’t be offended if I forget your name (it’s not you, it’s me). 😅
- And I’ll keep shamelessly plugging @dlshad.net and @davidmagnotti.bsky.social’s Lightning Talk on Iranian cyber ops in support of kinetic strikes!
- Come work with Amazon Cyber Threat Intelligence (ACTI) focusing on the threats targeting Amazon, AWS, and our subsidiaries! US citizenship required, in-office across multiple US locations. DM with questions! www.amazon.jobs/en/jobs/3120...
- Listening to the #ThreeBuddyProblem podcast and, while I’m glad you’re hearing about Amazon threat intel for the first time, I can say we’ve been around doing a thing or two for a while @ryanaraine.bsky.social, @jags.bsky.social, and @craiu.bsky.social 😅 (but message received re: IOCs in the blog)
- Also check out @dlshad.net and @davidmagnotti.bsky.social presenting on more of our work at #CYBERWARCON this week!
- Excited to share another blog where Amazon Cyber Threat Intelligence (ACTI) discovered APT exploitation of zero-day vulnerabilities in Cisco and Citrix products. Proud of the team’s work! aws.amazon.com/blogs/securi...
- Reposted by David OxleyIf I give the bully my lunch money every day eventually he will die of old age
- Reposted by David Oxleycyberscoop.com/cyber-schola... Will open my big mouth here and say as a participant in one of these programs in the great before time, this is a massive unforced error by USG and will have impacts that span probably decades on the gov cyber workforce
- ‼️ The @cyberwarcon.bsky.social agenda and presenters list is live. Proud that Amazon Cyber Threat Intelligence will be presenting for the first time on the intersection of Iranian cyber ops and kinetic strikes with Dlshad Othman and @davidmagnotti.bsky.social! www.cyberwarcon.com/ping-first-b...
- And @dlshad.net!
- “James Comey’s rights and liberties are not the only ones at risk today. So is your own right to participate in free and fair elections in order to render a verdict on Trump’s invasion of those rights and liberties.” From @davidfrum.bsky.social apple.news/AX8_ub4UHR0G...
- Happy to share that Amazon Cyber Threat Intelligence (ACTI) is hiring our first role in Dublin, Ireland! 🇮🇪 This role will provide threat intel support for the AWS European Sovereign Cloud (ESC). Dublin-based, open to current EU citizens, and with relocation available. amazon.jobs/en/jobs/3089...
- Glad to see not every country is powerless to hold coup leaders to account - “Bolsonaro Sentenced to 27 Years in Prison for Plotting Coup in Brazil” www.nytimes.com/2025/09/11/w...
- This morning, Amazon Cyber Threat Intelligence published a report about a recent watering hole attack by APT29 🇷🇺 that we discovered targeting Microsoft device code authentication. Proud of the work of the team and the chance to share this with the community! aws.amazon.com/blogs/securi...
- “The driving principle here is obvious: In a free society, people should know who is policing them.” apple.news/ATQz-Wb-hQom...
- How Trump’s ‘Big, Beautiful Bill’ Will Make China Great Again www.nytimes.com/2025/07/03/o...
- Reposted by David OxleyUse Signal. We promise, no AI clutter, and no surveillance ads, whatever the rest of the industry does. <3
- Reposted by David Oxley😳😮😲. As the Joe Turns
- Well-done by @billmarczak.org and @jsrailton.bsky.social at @citizenlab.ca! citizenlab.ca/2025/06/firs...
- Many moons ago, I was a federal agent. I arrested people. And you know how many times I did that while hiding my face and refusing to identify myself? Never. apple.news/A8NMRFx2mRua...
- Happy @sleuthcon.bsky.social SLEUTHCON Day to those who celebrate! Hope to see many of you there! #SLEUTHCON
- 👌
- One week until @sleuthcon.bsky.social! Hope to see many of you at the best cybercrime conference of the year. (And grab a ticket while you still can!) #SLEUTHCON
- Reposted by David Oxley“I dOn’T ThInK I eVeR MeT hIm”
- David Brooks gets it. “It’s time for a comprehensive national civic uprising. It’s time for Americans…to form one coordinated mass movement. Trump is about power. The only way he’s going to be stopped is if he’s confronted by some movement that possesses rival power.” www.nytimes.com/2025/04/17/o...
- Reposted by David OxleyNEW: In an 11th hour move, CISA spokesperson says the agency extended the contract for the MITRE-backed CVE Program last night:
- I was traveling when @sleuthcon.bsky.social’s CFP and registration opened (and when this amazing challenge coin came in the mail). Sign up to present and/or attend and join the best cybercrime conference each year, bar none!
- Reposted by David OxleyWorld’s worst parent and it’s a high bar.
- Happy to share that, as of next month, I’ve been promoted to Senior Manager (L7) with an expanded scope across Amazon CTI’s analysis teams. We’re looking for managers for two teams, AWS and incident response threat intel. Technical, in-office, US-based. DM with questions! amazon.jobs/en/jobs/2918...
- No honor among this crowd. Cowards, all of them.
- Reposted by David OxleyIt means a lot, to me and to everyone who works so hard to make Signal happen every day, to hear this from a legend like @matthewdgreen.bsky.social 💐
- Reposted by David OxleySo here’s a simple request to Apple. Apple iMessage needs to enable “disappearing messages.” And they need to do it soon. blog.cryptographyengineering.com/2025/03/01/d...
- Reposted by David OxleyAmerica First means America Alone. America First means America Amoral. America First means America Weaker. Abroad, America First means America aligned with dictators. At home, America First means government by plutocrats, crooks, and foreign stooges.
- Both unsurprising given the administration’s swing toward the authoritarian bloc, and yet also so shocking. You can bet Russia has no such illusions and isn’t unilaterally backing down. therecord.media/hegseth-orde...
- Reposted by David Oxley1776🇺🇸Revolution 1789📃Constitution 1863🖋️Emancipation 1865⛓️💥Liberation 1920🗳️Women’s Suffrage 1964🗳️Civil Rights & Universal Suffrage 2015❤️Universal Right to Marriage 2020🦠Corruption 2021💥Insurrection 2024🔥Regression 2026🗳️Resilience 2028🗽Restoration
- Reposted by David OxleyTo be clear, I believe that the US should be thanking Zelenskyy and Ukraine for standing up and defending freedom. They’re the ones bearing this burden in lives and disruption. It’s only the small and insecure who think they should be thanking us.
- Reposted by David OxleyTrump and Vance are not selling out Ukraine because of anything Zelenskyy said to them. Trump and Vance are selling out Ukraine because of things Putin and Musk said to them.
- Reposted by David OxleyGLENN: Why don't you wear a suit? You're at the highest level in this country's office & you refuse to wear a suit. A lot of Americans have problems with you not respecting the office. ZELENSKYY: I will wear a costume after this war will finish. Maybe something like yours. Maybe something better.
- I’m a fan of this being called the “Deconstruction Era” as well. No clearer sense of the damage being done than that.
- “the Deconstruction era” is honestly appropriate coinage. bsky.app/profile/high...
- Wish I could be in Taipei for @rightscon.org this week, but sadly travel schedules just didn’t work. Good luck and have a fantastic time to those who are there!
- What a bunch of cowards. apple.news/AhxOFS1p-TWC...
- Reposted by David Oxleythis is the sort of thing you post when you’re ramping up to defying lawful court orders
- Reposted by David OxleyOld me: Elon’s contributions to electric cars outweigh his negatives. New me: Elon’s single-minded destruction of the United States in the pursuit of cutting costs outweighs his electric cars.
- Reposted by David Oxley“Two weeks into a fast-moving coup by a South African tech oligarch, the USA hangs suspended this weekend in a liminal state between the constitutional republic it has been for 249 years and an authoritarian regime akin to Europe’s fallen democracy, Hungary.” www.doomsdayscenario.co/p/white-nati...
- Reposted by David OxleyFor friends who are in the federal government, this is a very good guide on why you should be using Signal. In short, it’s safe and it’s free! a.wholelottanothing.org/a-guide-to-u...
- “Elon Musk is not the president, but it does appear that he—a foreign-born, unelected billionaire who was not confirmed by Congress—is exercising profound influence over the federal government of the United States…It is nothing short of an administrative coup.” www.theatlantic.com/technology/a...
- Reposted by David OxleySen. Tim Kaine tells federal employees to ignore Trump’s offer to quit with pay for months. “Don’t be fooled. He’s tricked hundreds of people with that offer. If you accept that offer and resign he’ll stiff you just like he stiffed the contractors. He doesn’t have any authority to do this.”
- Reposted by David OxleyLumen has discovered a piece of malware on Juniper enterprise routers and VPN gateways Named J-magic, the backdoor uses five different predefined magic packets and a certificate-based challenge before allowing attackers to connect to the compromised devices blog.lumen.com/the-j-magic-...
- Reposted by David OxleyBreaking news: Israel and Hamas have agreed to a ceasefire deal, in a major breakthrough including the release of Israeli hostages, a senior U.S. official said Wednesday, speaking on the condition of anonymity to discuss sensitive negotiations.
- Reposted by David OxleyCheck out this talk from the Objective by the Sea 🍏- security conference. Citizen Lab senior researcher @billmarczak.org and @microsoft.com's Christine Fossaceca discuss the discovery of QuaDream’s spyware and the zero-click exploit likely used to deliver it. www.youtube.com/watch?v=Iyz5...
- Reposted by David OxleyRegulation matters
- Meta has "no plans to end fact-checking in the EU", the company clarified and "will review its EU content moderation obligations before making changes" www.politico.eu/article/mark...
- For the #threatintel crowd, I’m hiring two cyber threat intel engineers for AWS Threat Intelligence! US-based, full-time from offices in the DC area, Austin, and Seattle. All backgrounds encouraged to apply. Can’t beat the scope or impact of the work. Let me know if you have questions! 👇
- Mid-level role: amazon.jobs/en/jobs/2866...
- Senior-level role: amazon.jobs/en/jobs/2866...
- I’m generally bullish on the use of GenAI to make our lives better. I also really appreciate Apple’s notification summaries. Less so this: scam SMS comes in and is summarized, but whereas the initial language was “scammy,” Apple Intelligence “upscales” it to be more professional in the process.
- Reposted by David OxleyA big heartfelt thank you from all of us at Signal to every person who has ever used Signal, gotten your friends to make the switch, and donated to support our work. It is truly an honor to build Signal for you. 💙
