David Oxley
Senior leader for Cyber Threat Intelligence analysis at Amazon. @CitizenLab.ca Research Fellow. Former federal agent. Fan of space, books, tech, and Mother Nature🌪️. Personal account. 🇺🇸 🇺🇦 🇹🇼 #ThreatIntel
Storm chasing: https://bsky.app/profile/wxdox.com
- Proud to share new research by Amazon Threat Intelligence detailing recent activity by Sandworm/APT44 🇷🇺 targeting US and European energy, critical infrastructure, and managed security provider networks via vulnerable and misconfigured network edge devices. #threatintel aws.amazon.com/blogs/securi...
- A new blog this evening from Amazon Threat Intelligence detailing ongoing China-nexus cyber actors leveraging React2Shell (CVE-2025-55182): aws.amazon.com/blogs/securi...
- [Not loaded yet]
- On the heels of @dlshad.net and @davidmagnotti.bsky.social’s presentation at #CYBERWARCON, happy to share the associated AWS Security blog post (with IOCs) aws.amazon.com/blogs/securi...
- Hope to see many of you at #CYBERWARCON tomorrow! As always, if you see me in the AWS shirt, don’t be afraid to say hi, and please don’t be offended if I forget your name (it’s not you, it’s me). 😅
- [Not loaded yet]
- And I’ll keep shamelessly plugging @dlshad.net and @davidmagnotti.bsky.social’s Lightning Talk on Iranian cyber ops in support of kinetic strikes!
- [Not loaded yet]
- [Not loaded yet]
- Come work with Amazon Cyber Threat Intelligence (ACTI) focusing on the threats targeting Amazon, AWS, and our subsidiaries! US citizenship required, in-office across multiple US locations. DM with questions! www.amazon.jobs/en/jobs/3120...
- Listening to the #ThreeBuddyProblem podcast and, while I’m glad you’re hearing about Amazon threat intel for the first time, I can say we’ve been around doing a thing or two for a while @ryanaraine.bsky.social, @jags.bsky.social, and @craiu.bsky.social 😅 (but message received re: IOCs in the blog)
- [Not loaded yet]
- 🫡
- Also check out @dlshad.net and @davidmagnotti.bsky.social presenting on more of our work at #CYBERWARCON this week!
- Excited to share another blog where Amazon Cyber Threat Intelligence (ACTI) discovered APT exploitation of zero-day vulnerabilities in Cisco and Citrix products. Proud of the team’s work! aws.amazon.com/blogs/securi...
- [Not loaded yet]
- And if you do so, Senator, all the pain that our state has endured during this shutdown was for naught. Please don’t move forward without ACA subsidy extensions.
- ‼️ The @cyberwarcon.bsky.social agenda and presenters list is live. Proud that Amazon Cyber Threat Intelligence will be presenting for the first time on the intersection of Iranian cyber ops and kinetic strikes with Dlshad Othman and @davidmagnotti.bsky.social! www.cyberwarcon.com/ping-first-b...
- And @dlshad.net!
- [Not loaded yet]
- “James Comey’s rights and liberties are not the only ones at risk today. So is your own right to participate in free and fair elections in order to render a verdict on Trump’s invasion of those rights and liberties.” From @davidfrum.bsky.social apple.news/AX8_ub4UHR0G...
- Happy to share that Amazon Cyber Threat Intelligence (ACTI) is hiring our first role in Dublin, Ireland! 🇮🇪 This role will provide threat intel support for the AWS European Sovereign Cloud (ESC). Dublin-based, open to current EU citizens, and with relocation available. amazon.jobs/en/jobs/3089...
- Glad to see not every country is powerless to hold coup leaders to account - “Bolsonaro Sentenced to 27 Years in Prison for Plotting Coup in Brazil” www.nytimes.com/2025/09/11/w...
- This morning, Amazon Cyber Threat Intelligence published a report about a recent watering hole attack by APT29 🇷🇺 that we discovered targeting Microsoft device code authentication. Proud of the work of the team and the chance to share this with the community! aws.amazon.com/blogs/securi...
- “The driving principle here is obvious: In a free society, people should know who is policing them.” apple.news/ATQz-Wb-hQom...
- [Not loaded yet]
- I’m so sorry you had to experience this Selena 😖
- How Trump’s ‘Big, Beautiful Bill’ Will Make China Great Again www.nytimes.com/2025/07/03/o...
- Well-done by @billmarczak.org and @jsrailton.bsky.social at @citizenlab.ca! citizenlab.ca/2025/06/firs...
- Many moons ago, I was a federal agent. I arrested people. And you know how many times I did that while hiding my face and refusing to identify myself? Never. apple.news/A8NMRFx2mRua...
- Happy @sleuthcon.bsky.social SLEUTHCON Day to those who celebrate! Hope to see many of you there! #SLEUTHCON
- 👌
- [Not loaded yet]
- RAW for sure. Cuban DI (outside of the Montes stuff) too. If you haven’t seen “The Bureau,” about the DGSE, you’re missing out: en.wikipedia.org/wiki/The_Bur...
- [Not loaded yet]
- I feel like a lot of the people that made threat intel Twitter what it was made the leap over to Bluesky. But can’t speak for infosec as a whole.
- One week until @sleuthcon.bsky.social! Hope to see many of you at the best cybercrime conference of the year. (And grab a ticket while you still can!) #SLEUTHCON
- David Brooks gets it. “It’s time for a comprehensive national civic uprising. It’s time for Americans…to form one coordinated mass movement. Trump is about power. The only way he’s going to be stopped is if he’s confronted by some movement that possesses rival power.” www.nytimes.com/2025/04/17/o...
- I was traveling when @sleuthcon.bsky.social’s CFP and registration opened (and when this amazing challenge coin came in the mail). Sign up to present and/or attend and join the best cybercrime conference each year, bar none!
- Happy to share that, as of next month, I’ve been promoted to Senior Manager (L7) with an expanded scope across Amazon CTI’s analysis teams. We’re looking for managers for two teams, AWS and incident response threat intel. Technical, in-office, US-based. DM with questions! amazon.jobs/en/jobs/2918...
- No honor among this crowd. Cowards, all of them.
- Both unsurprising given the administration’s swing toward the authoritarian bloc, and yet also so shocking. You can bet Russia has no such illusions and isn’t unilaterally backing down. therecord.media/hegseth-orde...
- I’m a fan of this being called the “Deconstruction Era” as well. No clearer sense of the damage being done than that.
- “the Deconstruction era” is honestly appropriate coinage. bsky.app/profile/high...
- Wish I could be in Taipei for @rightscon.org this week, but sadly travel schedules just didn’t work. Good luck and have a fantastic time to those who are there!
- What a bunch of cowards. apple.news/AhxOFS1p-TWC...
- [Not loaded yet]
- You mean January 37th?
- “Elon Musk is not the president, but it does appear that he—a foreign-born, unelected billionaire who was not confirmed by Congress—is exercising profound influence over the federal government of the United States…It is nothing short of an administrative coup.” www.theatlantic.com/technology/a...
- For the #threatintel crowd, I’m hiring two cyber threat intel engineers for AWS Threat Intelligence! US-based, full-time from offices in the DC area, Austin, and Seattle. All backgrounds encouraged to apply. Can’t beat the scope or impact of the work. Let me know if you have questions! 👇
- Mid-level role: amazon.jobs/en/jobs/2866...
- Senior-level role: amazon.jobs/en/jobs/2866...
- I’m generally bullish on the use of GenAI to make our lives better. I also really appreciate Apple’s notification summaries. Less so this: scam SMS comes in and is summarized, but whereas the initial language was “scammy,” Apple Intelligence “upscales” it to be more professional in the process.
- If only it were that simple…
- [Not loaded yet]
- (Not sorry)
- [Not loaded yet]
- Congrats on the move!
- [Not loaded yet]
- A stretch goal if there ever was one
