@racheltobac - Twitter Profile Analysis

Analysis of 200 tweets by Rachel Tobac, from 05 Jun 2021 to 22 Jul 2021.

@racheltobac twitter profile photo

Rachel Tobac

verified twitter profile @RachelTobac

Hacker & CEO @SocialProofSec social engineering & hacking training, pentests, workshops, & talks | 3X @DEFCON SECTF 2nd place | Board Chair @WISPorg | She/her

Walmart eBooks by Rakuten Kobo

18,109 tweets
57,047 favourites
4 tweets per day
2015 since
7,071 following
1,029 listed
San Francisco, CA location

Top Tweets by @racheltobac

Rachel Tobac
I love when smart people make my job as a hacker much harder — this work by @laparisa and team is going to make credential harvest phishing more obnoxious for me as an attacker. Exactly what I like to see. https://t.co/2ncXnCbkNm
22 Jul, 2021 - 01:28 AM UTC
Rachel Tobac
In our Infosec circle we hear people talk about multi-factor authentication as if it's obvious but the reality is very different. Twitter released their numbers -- only *2.3%* of Twitter users had any MFA method enabled during this reporting period. https://t.co/08MQORUv5Q
21 Jul, 2021 - 11:05 PM UTC
Rachel Tobac
Tomorrow's @duosec + @presidio event at 4 PM ET is going to be fun. Added a new phone spoofing demo, a Twitter hack breakdown, a video of me breaking into a building with only a binder & you'll get to see me do a How I Would Hack You: Live demo on a CISO! https://t.co/dvdiXI2M6S
21 Jul, 2021 - 10:06 PM UTC
Rachel Tobac
Message to orgs w/ products that recommend users click in email to use their tools: Prioritize revamping interaction design & messaging — your org inadvertently teaches users to click on phishing emails by creating user flows that require or recommend email clicks to use tools. https://t.co/FkdQ8y7Fbw
16 Jul, 2021 - 07:19 PM UTC
Rachel Tobac
My latest obsession is Terraforming Mars (cc @StrongholdGames). In the middle of a multi day game right now and could not possibly have more fun than this 🚀☄️🌱
07 Jul, 2021 - 11:29 PM UTC
Rachel Tobac
Wooo! @Twitter team is prioritizing strong MFA options to keep accounts secure. Today Twitter users now have the option to use security keys as their sole form of MFA, without any additional backup method! https://t.co/hSBQhNCu0v
30 Jun, 2021 - 09:07 PM UTC
Rachel Tobac
Wow, Gmail SMS 2FA code with an ad tacked on -- Google didn't include the ad, the ad was injected by the carrier. Looks like a phish but isn't. Mobile carriers injecting ads, especially for SMS 2FA, is awful. It erodes accessibility & trust while teaching folks to click a phish. https://t.co/TwMMfYL4A1
29 Jun, 2021 - 04:22 PM UTC
Rachel Tobac
Tomorrow @ 1:05 pm ET! Brian (@maru37) & I are talking thru best practices for ethical phishing testing at @Living_Security's #BSA2021. Actionable steps to keep phishing testing a positive learning experience w/out ever harming folks or burning bridges!🤖🤘https://t.co/buRWV6rJ5b
23 Jun, 2021 - 09:37 PM UTC
Rachel Tobac
Lol if it turns out the HBO Max email goof is a stunt for a new show called Integration Test Email then congrats to the marketing team
18 Jun, 2021 - 01:27 AM UTC
Rachel Tobac
Pumped to talk through The Ethics of Phishing Testing with Brian (@maru37) at @Living_Security's #BSA2021 on 6/24 at 1:30 PM ET. We'll be talking thru actionable steps to to keep phishing testing a positive learning experience without ever harming, scaring, or burning bridges!
11 Jun, 2021 - 09:20 PM UTC
Rachel Tobac
Slack is often thought of as a fully trusted internal channel — orgs wrongly believe social engineering can’t happen there. When hacking I commonly target IT Support 1st, requests to IT Support like the EA intrusion “lost phone, still need network access, please help” work often. https://t.co/AJw5vkVaII
11 Jun, 2021 - 04:17 PM UTC
Rachel Tobac
Excited to keynote @Siemplify SocStock2021 6/15 at 9:15 AM PT. I'm covering stories from the field, how I craft unique attacks for orgs, and the indicators & filters you can use to catch me fast. Also, @troyhunt of @haveibeenpwned is the other keynote! 🤖🤘https://t.co/b1jyOqY2mC
10 Jun, 2021 - 08:38 PM UTC
Rachel Tobac
Thank you @WSJ @HeidiSMitchell for reaching out to chat about how social media is leveraged in social engineering and hacking. It’s true — about 60% of the info I need to hack a person or company is typically found on Instagram alone. https://t.co/H6nI9WduBv
08 Jun, 2021 - 04:06 PM UTC
Rachel Tobac
Pittsburgher hacker: oh my guash yinz aren’t gunna balieve this but I needa red up my haus cause they’re proably gunna wanna take me dahntahn afer’is. https://t.co/wlXx4hfhQj
05 Jun, 2021 - 05:48 PM UTC

Top Retweets by @racheltobac

We just closed out our events this week with an eye-opening live hacking webinar with @RachelTobac. Thank you to everyone who attended our event, Rachel, and our sponsor partner @duosec. Check out the tips below on how to stay “politely paranoid” and avoid being hacked.
22 Jul, 2021 - 09:24 PM UTC
Twitter's latest transparency report does a lot to put my work into perspective. Only 2.3% of Twitter users had any kind of 2FA enabled on their account at all and 79.6% of them were using SMS. We have so much work left to do and I am tired. https://t.co/Cpwc2swfYf
21 Jul, 2021 - 11:40 PM UTC
Rachel Tobac
Tomorrow's @duosec + @presidio event at 4 PM ET is going to be fun. Added a new phone spoofing demo, a Twitter hack breakdown, a video of me breaking into a building with only a binder & you'll get to see me do a How I Would Hack You: Live demo on a CISO! https://t.co/dvdiXI2M6S
21 Jul, 2021 - 10:06 PM UTC
Kevin Collier
This is pretty minor in light of NSO's recent scandal, but they issue all their press releases as pdfs emailed to reporters. Your whole deal is that you sneakily deliver malware to journalists! Read the room guys.
21 Jul, 2021 - 03:30 PM UTC
Katie Moussouris (she/her) is fully vaccinated
It’s official. 🎉 I am deeply honored to serve on the Information Security and Privacy Advisory Board (ISPAB) for NIST. https://t.co/XPfp45Bx9r
20 Jul, 2021 - 03:35 PM UTC
Don't miss an afternoon of hacking and snacking with @RachelTobac and @duosec on July 22nd.  The first 50 people to register and attend will receive a link to SnackMagic snack pack post-event worth over $50!  https://t.co/0cvhuZspn5
19 Jul, 2021 - 09:58 PM UTC
Camille Stewart #ShareTheMicInCyber
My #ShareTheMicInCyber swag came in!! I now have shirts, stickers, and a phone case. 😱 I’m going to order more …😅 (15% off until 7/22!!) Selfies and action shots coming soon lol 💁🏾‍♀️
19 Jul, 2021 - 01:10 PM UTC
Joseph Cox (offline)
Likely Russian-government backed hackers targeted Western government officials with iOS and Windows exploits delivered through LinkedIn messages https://t.co/CdnQFL34uj
14 Jul, 2021 - 04:31 PM UTC
Katie Moussouris (she/her) is fully vaccinated
Looking forward to @JenEasterly leading @CISAgov now that she’s been unanimously confirmed to this critical role. https://t.co/yTF9NVxQ3A
13 Jul, 2021 - 12:12 AM UTC
Join OneLogin, special guests - Former Principal Deputy Director of National Intelligence, Susan Gordon, and @socialproofsec CEO @RachelTobac on July 27th for the #OneLoginVirtualForum to discuss the current cybersecurity state of emergency. Register 👉 : https://t.co/2uNX8pPAwY
12 Jul, 2021 - 03:48 PM UTC
I have been working on this for months, through two job changes, deaths in my fam and tough days AND We have gone to PRODUCTION! 📚 97 Things Every Information Security Professional Should Know ⏰ Arrives September 2021 - published by @OReillyMedia https://t.co/JmStuUxrQv
09 Jul, 2021 - 03:16 AM UTC
Perry Carpenter
If you are interested #socialengineering or #deception, check out my latest episode of "8th Layer Insights." This is a fun one that packs some serious firepower. You'll hear from @humanhacker, @RachelTobac, @LisaForteUK, @WellAwareSecure. Listen here https://t.co/qtLb6e32P4
06 Jul, 2021 - 03:07 PM UTC
Alex Stamos
I felt a disturbance in the Force, as if a thousand vuln researchers downloaded a hastily assembled APK and went silent as they started to reverse it. https://t.co/Btr4epzEhL
01 Jul, 2021 - 05:22 PM UTC
mark risher
To close the loop, these are not Google ads and we do not condone this practice. We are working with the wireless carrier to understand why this happened and ensure it doesn't happen again. Glad Google Messages flagged it as unsafe 🛑 https://t.co/MqSZgh1uUK
29 Jun, 2021 - 11:29 PM UTC



14 tweets
153 replies

Twitter Client

145 Twitter for iPhone
55 Twitter Web App

Tweet Times


Tweet Days



2 - ajohnsocyber
2 - maru37
2 - k8em0
2 - Presidio
1 - WSJ
1 - scriptjunkie1
1 - Siemplify
1 - thepacketrat
1 - cyb3rops


29 - RachelTobac
5 - _MG_
4 - IanColdwater
3 - AletheDenis
3 - RealSexyCyborg
3 - gnugro
3 - rinkisethi
2 - maddiestone
2 - ajohnsocyber


2 - #BSA2021


2 - @Living_Security
2 - @maru37
1 - @HeidiSMitchell
1 - @WSJ
1 - @haveibeenpwned
1 - @troyhunt
1 - @Siemplify
1 - @Twitter
1 - @StrongholdGames