@BlueTeamHB profile picture
Next SEC 530 - September in Raleigh NC @BlueTeamHB

*Actual Unicorn*. Blue Team, Detection Engineering. and SecOps Use Cases are my Jam.

Joined July 2014
  • Tweets 1,002
  • Following 229
  • Followers 681
123 Photos and videos
There is a growing list of Shell and PowerShell Incident Response scripts in Blue Team Handbook here github.com/DonMVB/BlueTeam-H…

GitHub - DonMVB/BlueTeam-Handbook: This will be the repo for the BTHb.

This will be the repo for the BTHb. Contribute to DonMVB/BlueTeam-Handbook development by creating an account on GitHub.

github.com
1
58
There is a growing wiki for the Blue Team Handbook here donmvb.github.io/

Welcome to the Blue Team Handbook Incident Response wiki!

Blue Team Handbook

donmvb.github.io
1
27
Along with a update to the Blue Team Handbook Incident Response, there is a growing code base available from the book on GitHub. github.com/DonMVB/BlueTeam-H…

Home

This will be the repo for the BTHb. Contribute to DonMVB/BlueTeam-Handbook development by creating an account on GitHub.

github.com
41
Version 3.0 of Blue Team Handbook, Incident Response Edition, is locked at loaded for a DEC 15 relese. Just looked through the proof copies. And the updated cover is a pure delight. My graphic artist and I spent 7 hrs in the ER a week ago, redrawing it.
1
22
This reminds me of the chapter in Perfect Dark Initial Vector by Greg Rukka when the corpsec agent busts the Benjamin Able who is leaking data to the Carrington Institute.
inversecos
@inversecos
7 Sep 2025
Replying to @vxunderground
49
Yeah, but the picture is worse for the 8M books that a certain large tech company snarfed up to feed their AI platform.... and did not pay the authors anything.
Luiza Jarovsky, PhD
@LuizaJarovsky
7 Sep 2025
🚨 Real footage showing AI companies trying to remove personal data from the AI training dataset to avoid GDPR compliance. Watch:
1:01
45
Blue Team Handbook Incident Response is getting an update. Eight of ten chapters in the review pipeline. Should be ready for purchase for the Christmas 2025 season. OH - and there will be a wiki w/ tutorials and some pretty good #incidentresponse code. github.com/DonMVB/BTHbIR/wik…

Home

Blue Team Handbook Incident Response Edition. Contribute to DonMVB/BTHbIR development by creating an account on GitHub.

github.com
1
3
403
Looking forward to teaching #sec530 so I can help raise up the next round of #allaroundefenders and #blueteam security architects/engineers.
81
This is very, very well deserved. @MarkBaggett is one of the top leaders in our profession.
Mark Baggett
@MarkBaggett
25 Mar 2024
Speechless. That’s @SANSInstitute
1
2
133
Heard on a call this morning. "well, its running on this poverty pony server ..." referring to a 7 yr old 8 core box ...
1
89
X marks the spot. Just trying to fit in w/ the new twit-o-verse.
108
Really good list here for Sec Ops use cases.
InfoSec Pandey🥷🏻 🇮🇳 🕉️@InfosecPandey
9 Apr 2023
Splunk use cases: 0xcybery.github.io/blog/Splu… #splunk #siem #usecase #contebtdevelopment #SPL
1
159
Always looking to #sharpenthesaw … I'm listening to Finchwood Discipleship Podcast | How to Manage Your Time God’s Way (Season 3, Episode 11) on Podbean, check it out! Some hash tags … #christian #bible podbean.com/ei/pb-yqjkk-1407…

How to Manage Your Time God’s Way (Season 3, Episode 11)

Let's be honest: time management is something we all struggle with. Some of us are too busy, and some of us feel like maybe we're not busy enough. Time is life, it's money, it's everything. So how we...

podbean.com
1
104
Check your DNS traffic and security stack for these domains ...
Infoblox@Infoblox
13 Apr 2023
⚠️ THREAT INTEL ALERT: Infoblox #ThreatIntelligence Group discovered new, low-profile malware DNS beacons communicating with a Russian C2. Here are the domains:👇 claudfront[.]net, allowlisted[.]net, atlas-upd[.]com, ads-tm-glb[.]click, cbox4[.]ignorelist[.]com, hsdps[.]cc
161
Skimmed the reference doc on @Microsoft #PKI - solid intro. Lots of good details in here.
The Haag™
@M_haggis
25 Mar 2023
After working with MSExchange and IIS components, I became interested in Certificate Services. Defending against Certificate Services abuse caught my attention: splunk.com/en_us/blog/securi… I delved into the Certified Pre-Owned work (specterops.io/wp-content/upl…), which is a 143-page report that covers ADCS in-depth. Although the report was comprehensive, I noticed some areas that could benefit from better detection. As a result, I wanted to provide defenders with a way to: - Simulate adversary behavior with #AtomicRedTeam - Know what and how to log - Detect ADCS abuse I hope you find this information interesting and helpful in learning something new!
1
382
Hey #authors / #selfpublishing ppl - is there a self publishing house that can watermark a PDF at point of sale w/ the end user's email address? Looking for some minimal protection. Yes, I know that qpdf can strip this out.
113
Dropped two CFP's down for two SANS Summits today. Churning on more ... moowwaaahaaaaa!!! @PSYber_Jen / @SANSDefense

ALT Snoopy Excited GIF
84
New term: "con-dol-u-la-tions". Recently heard when a colleague has a coworker depart for greener pastures, and the colleague became the point person for a new tech platform they weren't familiar with.
1
85
I will be at RSAC 2023 for conversation around Cyber Threat Intel, network defense, applying DNS to improve your security posture, data exfiltration, ... Bonus - if you have a Blue Team Handbook, my pen is will be nearby.
113
This event is worth carving out so,e time to attend.
John Hubbard@SecHubb
3 Feb 2023
Big news for the SOC folks out there! The Blueprint podcast will soon be releasing an entire special season with the authors of MITRE's "11 Strategies of a World-Class Cybersecurity Operations Center"! Subscribe now so you don't miss it! sans.org/blueprint #cybersecurity
109
Load more