DFIR// Responder of Incidents// Just a human // Views are my own
Joined April 2015
- Tweets 4,458
- Following 2,502
- Followers 3,751
- Likes 10,259
159 Photos and videos
Pinned Tweet
2 Jul 2020
Forget all the infosec courses and trainings for right now. I need a training on Excel ASAP š
54
40
559
10 Aug 2025
Stole a goons lunch money today. When I said I wanted to just see @jaysonstreet today, I didnāt know that was going to turn into a conversation and him giving me this sweet chip! Great meeting you! You made this first defcon experience even better!
1
1
5
945
29 Nov 2023
My MacBook and VMware users. I seem to be having a hard time finding VMs for analysis that support ARM. So far, remnux doesnāt support it and Ubuntu. Anyone have any recommendations? Iād like to build a Linux VM similar to Remnux and maybe one close to Ubuntu
2
2
807
17 Nov 2023
For any of us who arenāt Cisco IOS experts, regarding the Cisco IOS XE exploits (CVE-2023-20273 and CVE-2023-20198), what ālogsā are you checking to look for suspicious commands being run? @TalosSecurity had a great write up, but Iām wondering what ālogsā are reviewed.
1
1
2
1,654
24 Oct 2023
For anyone that works at an MSSP in DFIR. Once you get called to investigate an incident, how do you scope the incident at scale? For example, you analyze 3 systems, identify TTPs and IOCs, how do you then scope what other systems may be impacted.
2
1
858
24 Oct 2023
Caveats. There is no SIEM in place. This is your first time in this environment. Do you use remote Powershell, deploy an EDR, velociraptor, etc. would love to hear everyoneās thoughts
210
18 Sep 2023
Anyone have any recommendation on a good technique or client to view both EML and MSG files? For example, a user provided the above file type, and you want to view what the email looks like, attachments, and header information. Outlook is difficult to setup without an account.
266
18 Aug 2023
New blog post is up! Check it out! Straight and to the point of Sysmon and how itās useful for incident response. #dfir #forensics #incidentresponse #ir #sysmon #microsoft #cyber #cybersecurity
thedfirspot.com/post/sysmon-ā¦
2
4
478
Jay retweeted
16 Aug 2023
File sharing site Anonfiles shuts down due to overwhelming abuse - @LawrenceAbrams
bleepingcomputer.com/news/seā¦
5
61
148
34,681
Jay retweeted
16 Aug 2023
CISA warns of critical Citrix ShareFile flaw exploited in the wild - @LawrenceAbrams
bleepingcomputer.com/news/seā¦
55
120
19,346
15 Aug 2023
Stay tuned for my next post š
TheDFIRSpot.com
Iāll talk about why you need Sysmon and how you can turn your visibility at scale in your network up to 11 for free. sysmon is nothing new, so then why arenāt we implementing it?! Letās get to the point. #dfir #forensics
2
211
14 Aug 2023
As mentioned, my site is up and operational and my first blog post is up! This is all about LNK files and using these for your intrusion analysis and investigations.
thedfirspot.com/post/a-lnk-tā¦
1
1
3
331
14 Aug 2023
My goal for these posts are to provide a section that is straight to the point, then continue to more technical and detailed analysis further along. As incident responders, time is everything and sometimes we want to get straight to the good stuff. Stay tuned for upcoming posts!
1
135
14 Aug 2023
Also, please consider subscribing if youāre interested in this content and are looking for more. #dfir #ir #incidentresponse #forensics #cyber #cybersecurity
94
10 Aug 2023
Hey, everyone! Iāve been gone for quite some time! During this time, Iāve picked up a large number of new skills, primarily focused on DFIR. Iām hoping to spin up this Twitter (X?) account again and start giving technical advice and posts on DFIR and security.
1
1
231
10 Aug 2023
And more. I plan on talking about what to look for when you have an incident, how to respond, common malware that Iāve seen, etc etc. hoping this will help others become more technical and also help myself to continue learning.
1
90
10 Aug 2023
During my time away, Iāve obtained a number of SANS certifications (GNFA, GREM, GCFE, GCFA, GCFR), working on my masters degree soon, nearly 3 years experience in DFIR and various other certifications. Iām really hoping to share my experiences and thoughts on this topic. Thanks!
1
199
Jay retweeted
19 Jan 2023
Calling #cyberdefenders! We are celebrating 55000 LinkedIn followers with a giveaway worth $16,000š!
As a token of appreciation, we want to give back to the #blueteam community by giving away 21 #CertifiedCyberDefender vouchers, 7 for each - Discord, Twitter, and LinkedIn.
79
220
395
48,746
5 Aug 2022
For those that scale during IR (MSSPs that work different environments) how do you do this? What do you find is most efficient and useful? I heard good things about velociraptor? Do you utilize EDR instead? For example, deploy EDR agents out during an investigation?
1
1