design, build, teach threat-informed information security programs and techniques. Also: retweets of interesting classes, tools, research. They/them
Joined October 2015
- Tweets 12,688
- Following 232
- Followers 959
- Likes 1,074
24 Photos and videos
Pinned Tweet
21 Jun 2021
@dfirnotes is (we're) mostly:
Information Security Leader & Educator | Twitter, Github: @dfirnotes
BBSTi, CISSP, GIAC**0x0c, GSE**2, ITIL, LPI, MAD CTI
Blog at dfirnotes.net
DMs open for #CyberMentoringMonday or other questions.
Be excellent to each other!
1
2
7
DFIR Notes retweeted
14 Apr 2023
(1/n)
WinDbg finally released outside the store, and no more "Preview"!
Ecstatic to see my old team hit this milestone! It's come so far since @aluhrs13 and I started the "WinDbgNext" project so many years ago.
learn.microsoft.com/en-us/wi…
5
92
327
71,447
DFIR Notes retweeted
14 Apr 2023
For $20 a month, you get access to a bunch of knowledge from smart people like @ForensicITGuy on topics from malware analysis to network forensics to EXCEL ❤️, and much more. This isn't sponsored, I just think it's awesome they're making such useful content so accessible!
12 Apr 2023
We're excited to launch our new Analyst Skills Vault, a subscription-based service that provides access to our growing collection of standalone video lessons.
1
4
25
5,719
Domain fronting is hands-down the weirdest thing. I think a lot of blue team (including myself) would have heard the term over the years without looking into it. 1/4
13 Mar 2023
If I'm reading this config right, it's a #CobaltStrike using the @nytimes content API as a C2:
gist.github.com/usualsuspect…
dropped by fake @GoIvanti VPN updater ISO:
virustotal.com/gui/file/568e…
ISO -> .NET stuff -> custom loader -> reflective loader beacon
1
4
39
11,344
DFIR Notes retweeted
9 Mar 2023
I think it depends on what you want the EDR.
Personally, I have never looked at an EDR as a source for detection but a source of telemetry. I see vendors say they detect "x", but I have always used that as one of my detections for a given operation versus the sole detection.
1
2
13
2,161
DFIR Notes retweeted
12 Mar 2023
Anyone who wants a mentor, to give back to the community, or to just share resources should definitely check out #CyberMentoringMonday loads of amazing people and info in the tag!!
5
23
6,720
DFIR Notes retweeted
13 Mar 2023
1
41
102
16,103
DFIR Notes retweeted
10 Mar 2023
Reminded by @jaredcatkinson what an invaluable project Security Datasets is: OSS initiative that contributes malicious & benign datasets from different platforms to expedite data analysis & threat research. @Cyb3rWard0g @Cyb3rPandaH github.com/OTRF/Security-Dat…
5
13
2,069
DFIR Notes retweeted
10 Mar 2023
Our Sigma rule extension for @code got a major update by my team member @paulhagertheo
It allows lookups of similar and related rules & uses a new web service to do that
it's still new & only superficially tested - feedback & bug reports are welcome
marketplace.visualstudio.com…
4
42
125
46,612
DFIR Notes retweeted
3 Mar 2023
Our call for sponsors is open!
Our prospectus is now up at dianainitiative.org/sponsor/…
Your support will help us do even more amazing things this year. Great opportunity to connect & support #womenInTech #diversity in #infosec
#LeadTheChange #TDI2023
8
9
3,421
DFIR Notes retweeted
3 Mar 2023
"The labs were fun and interesting. The feedback is fast and insightful...I'm not used to that much interaction with an instructor in an asynchronous course!" - Rob
1
2
443
DFIR Notes retweeted
3 Mar 2023
"If you pay attention and give Investigation Theory its due, you will come out the other side a much better analyst for having taken it."
1
3
3
614
DFIR Notes retweeted
28 Feb 2023
That said, the way meterpreter does TLS is strange, so you can do detection on how it behaves.
However, again... this is defaults, you can change the TLS behavior in your payload options and advanced options.
1
2
189
DFIR Notes retweeted
28 Feb 2023
well, Balkan Cyberia finally has a cover and it is marching robotically towards its publication on the 13th June with @mitpress! It has spies & cyborgs, not just apparatchiks - and will be open access but if you want a copy, there will be a discount code!
mitpress.mit.edu/97802625451…
23
66
390
55,787
DFIR Notes retweeted
28 Feb 2023
IMO, BYOD is *the most expensive* cost savings measure ever.
28 Feb 2023
Lots of CISOs out there rethinking their BYOD policies today. Even if you aren't, your business partners are and you should be expecting TPRM questions about it. #LastPass
3
4
38
4,013
DFIR Notes retweeted
24 Feb 2023
We often get asked how to land a job in cybersecurity.
In today's video, Heath discusses the importance of community and giving back as one of the important steps to getting a job in cybersecurity.
youtu.be/pJimy574Sh8
3
13
119
16,710
DFIR Notes retweeted
24 Feb 2023
New release: #PEbear 0.6.5: github.com/hasherezade/pe-be… - several new features, fixes and improvements - check it out!
19
157
633
98,129
DFIR Notes retweeted
24 Feb 2023
I'll be giving a talk next week over my journey into #DFIR and give some tips to help others find their way into this space!
#memoryforensics #malware #infosec #infosecurity
24 Feb 2023
The journey into Cybersecurity is not one-size-fits-all but can vary from person to person. In this webinar with @HuntressLabs, Jamie Levy will cover how she found her way into this field and give tips for choosing the right path for you. brighttalk.com/webcast/17216… #WiCyS
1
10
27
13,306
DFIR Notes retweeted
23 Feb 2023
Assert dominance in your ticket queue by submitting all technical details necessary with screenshot of Hello Kitty terminal.
11
29
225
17,827
DFIR Notes retweeted
24 Feb 2023
#SLEUTHCON provides cybersecurity newcomers & professionals the opportunity to learn from industry experts in easy-to-follow 30 min talks. Join us online or in Arlington, VA on 5/12! Register today at sleuthcon.com. #cybercrime #infosec #cyberattacks #CTI #ransomware
9
5
1,788