Scott Lynch

Security Onion 3.0.0 Now Available with New and Improved Interface and Much More! blog.securityonion.net/2026/03/securi…

Security Onion 3 is coming soon! Are you ready?

Open Source Intelligence: Tracking Satellites with SkyOSINT hackers-arise.com/open-source-in…

in light of rapid7.com/blog/post/tr-b… save yourself some time analyzing and crafting the packets for the right scanning method: github.com/cloudflare/fil…

a SIEM is not a dumping ground for every log your company generates. if your strategy is “ingest everything so we don’t miss anything,” you have built a data lake instead and your analysts are going to drown in it (pun intended).

Security Onion 3.0 Coming Soon! blog.securityonion.net/2026/03/securi…

Security Onion 2.4.211 Is Now Available and Resolves Several Issues! blog.securityonion.net/2026/03/securi…

Investigation Scenario 🔎 Your SIEM flags an OAuth consent grant to “Adobe Secure Share” from a user's M365 account at 07:13 AM. The audit log shows consent to files.readwrite.all. What do you look for to investigate whether an incident occurred? #InvestigationPath #DFIR #SOC

Security Onion 2.4.210 Now Available with Updated Components and New Features including Local Model Support for Onion AI! blog.securityonion.net/2026/03/securi…

It's cooking ... - complete rewrite of Loki in Rust - uses yara-x instead of yara - uses YARA-Forge as signature set - improved UX

𝗝𝘂𝘀𝘁 𝗹𝗮𝘂𝗻𝗰𝗵𝗲𝗱 𝗮𝘄𝗲𝘀𝗼𝗺𝗲-𝗱𝗳𝗶𝗿-𝘀𝗸𝗶𝗹𝗹𝘀 𝘄𝗶𝘁𝗵 @fr0gger_ ! Designed to save time during investigations and everyday DFIR tasks Thomas has built an excellent malware triage skill, and I’ve added a couple of timeline analysis skills to help you get started. Feel free to contribute and use these skills to save a ton of time, like we already do. github.com/tsale/awesome-… Learn about skills: - developers.openai.com/codex/skills/ - support.claude.com/en/articles/12…

Security Onion 2.4.200 now available with major improvements for our popular Onion AI Assistant! blog.securityonion.net/2025/12/securi…

Really excited about this one ⚡️ This post dives deep into Aurora - Nextron’s free ETW-based detection agent - and shows how it can help detection engineers, IR teams, and monitoring specialists explore and understand what’s actually observable via ETW 🔎🌊 - Free (Aurora Lite) - Local #ETW visibility - no audit policy or EDR needed - Perfect for detecting noisy things like browser credential store access - Adds rich context fields (e.g., ProcessTree, GrandparentImage, PE metadata) - Great for writing & validating #Sigma rules with real telemetry If you care about writing good detections, this is the tool - and the writeup - to check out

"Why would I use THOR during IR?" "Why scan backups before restore?" "Why run periodic compromise assessments?" We usually say: because we find what others miss. And then they say: like what? Well … here’s the answer 👇

Shadow IT/Shadow SaaS is a bigger threat than _most_ of the critical and high vulnerabilities the average vuln report spits out…

Starting in 30 minutes! - The world's top cyber minds gather at the SANS #EmergingThreatsSummit 2025 to reveal: - How quantum computing will break today's encryption - How AI is weaponizing cyberattacks - How to defend critical infrastructure in a hyperconnected world and more! @robtlee @chrishvm 🔗 Register Now sans.org/u/1zh8

A tale of two (large) purchases and cybersecurity Let’s take the case of purchasing a new expensive software-controlled piece of equipment that supports business operations like MRI Machines, heavy manufacturing equipment, ATM Machines, etc. a short 🧵

30 percent of some Microsoft code now written by AI - especially the new stuff go.theregister.com/feed/www.there…

AWS creates EC2 instance types tailored for demanding on-prem workloads go.theregister.com/feed/www.there…