DFIR Notes

@dfirnotes is (we're) mostly: Information Security Leader & Educator | Twitter, Github: @dfirnotes BBSTi, CISSP, GIAC**0x0c, GSE**2, ITIL, LPI, MAD CTI Blog at dfirnotes.net DMs open for #CyberMentoringMonday or other questions. Be excellent to each other!

(1/n) WinDbg finally released outside the store, and no more "Preview"! Ecstatic to see my old team hit this milestone! It's come so far since @aluhrs13 and I started the "WinDbgNext" project so many years ago. learn.microsoft.com/en-us/windows-…

For $20 a month, you get access to a bunch of knowledge from smart people like @ForensicITGuy on topics from malware analysis to network forensics to EXCEL ❤️, and much more. This isn't sponsored, I just think it's awesome they're making such useful content so accessible!

Domain fronting is hands-down the weirdest thing. I think a lot of blue team (including myself) would have heard the term over the years without looking into it. 1/4

@Cyb3rMonk I think it depends on what you want the EDR. Personally, I have never looked at an EDR as a source for detection but a source of telemetry. I see vendors say they detect "x", but I have always used that as one of my detections for a given operation versus the sole detection.

Anyone who wants a mentor, to give back to the community, or to just share resources should definitely check out #CyberMentoringMonday loads of amazing people and info in the tag!!

Introducing VT4Splunk, our official App for @splunk blog.virustotal.com/2023/03/introd… by @thetravelr

Reminded by ⁦@jaredcatkinson⁩ what an invaluable project Security Datasets is: OSS initiative that contributes malicious & benign datasets from different platforms to expedite data analysis & threat research. ⁦@Cyb3rWard0g⁩ ⁦@Cyb3rPandaH⁩ github.com/OTRF/Security-…

Our Sigma rule extension for @code got a major update by my team member @paulhagertheo It allows lookups of similar and related rules & uses a new web service to do that it's still new & only superficially tested - feedback & bug reports are welcome marketplace.visualstudio.com/items?itemName…

Our call for sponsors is open! Our prospectus is now up at dianainitiative.org/sponsor/?utm_c… Your support will help us do even more amazing things this year. Great opportunity to connect & support #womenInTech #diversity in #infosec #LeadTheChange #TDI2023

"The labs were fun and interesting. The feedback is fast and insightful...I'm not used to that much interaction with an instructor in an asynchronous course!" - Rob

"If you pay attention and give Investigation Theory its due, you will come out the other side a much better analyst for having taken it."

@netresec @GuhnooPlusLinux That said, the way meterpreter does TLS is strange, so you can do detection on how it behaves. However, again... this is defaults, you can change the TLS behavior in your payload options and advanced options.

well, Balkan Cyberia finally has a cover and it is marching robotically towards its publication on the 13th June with @mitpress! It has spies & cyborgs, not just apparatchiks - and will be open access but if you want a copy, there will be a discount code! mitpress.mit.edu/9780262545129/…

IMO, BYOD is *the most expensive* cost savings measure ever.

We often get asked how to land a job in cybersecurity. In today's video, Heath discusses the importance of community and giving back as one of the important steps to getting a job in cybersecurity. youtu.be/pJimy574Sh8

New release: #PEbear 0.6.5: github.com/hasherezade/pe… - several new features, fixes and improvements - check it out!

I'll be giving a talk next week over my journey into #DFIR and give some tips to help others find their way into this space! #memoryforensics #malware #infosec #infosecurity

Assert dominance in your ticket queue by submitting all technical details necessary with screenshot of Hello Kitty terminal.

Happy 1st anniversary to @NonprofitCyber!

#SLEUTHCON provides cybersecurity newcomers & professionals the opportunity to learn from industry experts in easy-to-follow 30 min talks. Join us online or in Arlington, VA on 5/12! Register today at sleuthcon.com. #cybercrime #infosec #cyberattacks #CTI #ransomware