Lauware

Después de un gran día en el #T3chfest2026, paso por aquí las diapositivas de mi ponencia de ayer "🎮¿Sigue siendo seguro insultar detrás de una pantalla? - OSINT en Videojuegos💻" Diapositivas: tinyurl.com/T3CHFEST2026 Espero que os haya gustado❤️y os sea de utilidad😝

Microsoft Defender XDR Advanced Hunting just got a serious upgrade 🚀 🔍 Query insights 🆕 Query results up to 100.000 rows ⚡ Smarter error messages 🧭 Cleaner UI & navigation 🗂️ Rename tabs 💾 Save KQL functions to workspace Learn More: techcommunity.microsoft.com/blog/microsoft…

Microsoft Defender for Endpoint curated list of resources for DFIR, by @Cyb3rMik3 github.com/cyb3rmik3/MDE-…

One Regex to catch them all - EvilToken@Cloudflare 🎯 | where ActionType == "ConnectionSuccess" | where RemoteUrl matches regex "(?i)^[a-z0-9]{3,}-[a-z0-9]{3,}-[a-z0-9]{3,}\\..*\\.workers\\.dev$" Go search and detect! 🫡 #Cybersecurity #EvilToken #CloudFlare #DefenderXDR

V2 of the #Kali365 PhaaS toolkit has emerged with dedicated OAuth and AI-based lure generation, seeing widespread abuse. This kit is distributed via Telegram and has features like a domain marketplace, Cloudflare worker hosting and keyword searching: bit.ly/3QupSXM

@GranMag0 Lo que más me encanta de ti aparte de lo entretenido que haces este mundillo y que me hayas engordado la cartera, es que cuando te equivocas siempre lo admites sin esconderte alto claro y sin enigmas o acertijos. Sigue así gran estocástico 📈 to the muuun

Cuanto molusco 🦪 saliendo a protestar una invalidación de mi proyección en 4H 😂 Falta educación financiera. Yo hablo claro y directo, si se acierta se dice, si se falla también se dice. Algunos estáis muy mal acostumbrados, os vendieron que el trading es 100% ganancia y no me sorprende, la comunidad crypto (en general) es tóxica y muy mal educa a financieramente. Imagínate reírte y alegrarte por una proyección fallada ❌ de otro compañero del sector, el cual intenta ayudarte cada día. El día que entiendas que esto es una carrera a largo plazo, donde tienes cientos de tropiezos y escenarios invalidados, junto a otro montón de aciertos ✅ y escenarios acertados, entonces te ahorrarás escribir idioteces en esta red social. ¿Sabéis de qué vale fallar proyecciones aquí? 🤗 Para barrer 🧹 mierda en la comunidad 😂 Esa parte, me encanta. Por último que quede constancia que sois muchos los que entendéis cómo funciona esto y apoyáis el contenido si no fuera por vosotros hace años que no escribiría más aquí 💪❤️

@kuezh Muchísimas gracias!!!! ♥️

@LauwareX64 Me encantó tu ponencia!! Quedé así: 🤯🤯

Después de un gran día en el #T3chfest2026, paso por aquí las diapositivas de mi ponencia de ayer "🎮¿Sigue siendo seguro insultar detrás de una pantalla? - OSINT en Videojuegos💻" Diapositivas: tinyurl.com/T3CHFEST2026 Espero que os haya gustado❤️y os sea de utilidad😝

@DfirDiva @13CubedDFIR Investigating Windows Endpoints - Arigatooo 🦫🪵

📣 I partnered with @13CubedDFIR for another giveaway! 🎁 🏆 Five winners will receive a 13Cubed course of their choice from the list below + a Forensicator T-Shirt. 13Cubed Courses: - Investigating Windows Endpoints - Investigating Windows Memory - Investigating Linux Devices - Investigating macOS Endpoints Each course comes with a Certificate of Completion as well as Certification attempts! On April 25th, entries across social media platforms will be combined, and the five winners will be selected. To Enter: ✅ Like ✅ Share ✅ Comment which course you want to win the most For more information ⬇️ Link to 13Cubed Training: training.13cubed.com 13Cubed Merch Store: shop.13cubed.com #DFIR #DigitalForensics #IncidentResponse

If you are someone who is asked to make changes in M365 (resetting MFA tokens, isolating devices) and are wondering why Defender keeps flagging things you don't understand. The gap between " M365 tenant administrator" and "securing the M365 tenant" felt massive. Every security course assumed you already knew things that you didn't, or started so far from your daily work that you couldn't connect the dots. That gap doesn't need to exist. If you're in IT support or admin and your organisation is asking you to handle security as well, you're not starting from scratch. You already know the tenant. You already see the alerts. You just need the framework to make sense of what you're seeing. We made this free. M365 Security: From Admin to Defender 8 modules. No account needed. It covers the security fundamentals that matter when you're the person managing M365: → Entra ID — MFA, conditional access, and why security defaults aren't enough → Email protection — anti-phishing policies that actually work → Device management — compliance policies through Intune → Security alerts — what they mean and what to do about them → Incident response basics — the first steps when something breaks → SPF, DKIM, DMARC — the email auth setup nobody taught you This is the course I wish had existed when I started. It's designed for hands-on learners, not for watching someone click through a portal. Free. No catch. Start here: training.ridgelinecyber.com/courses/admin-… hashtag #M365 hashtag #CyberSecurity hashtag #ITSupport hashtag #CareerGrowth

I vibe coded a phishing threat intelligence platform 45 days later: → 1,100+ domains monitored → 117 confirmed phishing → 12 campaigns tracked Free public feed: domshield.io #VibeCoding #CyberSecurity #ThreatIntel

Threat Hunting Course Most SOC teams say they threat hunt. Most SOC teams run the same saved queries every week and call it hunting. Real hunting starts with a hypothesis, runs a query funnel that narrows from thousands of events to the 3 that matter, and ends with a detection rule that didn't exist before. built a course that teaches the full cycle. 17 modules, 450 KQL queries, 10 campaign types. The first 2 modules are free, no account required. training.ridgelinecyber.com/courses/threat…

🎉 Hundreds of new malicious browser extensions added to extsentry.github.io !

I uploaded all the malware samples used in my book #EvasiveMalware to my Github: github.com/d4rksystem/Eva… I received some questions about the lab samples, so just posting it for everyone here 🤓

🚀 KustoHawk V2 Release 🦅 Over the past weeks, I have been working on a major upgrade for KustoHawk. KustoHawk is a lightweight incident triage and response tool designed for effective incident response in Defender XDR and Sentinel environments. github.com/Bert-JanP/Kust…

The FLARE team now freely distributes its quality reverse engineering and malware analysis educational content at github.com/mandiant/flare…. Launched with: - Malware Analysis Crash Course - Go Reversing Reference - Intro to TTD

Sysmon View 2 is here & is now fully open source! I've rewritten it entirely: New modern UI & many quality-of-life improvements. Thank you all, this rewrite took a long time but was worth it. github.com/nshalabi/Sysmo… #SysmonTools #Sysmon #DFIR #ThreatHunting #BlueTeam #InfoSec

A phishing campaign is abusing an official device code OAuth flow. Instead of stealing passwords, attackers trick you into entering a verification code on the real login page to hijack OAuth tokens. This grants long-term access to email and files. Details: bit.ly/3PvgHG0

Nice update to @anyrun_app that seems easy to miss: HTTPS decryption. If you look at the network traffic, click Network Threats, you can click into the analysis to see the decrypted traffic You can also just download the entire decrypted PCAP. 1/3

Taken from the Stryker Handala / Intune Detection Pack v2 "Check PIM role settings for Global Administrator, Intune Administrator, and Cloud Device Administrator. If you see only the "Require Azure MFA" checkbox and no Authentication Context configured, you have the same gap that enabled the Stryker wipe. Configure Authentication Context with FIDO2 or certificate-based auth today. Enable Intune Multi-Admin Approval for wipe, retire, and delete actions. Tenant Administration > Multi Admin Approval. Under 10 minutes. No additional licensing required. Deploy Rule 13 (bulk wipe threshold alert). Five wipes in 15 minutes from a single identity fires the alert. Wire it to a Logic App that calls revokeSignInSessions on the triggering account via Microsoft Graph. " link to Detection Pack v2 blog and direct download. Please share so others can lock down their InTune environments please threathunter.ai/blog/iran-hand…

Windows Event Catalog detection.wiki