Nicolas Bareil

We used to go to a special website, ask strangers for help with programming, and get humiliated in return

Thanks @dguido for this excellent talk. It is a must-watch for any leader, or really for any company that wants to survive youtube.com/watch?v=kgwvAy…

Reviewing old reports... Who remembers when TZWorks’ forensic tools were the gold standard? 🫠

@kepano Is there a way in Obsidian to have the "Unlinked mentions" suggestion feature limited to one link per document? For example, if I have 40 times a word that could be turned into a link, having just one single link is enough. Thanks!

@marclou Are you sure the "Transferring licence to another device" process described in the FAQ works? I don't manage to make it work 😭

I made an app to fix my terrible posture. It uses my MacBook Pro camera to watch me work. When AI detects that I’m sitting like a shrimp 🦐, it sends me a notification with a preview of my posture so I can reposition myself. Everything stays local. It works offline too. > supershrimp.io And because apparently my brain only responds to fake rewards, I added XP: good posture makes my shrimp evolve (currently level 7).

Excellent work, best resource about this class of exploits! Actually better than any Gemini Deep Research :)

Today I learned the existence of the CLIPS language and the powerful Rete algorithm, nice and inspiring for future developments 😊

These vibes bring back so many good memories ❤️❤️❤️ Good old times…

DFIR analysts who use macOS as their daily driver deserve free and native forensic tooling. So I built one. 🍎 Introducing 𝗜𝗥𝗙𝗹𝗼𝘄 𝗧𝗶𝗺𝗲𝗹𝗶𝗻𝗲 — a timeline analysis app built from the ground up for Mac-based DFIR folks, forensic investigators, or SOC analysts. Built in appreciation of, and inspired by, Eric Zimmerman’s Timeline Explorer. Every feature in this tool was shaped by real IR casework. Handling massive timelines, parsing artifacts here and there, and pivoting across logs during active investigations. I built IRFlow Timeline to be the native macOS timeline analyzer that actually keeps up with a live case. Every button and view is intentional; if it’s in the app, it’s because I needed it mid-case and realized the standard tools fell short. No dependencies. Zero setup. Just drag, drop, and analyze. #dfir #incidentresponse #timeline #macos #threathunitng #digitalforensics

My teammate Matt not only wrote a new blog post, but also created two new Velociraptor artifacts - now available on the Velociraptor Artifact Exchange! 🥳🥇 Check out his blog and explore the new detection capabilities 🤓

I wrote a fun little post called Beads Blows Up: steve-yegge.medium.com/beads-blows-up…

Actually, there’s a kernel+shell convention: exit code >128 means the process died from a signal. Subtract 128 to find which one. Here it’s 130 → SIGINT (2), sent by Ctrl+C — matching the suspicion of hands-on-keyboard activity 🤘

Interesting nerd snipe today: On Linux, an EDR-like logged an exit-code of 130 for a process establishing C2, leading the customer to believe the execution was unsuccessful and safe.

@fabienpenso @home_assistant @sonoff_global Hell yeah please 💯

@nbareil @home_assistant @sonoff_global ah yeah, home automation basics: start small, add automation slowly. First lights + motion sensors, then door/window sensors + alarmo with automatic turnon when you’re not here. Then water heater automation, etc.

I guess you can say I know and use @home_assistant a lot. I just added another @sonoff_global device to control toilet fans automatically.

@fabienpenso @home_assistant @sonoff_global It would be fantastic to hear your tips and tricks for a connected home. The little things that bring you joy when you use them. My home assistant dashboard is quite limited at the moment, probably because I’m not sure what to do with it.

@nbareil @home_assistant @sonoff_global I was thinking about it, anything specific you’d like to know?

Thanks @foxit for github.com/fox-it/dissect. This project is totally underrated. I tried it once before, but it didn’t click until a few weeks ago. It’s a masterpiece that radically changed my IR workflows, enabling me to implement forensics playbooks I dreamed for years 💙💙💙

@TuringAlex Thank you Alex for the link with #MystRodX It is very interesting !

@nbareil You're awesome!! 🫡

It's my one-year anniversary at Unit 42, and I'm excited to share a major piece of research I co-authored with the team. It's a deep dive on a telecom-focused threat actor (known as LightBasin), based on incident response engagements I've been a core part of this past year.

@citronneur And there is even a flake.nix, mama you are awesome 😎

@citronneur Excellent, thank you Sylvain!

I am so happy Airbus CERT released a portal to their PowerShell deobfuscator, this thing is a beast. I would only dream of a Python binding now 😉