MyDFIR

Enjoy! I am excited to see how y’all transform this into something even better. These are just the building blocks, it is up to you and your creativity 💙 youtu.be/Xh9AP-x06jU?fe…

@WallStBitcoiner @vivoplt Thank you 💙

@vivoplt Add @MyDFIR

Best YouTube Channels To Learn in 2026 1. Cybersecurity – John Hammond 2. Artificial Intelligence – Andrej Karpathy 3. AI Research Breakdown – Yannic Kilcher 4. Web Development – The Net Ninja 5. Python Programming – Corey Schafer 6. DevOps – TechWorld with Nana 7. Cloud Computing – AWS re:Invent 8. Data Analytics – Luke Barousse 9. System Design – Gaurav Sen 10. Databases – Hussein Nasser 11. Low-Level Programming – The Cherno 12. Linux – Learn Linux TV 13. Networking – David Bombal 14. Math for ML – 3Blue1Brown

@IamTheCyberChef @bankrollsmitt Appreciate you 💙

@bankrollsmitt Check out @MyDFIR on YouTube

Let me know what your struggles are in your cybersecurity journey as a beginner. Let's find a solution together 💪🏼 Comment, like, and retweet 💯🙌

@Damm_cyber Thank you 💙

I remember when I got into cybersecurity and SOC; being part of Steven's community was one of the best things that happened to me. I learned a lot. I'll highly recommend his page and community to anyone looking to upgrade in SOC.

I kept getting messages from beginners saying they wanted to become SOC analysts but not sure where to start so I built a free community that’ll give them a good starting point called The MYDFIR SOC Community: Inside has 4 structured modules (fundamentals → portfolio projects) No paywall. No catch. skool.com/mydfi-communit…

ICYMI: Here is one of many walkthroughs from our monthly capture the flag events in the MYDFIR SOC Community. Learn how to investigate and build your own investigative methodology! WATCH: SOC Analyst Full Compromise Investigation | MYDFIR SOC Community lnkd.in/euxQaJms

@RussianPanda9xx 😭😭 might as well be at this point!!!

@MyDFIR OMG, do you live in North Pole???

I need a vacation in Mexico ASAP. I can’t stand this cold snowy shitweather

While building a lab for the community, I ran into something weird. Setup: Attacker PC: Windows 10 22H2 (UTC): 1) Created a timestomped LNK file (Year 2028) 2) Zipped it with password-protected 7-Zip Target PC: Windows 11 24H2 (PST) 1) Extracted the file 2) Examined the MFT - SI records 2028 && FN records 2026 (so far so good) 3) Shift + Right-Click LNK > Run as Administrator The weird part: After running it as Administrator, the FN timestamp, what use to be 2026 is now blank which if I am not mistaken would indicate it is the same time as SI. Has anyone else seen this behavior? Not sure if this is a known thing or something new with 24H2. Anyways, another reason to be sure to correlate with other artifacts! #DFIR

@Kostastsale Awesome job 👏

A lot of folks have been asking how we run our EDR testing and what the methodology looks like behind the scenes. I put together a full deep dive walking through our process, the tooling we use, and how we score everything based on direct telemetry. If you want the details, here you go. It’s all open and transparent. edr-telemetry.com/blog/A-Deep-Di…

@shortxstack @eric_capuano 🐐

i don't post much here these days, but this one feels worth sharing to the #DFIR community @eric_capuano has been working on this side project, almost at MVP 🌈 so if you work in forensics and want super timelines on macOS... THOON!

tango down! Night gang, be safe!

Got some scammers we need to fuckup gang!

@SquiblydooBlog @hairf0rce1 @Kostastsale @KC7cyber Such a great resource 😍

@hairf0rce1 @Kostastsale I love @KC7cyber for learning and practicing KQL. (kc7cyber.com)

𝗦𝘂𝗿𝗶𝗰𝗮𝘁𝗮 𝗶𝘀 𝗻𝗼𝘄 𝗽𝗮𝗿𝘁 𝗼𝗳 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻𝗦𝘁𝗿𝗲𝗮𝗺 𝘄𝗶𝘁𝗵 𝗽𝗹𝗮𝘆𝗴𝗿𝗼𝘂𝗻𝗱𝘀 𝗮𝗻𝗱 𝗰𝗵𝗮𝗹𝗹𝗲𝗻𝗴𝗲𝘀! Big update for anyone working on network detections. 𝗜𝗻𝗰𝗹𝘂𝗱𝗲𝗱: • 45k+ ET rules available out of the box • Full ET Open ruleset preloaded • Build and validate custom Suricata rules • Test rules directly in the browser with PCAP uploads that stay in your browser More updates with challenges coming soon! Check it out here: detectionstream.com/suricata Read the blog post about it here: kostas-ts.medium.com/detectionstrea…

@daycyberwox Was 2-3 but now 4-5

IR folks, what's the first thing you feel when you get paged? Adrenaline? Anxiety? Fear? Excitement? Indifference?

Received a fake sponsorship email back on Oct 4th. Here is a full video of my analysis! Perfect for aspiring SOC analysts. REAL SOC Analyst Investigation | Email Phishing | MYDFIR SOC Community youtu.be/gB7mPHGxFK8

@Ethical1974 I would join the community over on Skool. You get a lot more value and the community aspect is great!

@MyDFIR I graduated from college back in May 2025 - I received my BS in Cyber Security - I am very interested in your SOC course, my goal is to be a Blue Team member- With that being said, should I take the 3 month accelerated course? Or what do you recommend -

@EduokTyler @favoritetechgal @n8n_io Awesome! Keep up the good work, would love to see your finished workflow 🙌

@favoritetechgal Now building a SOC automation project, shoutout to @MyDFIR your tutorials are gold. 🙌🏾 I've built workflows and automated tasks on the Google workspace using Google AppScript, but @n8n_io is a discovery 👌🏾

Funny how I stumbled into AI workflows & automations as an IT Support/SOC Analyst 😂 A colleague made a funny request, and my boss said, “Try n8n” That single moment opened a whole new world for me 😂

@r3nzsec 🔥

🤌🏻

We officially wrapped up our first CTF inside the MYDFIR SOC Community and it honestly warms my heart to see how much growth has happened in such a short time. Watching members put in the work, dive deep into research, and push themselves to get better every single day is what fuels me to keep going and make sure they have everything they need to succeed. Here is one of our members first writeup! linkedin.com/posts/toukeeva…

Here is a 50 minute technical video going through how I would investigate a malware compromise. This is perfect for aspiring SOC Analysts who want to see my thought process, what questions I ask and how I craft up my KQL queries to understand what happened. REAL SOC Analyst Investigation | MALWARE DETECTED | MYDFIR SOC Community youtu.be/d0cv5yrO3Tc?si…

Everybody wants a roadmap to some Tech role but nobody is willing to put in the hardcore work needed to complete the roadmap.. When they ask, “Do you have a road map?” Most people mean.. “I’m too lazy.. please give me a perfectly crafted magically path, where I don’t have to do too much work to acquire the skills to land a Tech job.”