Hunting Linux threats in sunny San Diego? π΄π Iβm running #FOR577 LINUX Incident Response & Threat Hunting at #SANSSecWest 2026 in May with β hands-on labs, real-world IR, and threat hunting to level up your Linux DFIR game on the worldβs favorite server OS. www.sans.org/cyber-securi...
This came today #donorforlife
2 more days to get the early-bird discount for one of my all-time favorite conferences, #SANS #DFIRCON in Miami in Nov. There are a bunch of hands-on workshops on Sun, 16 Nov, lots of evening events during the week #FOR577 my last in 2025. Reg here: www.sans.org/cyber-securi...
Linux touches every part of our networks. Our routers, switches, and firewalls likely run some flavor of Linux or Unix. Join me in London in July for the newly updated #SANS #FOR577 where we'll learn how to investigate attacks on Linux systems. www.sans.org/cyber-securi...
ISC Logo
Tool update: sigs.py - added check mode https://isc.sans.edu/diary/31706
image of sans internet stormcenter logo with stormcast flair
SANS Stormcast Monday Feb 24th: sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns;
https://isc.sans.edu/podcastdetail/9336
ISC Logo
Unfurl v2025.02 released https://isc.sans.edu/diary/31716
Join me in one of my favorite places for the updated FOR577. Now, with more BTRFS, more rootkits, and more Linux attacks. #FOR577 #SANSSecWest
ISC Logo
New tool: immutable.py https://isc.sans.edu/diary/31598
I just posted a Handler's Diary, I've released a python script to find Linux files with the immutable bit set. #FOR577 @sansisc.bsky.social #SANSDFIR isc.sans.edu/diary/New+to...
Is that even a question? Of course, he does
And Google.
#DigitalForensics #MobileForensics #DFIR #Code
if you have a @github.com profile, can i ask you to update it with your @bsky.app handle? π
π it enables some very cool integrations, like auto curated feeds and starter packs for contributors and tech
Congrats to Tyler and Zachary for an outstanding job in the day 6 challenge
Since I'm trying out #Bluesky, I figured I should add in support for it in Unfurl!
The v2024.11.20 release has some minor updates, but the biggest feature is the ability to parse a timestamp from Bluesky post IDs (or atproto TIDs).
Example: dfir.blog/unfurl/?url=...
Give it a try at unfurl.link!
Awesome research ! - The Nearest Neighbor Attack: How A Russian #APT Weaponized Nearby Wi-Fi Networks for Covert Access - @volexity.com - www.volexity.com/blog/2024/11... #cyberespionage
Time to find the newest Lethal Forensicators #SANS #FOR610
Daughter tells me she heard today that if you wear a band T-shirt (especially as a young woman) and a man says to you βname five of their songsβ, the correct response is βname five women who trust youβ, so I pass this on in case any of you need it
So, I was considering the cost of #12DaysOfChrostmas gifts from #truelove and was wondering do I need to include 12 pear trees or can she just use the 2 we already have?
Join me for one of the last opportunities to take #SANS #FOR610 this year in virtual Phoenix/Tempe. #malware #malwareanalysis www.sans.org/cyber-securi...
Another great class and 2 more brand new lethal forensicators! Congratulations Takuya and Ryo! #SANS #FOR610 #malware
I dropped a quick little tool today after some discussion on class today of the /proc filesystem and network connections #dfir #for577 isc.sans.edu/diary/New%20...
Interested in learning #malware analysis Down Under? Join me as we bring SANS #FOR610 back to Syney in September
And here they are, congrats cow, Howard, and TerryTubby
Time to crown some new REM Masters in Singapore. Who will they be?
