Overheard in the grocery store last night:
"Why is beefstew not a good password?"
Me, in my head: "That's terrible. No random numbers, letters, symbols.. actually random phrases..."
Them: "It's not stroganoff"
Check out this cool new open-source Dark Web Monitoring AI Agent platform by AI Anytime - it looks like it will work with a local LLM too. I know what my next weekend project is going to be :) #AI #LocalLLMs #DFIR
www.youtube.com/watch?v=9e24...
I'm a big believer in local LLMs for DFIRβprivacy & security matter. In my keynote, "How to DFIR AI-ze Your Workflow," I demo how to use local LLMs with FOSS tools + share common pitfalls. π₯ youtu.be/eG2wHGIPCaQ?... #DFIR #FOSS @sansinstitute.bsky.social
Check out this excellent blog post by Ryan Chapman from last month's Stay Ahead of Ransomware live stream. I was bummed I missed this one, but Ryan's recap is great. #DFIR
www.sans.org/blog/shaking...
The SANS #DFIR Summit has always been one of my favorite conferences to attend. This year, I'm excited and honored to be giving the keynote! Attend in person or attend online for free! www.sans.org/cyber-securi...
The SANS Institute #DFIR Summit has always been one of my favorite conferences to attend. This year, I'm excited and honored to be giving the keynote! Attend in person or attend online for free - www.sans.org/cyber-securi...
It's almost here!!! Join Ryan Chapman and me at the SANS Ransomware Summit tomorrow. I will also be hosting an AI workshop over lunch. Learn how to install and use a local LLM. Register for the free conference and workshop here: www.sans.org/cyber-securi...
Thinking about taking the SANS 528 Ransomware course? I love teaching itβnot only do we focus on ransomware, but also host-based forensics and analysis at scale. It's great for a wide range of investigations!
Use code FOR528-SUMMIT for 30% off
www.sans.org/cyber-securi...
π¨ New blog: BlackBastaβs leaks show how ransomware crews still exploit hybrid environments while Scattered Spider leans fully into cloud.
Two actors, two strategies. What it means for IR, cloud defense, and ransomware readiness.
π invictus-ir.com/news/cloud-h...
#DFIR #CloudSecurity #CTI
Join me, Ryan Chapman and guest @ransomwaresommelier.com today at 10AM PT/ 1PM ET as we talk about the state of Ransomware payments. www.linkedin.com/events/73031...
Anthropic explores the advancements and implications of frontier AI.''s dual-use capabilities in cybersecurity and biology. Learn more about their strategies to navigate emerging risks: https://www.anthropic.com/news/strategic-warning-for-ai-risk-progress-and-insights-from-our-frontier-red-team
βYour face looks like a museum.β
For all my geology + ocean peeps π§ͺπͺ¨π
Like usual, the airport charging station is not working. I found a working plug in a pillar and all these strangers are plugged into my charging hub instead π #JustTravelThings
Should you pursue the leadership track or thrive as an individual contributor in cybersecurity? Join us for a panel discussion on February 13 with top security leaders as they share insights on making this career-defining choice. Register now: us06web.zoom.us/meeting/regi...
This is really cool and runs 100% locally - a silent speech recognition tool that reads your lips in real time and types whatever you mouth. The power of local LLMs is amazing. Open source too! - github.com/amanvirparha... #AI.
I asked Deepseek-r1 14B to tell me a good digital forensics joke. Watching the thought process is so cute and entertaining... #DFIR #AI
I'm honored to be hosting the SANS Institute Ransomware Summit in May with Ryan Chapman. 5 days left to submit a talk - we want to hear from you! www.sans.org/mlp/ransomwa...
WinSCP and Rclone are used by this TA (and others) to exfiltrate data... check out my presentation on WinSCP artifacts to help locate relevant evidence : www.youtube.com/watch?v=sCqy...
This is one of my favorite #DFIR #INFOSEC conferences to attend. They have workshops for kids that I want to attend! Kids and students are free, and just $25 to attend. Well worth the price.
One of my favorite tools for BEC cases just had a nice update! If you are working BEC cases, make sure and check it out
www.invictus-ir.com/news/the-mic...
I made a windows #DFIR artifacts collection MindMap, it's tough to fit everything into a readable overview (might change later)
Time for a decaf latte and a wrap up from last week's forensic goodies!
For those looking to practice a realistic #DFIR scenario, here is a free case for you to investigate.
Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File
Link: bluecapesecurity.com/courses/elev...
Found my first #cruisingducks during my Christmas π cruise this year. Should I rehide it, or keep it???
This is so important. Even if it's just a comment on a blog, something new you've seen with an update, find a way to share it with the community.
Want to learn more about conducting forensic investigations on Windows? I will be teaching SANS FOR500: Windows Forensic Analysis in San Francisco end of next month! Day 2 is my fav where we dive into the registry! www.sans.org/cyber-securi...
Black Basta Ransomware Uses MS Teams, Email Bombing to Spread Malware
Releasing a new #DFIR tool today! Swap Recon performs brute-force decompression of Windows 10 & 11 swap. Swap Recon was built when we couldn't find existing tools or techniques to decompress modern Windows swap properly in one of our highest-stakes cases. arsenalrecon.com
New cyber humble bundle out!
#DFIR #cyber #infosec #security
www.humblebundle.com/books/hackin...
