Want to see a little bit of the magic behind our Threat Hunting & Incident Response w/Velociraptor course? Check out our Antisyphon webcast!

https://www.youtube.com/live/MqQ-IJ6CWJo?si=dYnYbBU9ml11wJdX

Now available OnDemand 🤓🦖🔥 https://ddi.sh/thvr

ATTN NERDS:

We'll be at Black Hat USA again this year!

Registration is now open for our Advanced Security Operations and Threat Hunting course 🤓🔥💙

Join @eric_capuano, @bromiley, and @shortstack for our 4-day training:

https://www.blackhat.com/us-25/training/schedule/index.html#advanced-security-operations-and-threat-hunting-43760

Ok fam, real talk. I delayed checking out Bluesky because it just felt like another Mastodon experiment and I don’t need yet another social network.

However… after having now tried it, I must admit, it checks all the boxes and then some.

Feels like the best parts of Twitter (pre-Musk) with the best parts of Mastodon (decentralized, etc)

It’s polished, clean, and highly functional. I think it has really great potential and I’m betting on it winning the X-odus.

I like Mastodon, and X can DIAF, but I simply cannot keep up with multiple networks. There’s a strong chance you’ll see less of me here and more on Bsky. Nothing but love for my tooters 💙

I hope you’ll follow me on Bsky -> https://bsky.app/profile/eric.zip

On Monday February 3 to Thursday February 6, 2025 we'll be facilitating our Advanced Detection Engineering training in the beautiful Brisbane.
Come join us!

Hosting and registration kindly facilitated by Division5 and TAFE.

https://division5.io/ADEitE2025.html

To all the vets in the place 🫡

Registration is now open for our Advanced Security Operations and Threat Hunting (ASOTH) course at Black Hat Asia! 🤓

Come hang out with @eric_capuano, @bromiley, and @shortstack in Singapore in April!

https://www.blackhat.com/asia-25/training/schedule/index.html#advanced-security-operations-and-threat-hunting--42887

i love you and all of our adventures, @eric_capuano 🤍⛰️🍂🍃☀️

MemProcFS now supports console text recovery!

Recover text from Cmd and Powershell to Find Evil with MemProcFS super fast memory forensics!

https://github.com/ufrisk/MemProcFS

@winterknight1337 @shortstack love that “new beacon” smell

Defenders, watch out for your CISOs this season... Vendors are sneaking LLM API integrations into the candy.

New blog post!

Atomic & Stateful Detection Rules https://open.substack.com/pub/ecapuano/p/atomic-and-stateful-detection-rules?r=x60jj&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true #infosec

Finally got around to properly spinning up @eric_capuano’s “So You Want to Be a SOC Analyst” Lab
I have been procrastinating and having false starts for a year. I am hyper self-aware on this, and I’ll work on it (Maybe next year)
Part of the delay was setting up a dedicated work space for a home lab. Mitigated that a couple weekends ago.
First up is the hardware - Reusing what used to be the family desktop. An Asus prebuilt circa 2016-ish.
Intel i-5 6400 @ 2.7Ghz
500GB ssd
1 TB HDD
Nvidia 1060
30 dollar Sceptre monitor

Wrapped up day 2 of THVR @velocidex 😎

Every time, @eric_capuano makes this stuff look like a breeze

Fun side effects of running our @velocidex trainings - they almost always result in our team contributing back to Velociraptor 🔥🦖💙 PRs incoming!

First day of Threat Hunting & Incident Response with Velociraptor at Wild West Hackin’ Fest was a success!

Tomorrow our students go toe-to-toe with a live adversary 🚀

@shortstack classic 🤣

Don’t buy from Stickermule, folks. https://defcon.social/@pinguino/113252742084835803

@http_error_418 my kids district recently sent notifications out about someone sending terroristic threats to students of the district via snap. So there’s that.

“Phone calls are dead”, a short story

Like many of you, I automatically send unknown numbers straight to voicemail because robo spam is out of control. This only occasionally backfires as it did recently when my Dermatologist calls to provide lab results.

So I get the callback number from the voicemail and try returning their call. It is then I get to deal with the endless phone tree of doom where it is actually impossible to connect to a human, no doubt deliberately implemented to reduce call volume.

So we’re now at a stalemate with regards to making or receiving calls with anyone not already in our contacts. 🫠

TIL it's ridiculously easy to make @signalapp sticker packs 🥹🌈💕

how fun is that!!!

https://signal.art/addstickers/#pack_id=14f44447797d6e63fd960e90099eb578&pack_key=d60b96c63b780a7ff0e3dc98a14b97910cd7fd70a7767932816f3a01acff1fad

Join us today for Defender Fridays, featuring @mrjonbagg, Founder and CEO of Salem Cyber.

Jon will discuss the SOC’s evolution, highlighting the impact of EDR, automation, and changes in managed services.

Register now: https://lc.pub/4gEPY2R

#cybersecurity #infosec