If you've had this problem (see pic), NTFS Journal REWIND solves it! . New blog post + code. No more unknown paths.
cybercx.com.au/blog/ntfs-usnj…
#NTFS #DFIR

Microsoft Graph Activity Logs are out of public preview and now generally available. These have quickly become one of my favourite log sources for both detections and investigations, some guidance and example hunting queries here - techcommunity.microsoft.com/t5/microsoft-e…

Si haces #DFIR en #O365 , tienes que leer esto: invictus-ir.com/news/what-dfir… ! Altamente bien documentado y actualizado!

Pensamiento polémico del día: no se busca tan bien como en un SIEM, pero en un Linux con syslog y 4 discos SATA de 4Tb en RAID5 te caben MUCHOS logs (más todavía si los comprimes, el texto se reduce a un 10%). Y los puedes buscar con zfgrep... y los #DFIR te querremos mucho!! 😉

Lina has been kickin' ass with her DFIR blog posts for a long time... So definitely my team WILL play these labs and ENJOY them (I hope so UwU) 🥳

Microsoft Entra ID Token Protection is a security feature within Microsoft Entra's Conditional Access that aims to mitigate token theft by ensuring that a token can only be used from the device it was issued to. This is achieved through a process called token binding, which…

Las Jornadas #STICPANAMÁ arrancan mañana, 10 de abril, con récord histórico de inscripciones 🇵🇦
🌐 Más información jornadas.ccn-cert.cni.es/es/ivjornada-p…

Si quieres conseguir un curro en #DFIR , aquí tienes una idea de lo que te pueden preguntar en una entrevista. |!Muy muy muy útil!

Este viernes 12 de 17 a 19h estaré en el Ada Byron de Universidad Zaragoza (Aula A12) dando un taller de Cyberchef ¿Te vienes a 'cocinar' malware, logs y otras deliciosas recetas de #ciberseguridad ?

Mañana 10:30🇵🇦 / 17:30 🇪🇸, participaré en las IV Jornadas STIC & Congreso /RootedCON Capítulo Panamá
#STICPANAMÁ para hablar de #ransomware 👇👇👇

Check out my new project Microsoft-Analyzer-Suite (Community Edition). A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID extracted by Microsoft-Extractor-Suite. Invictus Incident Response #M365 #BEC #DFIR
github.com/evild3ad/Micro…

L’ #ANSSI vient de publier un guide formidable sur la sécurisation de l’administration de l’ #activedirectory portant notamment sur le tiering. Un must-read. Bravo pour ce boulot 👏

cyber.gouv.fr/sites/default/…

The clock started on the book launch! If the order page is up, then there are books left :)

Order on Amazon or via this book launch at half price including shipping/handling at:
suspectbehindthekeyboard.com/pl/2148302359 #DFIR #infosec #digitalforensics

Placing the Suspect Behind the Keyboard: DFIR Investigative Mindset by Brett Shavers 🙄 is now available on Amazon!

UPDATE: Brett will adding a deal soon so wait a day before purchasing

I had the opportunity to be a beta reader for this book and I highly recommend it to both…

I 💙 xlsxgrep. Here, I'm searching for Bitcoin addresses in a bunch of Excel files:

xlsxgrep -i -P ^(bc1|[13])[a-zA-HJ-NP-Z0-9]{25,39}$ *

'xlsxgrep is a CLI tool to search text in XLSX, XLS, CSV, TSV and ODS files. It works similarly to Unix/GNU Linux grep.' [1]

Go and get it:…

Recordad todos q desde las 0200am en España estamos en UTC+2... 😜 #DFIR