🎉 Big news! Investigating macOS Endpoints is now live—plus our new *NIX Bundle and XPlat Bundle Complete (all 13Cubed courses in one package). Thanks for patiently waiting! Dive in now 👉 training.13cubed.com #DFIR #macOS #Linux

It is the year 2025. Microsoft is still using PowerShell scripts that run net commands to enumerate group membership. aka.ms/MSRD-Collect

🚨 New blog post!🚨 In Security Operations, we spend a lot of time asking and answering questions as we try to solve the mysteries placed before us. I've assembled a list of my top ten investigative questions and how to best go about answering them. isaacdunham.github.io/posts/top-inve…

🌟New report out today!🌟 Hide Your RDP: Password Spray Leads to RansomHub Deployment Analysis and reporting completed by [email protected], Aleks and UC2 🔊Audio: Available on Spotify, Apple, YouTube and more! thedfirreport.com/2025/06/30/hid…

We have some new logs again: DisruptionAndResponseEvents

So I'll be doing a thing, my first thing ever in fact, at DEATHCon later this year for those interested. If you liked the #100DaysOfKQL challenge and want to learn how to get started in KQL and Defender XDR/Sentinel, this workshop is for you!

Fake DBeaver signed by "LLC Vtorsintez" 🇷🇺 MD5: 4fa9f678df14a33e2e5480d63604f811 (Too big for MalwareBazaar) https://tria[.]ge/250711-n4tsnst1fs/behavioral1 Anti-analysis: wmic memorychip get Capacity -> exits h/t Who said what? JAMESWT

If I ever go back to Corporate InfoSec, the first thing I implement is an automation that disable accounts that signs-in from an anonymizer (read: VPN) IP address from a non-compliant device. Call IT, prove your identity and submit written explanation as to what happened. FFS.

DFIR resource worth book marking, the cheat sheets from 13Cubed are a resource I constantly go back to, covering event logs, registry, browser artifacts and more. My favourite is definitely the RDP cheat sheet, which I have downloaded roughly 3500 times in the last few

Good news, the intermediate malware analysis course is almost finished. I have currently a test student working through the course to get rid of mistakes that I do not notice.

🦔 📹 New Video: There is more than Clean and Malicious ➡️ 7 file analysis verdicts and what they mean #MalwareAnalysisForHedgehogs #Verdicts youtube.com/watch?v=XwT23X…

🔍New Blog: JustAskJacky -- AI brings back classical trojan horse malware 🔗gdatasoftware.com/blog/2025/08/3… #GDATA G DATA Global #GDATATechblog

The "Malware Analysis – Intermediate Level" training by Karsten Hahn is 60% off right now Knowing the quality of his other content, I’d say this one’s definitely worth checking out …nalysis-for-hedgehogs.learnworlds.com/course/interme…

My intermediate level malware analysis course is there. 60% off for the next two weeks. …nalysis-for-hedgehogs.learnworlds.com/course/interme…

And yet we can't even get users to read an email from IT

We found a way to access Max Verstappen's passport, driver's license, and personal information. Along with every other Formula1.com driver's sensitive data. It took us 10 minutes using one simple security flaw 🧵

New research shows Credential Guard can still leak creds By abusing Remote Credential Guard, attackers can request NTLMv1 challenge responses and recover NT hashes - even on fully patched Windows 11 with VBS and PPL - Microsoft confirmed and marked it “won’t fix.” - PoC called

I wrote a blog post about dealing with "The Modern Phish" - an email from a legitimate email address, passing all SPF/DKIM/DMARC checks, returning no results from URL scanners, and generally originating from a compromised business email address. isaacdunham.github.io/posts/the-mode…

Risk-based alerting (only surfacing alerts that *truly* pose a risk to your organization) is all the rage in detection engineering. I threw together a guide to quickly getting started with RBA in Microsoft Sentinel. isaacdunham.github.io/posts/risk-bas… #DetectionEngineering #SIEM #Sentinel

COMMANDER: We’re fighting for freedom. And part of that freedom… is the freedom to retire with dignity. So we’re going to start accounts called 401(k)s. SOLDIER 1: What’s a 401(k)? COMMANDER: It’s a retirement account. You put money in, it grows tax-free, you take it out when