🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Dear DFIR colleagues, Always be wary of 404 error codes in web server log files. Some webshells intentionally send this error code to deceive you into thinking the request failed. shadowserver.org/news/technical…

Why is Linux safer than other OS? 😂

All the talks from the SANS DFIR DFIRSummit 2023 in Austin are now available on YouTube #DFIR youtube.com/watch?v=FJ5zlX…

Scholarships for the #WiCyS2024 technical conference are now open! Apply for reduced conference rate registration and two nights of complimentary shared lodging on April 11 and 12. Submission deadline: November 6, 2023. membercommunity.wicys.org/page/WiCyS2024… #WiCyS #CybersecurityConference

Grab a coffee and join us ZeroFox as we discuss the latest trends on current and emerging phishing tactics at 11 AM ET: get.zerofox.com/zerofox-approa…

I have a new blog post up detailing per app registry hives for analysis in #DFIR investigations related to MSIX Registry Redirection. These hives can contain additional information that may not be found in other locations. ZeroFox SANS DFIR zerofox.com/blog/the-regis…

#Kape targets created for the collection of per-app registry hives!

Join me tomorrow at 1PM ET as I discuss additional registry hives you can leverage in you investigations that may contain data not available elsewhere. #DFIR SANS DFIR sans.org/webcasts/regis…

Join me in about an hour to talk about additional registry hives for analysis!!! Who doesn't love registry hives?? SANS DFIR #DFIR ZeroFox

It's hard to believe, but we're coming up on our THIRD annual SANS Institute Ransomware Summit! Make sure to register early and get your calendars situated :). Come learn all you can to help protect your organization against #ransomware.

What artifacts might you be overlooking if a threat actor utilizes the Microsoft RDP app instead MSTSC? How about thumbnails and Jump Lists created in the %localappdata% folder? I have a new blog post up: zerofox.com/blog/remote-de… #DFIR SANS DFIR ZeroFox

Don't forget to submit to the Ransomware summit! 1 week left - Cant wait to read your CFP!

Finally headed home from Amsterdam to CactusCon and looking forward to giving my talk Saturday about Registry Redirection with MSIX!

There are so many questions surrounding the killing of UnitedHealthCare CEO Brian Thompson. I spoke with Law and Crime Networks's Jesse Weber today about how digital evidence can help uncover the truth. Cellebrite The 3D printer evidence could hold a lot of information on it.

📷 Want to learn more about conducting forensic investigations on Windows? I will be teaching SANS DFIR SANS FOR500: Windows Forensic Analysis in San Francisco end of next month! Day 2 is my fav where we dive into the registry. sans.org/cyber-security…

I'm excited to teach this #LLM #AI workshop during the summit on May 30! In #DFIR it's important to safeguard client or company data. Learn how you can still use AI, while keeping that data all local. Sign up now - it's free! :)

Communication is key! Join us next Tuesday as we discuss this in the context of a Ransomware event.

Thinking about taking the SANS DFIR 528 Ransomware course? I love teaching it—not only do we focus on ransomware, but also host-based forensics and analysis at scale. It's great for a wide range of investigations! Use code FOR528-SUMMIT for 30% off sans.org/cyber-security…

It's almost here!!! Join Ryan "Chaps" Chapman and me at the SANS Institute Ransomware Summit tomorrow. I will also be hosting an AI workshop over lunch. Learn how to install and use a local LLM. Register for the free conference and workshop here: sans.org/cyber-security…

The SANS DFIR #DFIRSummit has always been one of my favorite conferences to attend. This year, I'm excited and honored to be giving the keynote! Attend in person or attend online for free - sans.org/cyber-security…