For those that scale during IR (MSSPs that work different environments) how do you do this? What do you find is most efficient and useful? I heard good things about velociraptor? Do you utilize EDR instead? For example, deploy EDR agents out during an investigation?

Calling #cyberdefenders! We are celebrating 55000 LinkedIn followers with a giveaway worth $16,000🎉! As a token of appreciation, we want to give back to the #blueteam community by giving away 21 #CertifiedCyberDefender vouchers, 7 for each - Discord, Twitter, and LinkedIn.

Stay tuned for my next post 👀 TheDFIRSpot.com I’ll talk about why you need Sysmon and how you can turn your visibility at scale in your network up to 11 for free. sysmon is nothing new, so then why aren’t we implementing it?! Let’s get to the point. #dfir #forensics

CISA warns of critical Citrix ShareFile flaw exploited in the wild - Lawrence Abrams bleepingcomputer.com/news/security/…

File sharing site Anonfiles shuts down due to overwhelming abuse - Lawrence Abrams bleepingcomputer.com/news/security/…

New blog post is up! Check it out! Straight and to the point of Sysmon and how it’s useful for incident response. #dfir #forensics #incidentresponse #ir #sysmon #microsoft #cyber #cybersecurity thedfirspot.com/post/sysmon-wh…

Anyone have any recommendation on a good technique or client to view both EML and MSG files? For example, a user provided the above file type, and you want to view what the email looks like, attachments, and header information. Outlook is difficult to setup without an account.

For any of us who aren’t Cisco IOS experts, regarding the Cisco IOS XE exploits (CVE-2023-20273 and CVE-2023-20198), what “logs” are you checking to look for suspicious commands being run? Cisco Talos Intelligence Group had a great write up, but I’m wondering what “logs” are reviewed.

My MacBook and VMware users. I seem to be having a hard time finding VMs for analysis that support ARM. So far, remnux doesn’t support it and Ubuntu. Anyone have any recommendations? I’d like to build a Linux VM similar to Remnux and maybe one close to Ubuntu

Stole a goons lunch money today. When I said I wanted to just see Jayson E. Street 💙 🤗💛 today, I didn’t know that was going to turn into a conversation and him giving me this sweet chip! Great meeting you! You made this first defcon experience even better!