Recovering a Linux backdoor that is still running but was deleted off disk:   • Check the /𝗽𝗿𝗼𝗰/𝗣𝗜𝗗 directory for the running process   • If 𝐫𝐞𝐜𝐨𝐯𝐞𝐫𝐞𝐝_𝐞𝐱𝐞 is in it, thats the reconstructed executable. #linux #forensics #dfir

On 𝗔𝘂𝗴 𝟭𝟯 𝟭𝟮 𝗣𝗠 𝗘𝗦𝗧, I am presenting on MS Quick Assist and how we're seeing it used in attacks. More importantly, how to perform investigations and forensics on MSQA attacks. Register here: https://t.co/JDObtGHBDy #DFIR #forensics

A friend of mine - @OpenHeartGames - is running a D&D game all day for Extra Life. Drop by their stream and donate to a good cause! https://t.co/JzroIhmkSb #dnd #rpg

Chevron’s ApEX combines AI with decades of expertise to accelerate smarter, confident exploration – and help transform how our oil and gas is discovered.

Analyzing a MS Quick Assist compromise is not easy, but my blog on Quick Assist forensics should help: https://t.co/g20uHe96xJ #dfir #forensics #incidentresponse

Today marks the official launch of the Inversion6 Incident Response (IR) team, and I couldn't be more excited! Ready to tackle challenges, protect, and respond like never before. Let’s go! #IncidentResponse #CyberSecurity #DFIR https://t.co/QepG89tn0G

In light of the Okta news, here are some statistics on 52+ character usernames (or UPNs in Azure) I've enumerated in Azure, to give an idea of what makes a long UPN and how common they are. Out of 53 million UPNs I've collected, only 1438 individual UPNs are 52 characters+

Alaska embodies the edge: vast, remote, and unforgiving. It demands technology that works where others can't. @AlaskaDOTPF's drone program reduced their critical decision-making window from 28+ hours to real time. Watch how they're reimagining what's possible with Armada at the

Just in time for Oct31, we're thrilled to release our most anticipated scenario of the year -- Kevin Ross' lost classic "The House on the Promontory". Written back in the 1980s but unpublished until ... this all-hallows-eve. #OldSchoolLovecraftianRPG. https://t.co/FfzSLM2oD6

This is my night

For those new to #DFIR, what skills do you feel you are missing? Working on a new training project, and looking for topics that would appeal to those new to the industry.

Our recent flurry of new scenario releases has prompted a few folks to ask us just how many Cthulhu Eternal scenarios now exist. The pics below show the cover of all the ones *we've* released. More info on each at https://t.co/h0rXCSZLR3 All available at https://t.co/Em5dwdfAZw

Just in time for the 134th Birthday of the 'old gent' from Providence, we've released another all-new Cthulhu Eternal scenario in PDF. "Fathoms Below" features a 1960s Cold War expedition to find lost Atlantis, & a homage to a certain tale about a temple. https://t.co/15VX9N05gY

Can anyone recommend a good copy/scan color printer? Ours sucks (Epson). Bonus points if I don't have to buy a subscription to print.

The Anduril Gear Store is back tomorrow. Before the doors open, we're auctioning a 1-of-1 @PalmerLuckey signed Anduril @ModRetro Chromatic & Legendary Relic capsule. All proceeds from the Gear Store & Auction will benefit @StackUpDotOrg: a military charity supporting veterans

So....anyone fuzzing all the config update files from other EDR vendors to see who else can be crashed?

Very excited to have received these today from @chillcryptworld! #ttrpg

I recommend reading this thread as it gives some great insight and stories into incidents. #DFIR Also, the current top comment on there is freaking incredible! https://t.co/Rw8FEj0VZ1

Hot take. Am I wrong on this?

Discover FTMO Premium Programme and join the top performers.

I can't number apparently. 7 should be 6. :)

Also, there are MANY ways one can grab data without leaving a trace. Taking a photo with their phone, for example. Many more avenues can be explored too, depending on where data was stored (e.g. M365, Salesforce, ❄️)

Note that inference may have to occur. For example, its unlikely to find direct evidence of copying data to a USB. Instead, you may see the access to a filename of leaked data on a USB drive letter.

7. Try and correlate timeframes around when files/data of interest was accessed and potential exfiltration.

Imaginary Ones is bubbling 🫧 $BUBBLE is now live on OpenSea. Find the custom token page below.