DFIR Profile
DFIR

@Shit_IR_ppl_Say

Followers
1K
Following
2
Media
6
Statuses
147

If we didn't say it, we were thinking it.

Joined February 2015
Don't wanna be here? Send us removal request.
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
8 years
SOC: We're protected from threats. We have solutions with AI, ML, and Neural Networks. The day after deployment:.
0
2
5
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
8 years
.@grumpy4n6 If you think that isn't funny, try looking down and *NOT* seeing a write blocker. :).
0
0
2
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
8 years
That moment when imaging with dd and you forget that /dev/sdc was the source and /dev/sde was the destination. #DFIR
7
31
68
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
8 years
When IR, SOC, and DevOps are scrambling to put out fires, don't forget to deploy effective and repeated HugOps. #DFIR
0
3
8
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
8 years
When you accidentally run a malware sample on your corporate system. #DFIR #Malware
10
240
367
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
SOC: Ain't nobody got time for that.
@electricfork
ben miller
@electricfork
9 years
GRIZZLY STEPPE hash detections on Virustotal. This is why you do root cause and IR on what looks like generic malware.
Tweet media one
0
4
6
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
SOC: Wow! How did we even prevent that attack?.IR: Security through derpity. Your intern's update script broke, overprotected the folders.
0
7
6
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
CISO: The ransomware is getting out of control! Quick, deploy some sort of AV!
1
11
25
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
SOC: "One of our new dashboards is just a live Twitter feed. wait, is that you? talking about us!?".IR: ". no. That's a scheduled tweet.".
0
3
9
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
RT @TunnelsUp: CISO: We need to take down the infected webserver. CIO: LOL No. Uptime is more important. Go away.
Tweet media one
0
6
0
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
When the CISO wants to go straight into remediation after a 16-hour day of analysis.
0
19
21
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
Client: This is great analysis, it looks like a lot of effort. But you don't need to spend 20 hours on malware!.IR: . that took 20 minutes.
0
2
3
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
"We block all attachments. We call this a `Click-Free Zone`. Haha! I made that up myself.". IR: You must be the CISO. Happy to meet you.
0
2
8
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
SOC: You didn't find anything? Our vendor's product said. !.IR: You expect a product to do your job. That is why you fail. Get to work.
0
9
9
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
Hash-image-hash.Check your sum before you wreck your sum. #DFIR.
0
8
3
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
Been there. Done that. Filled our virtual passports within a single conference room.
0
0
2
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
RT @SynAckPwn: @Shit_IR_ppl_Say @GlytchTech .IR: pcanywhere?.CISO: That's part of our COOP plan.
0
2
0
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
IR: We see TeamViewer.CISO: That's help desk.IR: PSExec?.CISO: IT.IR: Dameware?!.CISO: Engineering.IR: RDP from a DC.CISO: yeah. that's Tom.
3
104
146
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
IR: We prefer to work remotely. It'll save travel costs and give instant analysis. <and you'll lose all respect for us when in same room>.
0
6
13
@Shit_IR_ppl_Say
DFIR
@Shit_IR_ppl_Say
9 years
CISO: Dr Appt? My team is working nights, weekends. I expect same from you. IR: Maybe that's why half your SOC quit & you missed the attacks.
1
11
13