☠️TIL If you don't instruct GitHub to keep your email private, anyone can find it by cloning a repository you commit to and running `git shortlog` with the `-e` option. You can clean up the results using these options: `git shortlog -sne`. To learn how to keep your email

📢 𝗜’𝗺 𝗮𝗻𝗻𝗼𝘂𝗻𝗰𝗶𝗻𝗴 𝗧𝗵𝗿𝗲𝗮𝘁 𝗛𝘂𝗻𝘁𝗶𝗻𝗴 𝗟𝗮𝗯𝘀, 𝗹𝗮𝘂𝗻𝗰𝗵𝗶𝗻𝗴 𝗻𝗲𝘅𝘁 𝘆𝗲𝗮𝗿! After building threat hunting teams for large MSSPs, creating DFIR Labs for TheDFIRReport, and sharing years of free threat hunting material, I want to bring everything

⚡The team killed it on this end of the year release of ESCU 5.19! I'm so grateful to work with such talented and passionate people. @nas_bench, @raven_tait, @bareiss_patrick, @hackpsy, @rodsoto, @tccontre18, Lou Stella Release: https://t.co/smqTLl7Dfx Key highlights: 🐚

Happy Thanksgiving! 🦃 Immensely grateful for the incredible team I get to work with every day—legends like @M_haggis, @nas_bench, and @_josehelps. Genuinely good humans who make work enjoyable. ❤️

[New Blog 📚] The Ghost in the Logs: DFIR Through a Palimpsest Lens In this latest blog, I try to link the literary and historical concept "palimpsest" into the DFIR world. “Forensic echoes” linger for those who are quite enough to listen. Read More - https://t.co/yDyl8AgSxo

🔥 I've been talking about IIS modules for a while now 🗣️ The Splunk Threat Research Team just released our blog around CVE-2025-53770 SharePoint attacks and how some adversaries are using IIS modules for persistence 💀 🎯 Ways to hunt and gather these sneaky DLLs 🔍 Detection

🚀 Happy to share my latest blog on @splunk: "Unlocking Endpoint Network Security Insights with Cisco Network Visibility Module (NVM) and Splunk" 🔗 Check it out here - https://t.co/q0wbQGHcb0 In this post, I walk through how Cisco Network Visibility Module (NVM) works, the

Spicy!🌶️ “•T1505.004 Server Software Component: IIS Components | IIS worker process is loaded suspicious .NET assembly “ Good times. These are tricky to track, if you’ve never hunted modules, no better time than today. https://t.co/iMk1v8B4Y3

Hackers are using legit Windows drivers. No malware. No alerts. Just trust, misused. LOLDrivers are a growing threat few are watching. This slide deck shows how the attack works and why it matters. 📷 https://t.co/40E5JBsjpO #Cybersecurity #LOTL #InvestInSecurity #MagicSword

🚨 New drop for the defenders: The ClickGrab Interactive Analyzer is live. 🧠🔍 If you’re staring down FakeCAPTCHA chains, shady redirects, or weird JS doing clipboard voodoo — this tool’s for you. 🧪 Paste a URL → get: • HTML inspection • IOC extraction • Clipboard

Introducing 🚀Eventlog Compendium 🚀 A new Streamlit app, that aims to be the go-to resource for understanding and playing with Windows Event Logs. Explore it 👉 https://t.co/wKrWWyOZLm Includes the following utilities and docs ⚙️ Build your own Advanced Audit Policy based on

📺ClickGrab Streamlit App 👨‍🏫 So anyway, nobody asked, but I figured a GUI would be really nice for this project. Next week! Be sure to ⭐️ and Follow - https://t.co/XCwg38harh Lot's more planned!

🔥🔥 Introducing ClickGrab 🔥🔥 🛡️ The Ultimate Tool for Analyzing ClickFix and FakeCAPTCHA! 🛡️ Check it out! 👉 https://t.co/XCwg38harh Click Through Live 📺: https://t.co/uNlJwvhMrh Why ClickGrab is Important for Defenders and Researchers?! 🚀 ClickGrab is an EPIC new tool

A recent @proofpoint blog by Selena Larson and team highlights a important trend: threat actors are increasingly using legitimate Remote Monitoring and Management (RMM) tools as first-stage payloads in email campaigns https://t.co/UB5CNbgiJR. The team did a excellent job on the

Infected by @bquintero is a fantastic book! I love how he ends each chapter with lessons learned. Highly recommend this book for anyone interested in cyber security and entrepreneurship. Fun coincidence — right after I finished the book I found out my sister-in-law is taking a

WELL, WELL, WELL... LOOK WHAT WE HAVE HERE! Sooooo... there's a lot more going on here than meets the eye. 👀 📢 Adding this to LOLRMM. Quick googles, 🔍 Here's what I found: 🔗 https://t.co/LGfbkHnTRF and 🔗 https://t.co/LnmbYT673o 👀 Some fun little surprises baked in: 🛠

🚨 JUST DROPPED: Prefetch_Hunter 🔥🔎 I'm thrilled to share the latest addition to my PowerShell Hunter toolkit: Prefetch_Hunter! 🚀 💡 Windows Prefetch files contain execution history of every program run on a system - a forensic goldmine! Prefetch_Hunter extracts, analyzes,

🎉 📢 New Forensic Tool Release: UserAssist_Hunt 🎉 I'm excited to share my latest PowerShell forensics tool: UserAssist_Hunt! 🚀 The Windows UserAssist registry keys are a goldmine of forensic evidence, tracking which applications users have executed. However, Microsoft

🚀 Excited to release SequelEyes - Your SQL Server Security Testing Toolkit! 🛡️ A defender's Swiss Army knife for SQL Server security testing and validation. The original projects were in my /notes repo, but now have grown complex enough for their own project! ✅

The new documentation for contentctl https://t.co/p79SMrUG0L by Lou Stella is awesome. It now includes a straightforward guide for beginners, along with templates to streamline the testing and validation of Splunk content using GitHub Actions. If you haven't explored this