Really excited about this one ⚡️ This post dives deep into Aurora - Nextron’s free ETW-based detection agent - and shows how it can help detection engineers, IR teams, and monitoring specialists explore and understand what’s actually observable via ETW 🔎🌊 - Free (Aurora Lite)

"Why would I use THOR during IR?" "Why scan backups before restore?" "Why run periodic compromise assessments?" We usually say: because we find what others miss. And then they say: like what? Well … here’s the answer 👇

Shadow IT/Shadow SaaS is a bigger threat than _most_ of the critical and high vulnerabilities the average vuln report spits out…

Starting in 30 minutes! - The world's top cyber minds gather at the SANS #EmergingThreatsSummit 2025 to reveal: - How quantum computing will break today's encryption - How AI is weaponizing cyberattacks - How to defend critical infrastructure in a hyperconnected world and

A tale of two (large) purchases and cybersecurity Let’s take the case of purchasing a new expensive software-controlled piece of equipment that supports business operations like MRI Machines, heavy manufacturing equipment, ATM Machines, etc. a short 🧵

30 percent of some Microsoft code now written by AI - especially the new stuff

AWS creates EC2 instance types tailored for demanding on-prem workloads

BTW Windows Subsystem for Linux officially uses Arch now

I vibe coded a bunch of stuff to help CISOs/SOC managers/SOC analysts/Responders etc. https://t.co/6g2qHRM2qA

Everyone wants to spend $100k for EDR but no one wants to take away local admin rights from Suzie in accounting…

Investigation Scenario 🔎 The process explorer.exe spawned rundll32.exe on a system on your network. What do you look for to investigate whether an incident occurred? Assume you have access to whatever digital evidence source you need. #InvestigationPath #DFIR #SOC

I've got another idea....

📄 How to Read a Security Policy Like a Pro (and Spot the Gaps That Matter) Reviewing a security policy? Don’t just skim for buzzwords. Here’s how pros audit policies for clarity, coverage, and control gaps - before they become audit findings. 🧵

Active Directory Mindmap Upgrade 🔗 https://t.co/4XdWXXyR0p @M4yFly 🔥🫡

If you’re looking for a feel good video check this one out. Great job guys!! #DiscoverConnection I Took a Fast Food Worker on Their Dream Vacation https://t.co/WS6SDYsUeQ via @YouTube

Today I learned that a ransomware actor (probably reading this tweet) used our free scanner Thor Lite to evaluate software on a target system with custom YARA rules. So yeah… ransomware actors are using our tools now. Guess that makes it dual-use.

🚩 The Cybersecurity Red Flags in a Job Description You Shouldn’t Ignore Looking for your next security role? Don’t just scan for salary - scan for red flags. Here’s how to spot warning signs in job postings before you waste your time (or burn out). 🧵

Prevention > Detection. Let’s make attackers hate their life. No doubt EDR is essential, but it’s not a silver bullet.

You can do a lot to defend with the builtin windows firewall. Some things that come to mind are: - Block SMB between workstations - Block WMI/WinRM where not needed - Only allow inbound RDP from management VLANs or jump boxes to servers - Only allow remote management from

Looking for docs on EventID <-> Audit Policy mapping beyond what MS provides? Working on a new mindmap covering the Kernel (ntoskrnl) / Driver functions responsible for generating Security EventIDs along with their corresponding policy Sub-Category and conditions for generation.