dude 😐

Thank you for the feature 🤗🫂.

What do you want to know?.

RT @RusEmbIndia: Happy Republic Day, #India! . From Russia with love ❤️. #RepublicDay2024 #RussiaIndia #дружбаदोस्ती

It's a really nice initiative, Phil! I have some ideas, I can't wait to contribute. Also, thank you for the mention 😉.

RT @EricRZimmerman: @SwiftOnSecurity if youve never tried EVTXECmd for event logs, try it. take your favorite logs, generate CSV, load into….

Instead of selecting the Hive along with transaction logs, saving them as System_Clean, do this instead. Select the Hive. Hold Shift while clicking on Open! .@chad 👈👀 .Tool: Reg Explorer by @EricRZimmerman

@techyteachme 👀.

Interested in Cloud Forensics? .Check out my latest blogpost which walks you through a simulated breach within an AWS environment. We'll ingest AWS CoudTrail in Splunk and run queries - it's all free and exciting! 👀.#FOR509 @PwnedLabs .

Another interesting JS. The end goal looks like #Remcos RAT but unsure if this family has been analyzed . yet. Good de-obfuscation practice today!.🎯Clever masking of all stages.🎯Everything being done in-memory

Interesting sample off VT. >TA tries to blend in by registering SubmitTelem.exe as a service called "Sophos Update Service" <- clever, difficult to spot. >Forcibly hides the service using clever techniques.>Looks like a backdoor written in Go - can't find the project anymore 👀

In hindsight, it should've been the first place you looked.

Pretty excited to announce my 11 Year workiversary by smashing the 👑 of IR certifications out there. 25 Practical Questions mimicking real world scenarios. I so wanted to choose GX-CS because it looked easier 😐 but switched to GX-IH!.@CertifyGIAC 👀DM for Coupon Collab maybe?

🫡.

I made the list! Thank you Zack 🥺 👉👈.

If you'd like to give your knowledge a slight push in the world of Browser Extensions, please go through my latest article which scratches the surface on this topic. Microsoft DfE/SentinelOne examples within. #DFIR .

DFIR nerds, here's a helpful bookmark for you. Remote Access Software (ab)used by adversaries. Of course the list is looong, but we have to start somewhere, right? .. @MITREattack T1219

Malware Persistence? .Windows Scheduled Tasks ↔ Linux Cronjobs. A quick refresher attached from a Live case. You can also grep your way through to which user had it installed if it isn't a system-wide job. @SentinelOne Terminal Color Scheme ✔👑

I wrote my first KAPE Module! It parses Windows Tasks XMLs recursively to give you a neat CSV as an output!.Read: Happy Holidays 🎄🎅.#forensics

Sneaky of @NotionHQ to give this option only when you open a Code block's Menu 😂