I've got one of the older versions :)

Link for those who are interested. The good stuff starts around 32 minutes in: www.youtube.com/watch?v=9LjO...

1. one
2. resident files are contained in the mft entry
3. hide in alternate data streams

here's the link for those interested github.com/NextronSyste...

there is thor2ts utility on @nextron.bsky.social's github. Time to add #THOR findings to #Timesketch 🔥

watched it, loved it, gonna test it!

Here are the slides/resources from our #SecurityFest talk on "Modernizing Incident Response Using Techniques that Scale"

Talk: www.youtube.com/live/Znl7TBF...

tried volatility3. as luck would have it, it didn't like the first 3 dumps. of course, spent hours trying this and that before checking github where the issue was already reported 😅 an older dump from another environment worked like a charm! ah, the struggles of an insecure junior..

got to present my recent experience with #openrelik, #hayabusa, #timesketch and #splunk4dfir to my team. Took the entire afternoon but psyched about integrating them into company workflows 🔥

discovered the -f option for #log2timeline 🤩 excluding some irrelevant, noisy log files reduced the timeline to 10% of its original size. still, 50K events but I'll take that

fear of asking "stupid" questions cost me hours trying to figure out why timesktech would not generate logon graphs. answer found in one of the @digitaldefenseinstitute.com's bash scripts: use .plaso files, not .csv files! logon analyzer takes the strings field from there. thank you DDI :)

tested #openrelik, #hayabusa, #timesketch and #splunk4dfir using #thedfirreport recent analyst case. was a lot fun! will definitely use those tools more now 🚀

A good story, for a change. The hard work that the crew and the folks who support them put into their jobs truly shows here. ❤️🚀❤️🚀

arstechnica.com/space/2025/0...

also for beginners?

Time to retire Alice and Bob?

🚀📣 Das Programm für die Auftaktveranstaltung zum Tag der Raumfahrt am 28. März im Futurium (Berlin) ist da! Hier 👇kommt der Überblick. ℹ️ Anmeldung für das Futurium ist ab dem 15.03. möglich unter diesem Link: shorturl.at/aJjjh Wir freuen uns auf Sie! 🌌
#TagderRaumfahrt
@astromatthias.bsky.social

Listen, I'm not going to pretend that I'm even remotely surprised, but I will tell you that this is a slap in the face to every person in the infosec community that has worked to track and thwart Russian APTs for the last several decades.

www.theguardian.com/us-news/2025...

looks like #virustotal shows random comments now for unknown hashes when searching without login