Author | Lightnews

Markus @mascho.bsky.social · Aug 5

Dropped our Practical Windows Forensic Analyst cert! 🔥👀

bluecapesecurity.com/pwfa

Analyst I: Core Forensic Track Enrollment - Blue Cape Security

Elevate your DFIR skills in our 3-part workshop series. Get hands-on with real-world scenarios from cybersecurity basics to advanced forensic analysis.

bluecapesecurity.com

Markus @mascho.bsky.social · Jul 21

Is this still on?

1

Markus @mascho.bsky.social · May 13

Just dropped: Our hands-on Windows Forensics investigation scenarios are live! 🔍

-> 20% OFF with code START200

bluecapesecurity.com/practice/#FO...

Enjoy!

Practice - Blue Cape Security

Enrollment now open: FOR200 Investigation Scenarios Limited Time Offer: 20% OFF FOR200 and HERO BundleCode: START200 — Ends May 23 PRACTICE Hands-On, RealisticInvestigation Scenarios Apply your skills...

bluecapesecurity.com

Markus @mascho.bsky.social · Mar 19

We just released a course that embodies our core principles: learn + practice + assess > and it’s free!

DFIR Foundations and Techniques: Professional Skills and Readiness

=> For SecOps and DFIR professionals

Full course: tinyurl.com/mu77u3ab
Youtube playlist: tinyurl.com/2s3n7nfx

#dfir #secops

1 1

Markus @mascho.bsky.social · Feb 12

Still reminiscing about the incredible time at @wildwesthackinfest.bsky.social last week and now counting down to IntelliCon next week in Austin! If you haven’t grabbed your ticket yet, there’s still time: www.intelliguards.com/event-detail...

1 5

Markus @mascho.bsky.social · Jan 30

Final modules for our 301 Enterprise DFIR course have been uploaded. What a journey after developing, analyzing and recording all the materials over many months of work!

I'm excited about the course and also looking forward to head to the WWHF conference next week. Reach out if you are there!

Markus @mascho.bsky.social · Jan 28

Proud to present our brand new training page and offering for individuals @ Blue Cape Security:

- 301 Enterprise DFIR course launched

- HERO Bundle including 101 / 201 / 301 courses

- Blue Team Master Program is public again

bluecapesecurity.com/individual-t...

HMU for questions or feedback! 💙

Course and Programs | Individual Training - Blue Cape Security

Practical Cybersecurity Training Built for Real-World Investigations Hands-On, Scenario-Based Training to Master Cyber Threats and Elevate Your Career training roadmap on-demand courses Our courses in...

bluecapesecurity.com

1 2

Markus @mascho.bsky.social · Jan 23

We have a giveaway of our brand new course bundle over at LinkedIn for those interested: www.linkedin.com/posts/blueca...

Only 2 more days!

Blue Cape Security on LinkedIn: #cybersecurity #bluecapesecurity #incidentresponse #dfirtraining… | 11 comments

🎉 Big Giveaway: Win our brand new HERO Bundle (101 / 201 / 301 courses)! Here’s how to enter: → Follow us here on LinkedIn (@BlueCapeSecurity) → Like this… | 11 comments on LinkedIn

www.linkedin.com

Markus @mascho.bsky.social · Jan 22

Lots of great things coming next week! 301 Enterprise DFIR course - Launch Party with a special guest, new course bundles and more!

Live Stream: youtube.com/live/MgG_pT1...

1

Markus @mascho.bsky.social · Jan 16

Zoom bug: discussions.apple.com/thread/25588...

Persistent "Zoom is Accessing Your Screen… - Apple Community

discussions.apple.com

Markus @mascho.bsky.social · Jan 16

Since enabling Apple Intelligence an uncontrollable amount of notifications keep popping up (e.g. continuously when I'm screen sharing on Zoom). It doesn't seem they've gotten much smarter navigating me to my webinars either..

1 1

Reposted by Markus

Eric Capuano @eric.zip · Jan 7

🚀 Excited to announce the alpha release of NIMS - a Notion-based Incident Management System!

Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.

#InfoSec #DFIR #IncidentResponse #SecOps #Notion

4 21 73

Markus @mascho.bsky.social · Jan 3

How do you track DFIR timelines and findings? There doesn't seem to be a one size fits all solution in the industry.

Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...

CrowdStrike Services Releases Free Incident Response Tracker

This blog post provides an overview of the newly released CrowdStrike Incident Response Tracker and how it is leveraged by our experts on the front lines.

www.crowdstrike.com

3 5 6

Markus @mascho.bsky.social · Jan 2

Sounds interesting. Just subscribed and looking forward to listen to it!

1

Markus @mascho.bsky.social · Dec 31

The best conference in the industry is only 1 month away 🤠

I'll be teaching the 2-day Ransomware Attack Simulation and Investigation for Blue Teamers workshop with in-person and virtual seats available!

I’m looking forward to reconnecting with old friends and making new ones at this amazing event!

1 3

Markus @mascho.bsky.social · Dec 28

Good question - here is the more detailed description of the case: www.linkedin.com/posts/blueca...

Blue Cape Security on LinkedIn: Elevate Your DFIR Skills: Deeper Insights and Practical Applications |…

🔍 Perform your own DFIR investigation - Suspicious File Download Incident Our Security Operations Center (SOC) detected that the employee Alice downloaded a…

www.linkedin.com

2

Markus @mascho.bsky.social · Dec 28

For those looking to practice a realistic #DFIR scenario, here is a free case for you to investigate.

Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File

Link: bluecapesecurity.com/courses/elev...

Elevate Your DFIR Skills: Deeper Insights and Practical Applications - Blue Cape Security

bluecapesecurity.com

1 4 9

Markus @mascho.bsky.social · Dec 27

AWS: Welcome back! Your t2.xlarge EC2's have been running happily over the holidays 🥲

Markus @mascho.bsky.social · Dec 22

Practical Windows Forensics - Cheat sheet 💙

Full PDF version: github.com/bluecapesecu...

3 8

Markus @mascho.bsky.social · Dec 18

Looking forward to present our maturity model tomorrow live! Finally visualized the way how we do trainings for teams and individuals.

Link: bluecapesecurity.com/register

1

Markus @mascho.bsky.social · Dec 16

Microsoft incident data sets. Haven’t had a chance to test this, but certainly looks interesting.
www.kaggle.com/datasets/Mic...

Microsoft Security Incident Prediction

Can you predict the next big security incident before it happens?

www.kaggle.com

1 3

Markus @mascho.bsky.social · Dec 13

Oh hey we have a webinar coming up next week!

-> Thursday, December 19th

I'll be sharing our DFIR Training Roadmap that we've been working on since the beginnings of Blue Cape Security (which is more than 2 years now) 🥹

us06web.zoom.us/webinar/regi...

Welcome! You are invited to join a webinar: Blue Cape Security DFIR Training Roadmap for Cybersecurity Professionals. After registering, you will receive a confirmation email about joining the webinar...

Join Markus Schober, CEO of Blue Cape Security, for a 45-minute Live webinar on December 19th at 1:00 PM ET / 10:00 AM PT. This session will introduce the Blue Cape Security DFIR Training Roadmap—a pr...

us06web.zoom.us

1 2

Markus @mascho.bsky.social · Dec 13

Was just planning on releasing a new DFIR course module on log analysis, but I just uploaded:

2+ hours video
11 Splunk hands-on labs (with over 30 queries)
2 Sigma hands-on labs

Why do these things always get out of hand?

3

Markus @mascho.bsky.social · Dec 10

Oh and of course the converter engine: sigconverter.io

#sigmahq

sigconverter.io - sigma rule converter

sigconverter.io