DDI Training
@digitaldefenseinstitute.com
Advanced Cybersecurity Training provider focusing on security operations, threat hunting, digital forensics, and incident response. Learn more: https://digitaldefenseinstitute.com
Pinned
ATTN NERDS:
We'll be at @blackhatevents.bsky.social USA again this year!
Registration is now open for our Advanced Security Operations and Threat Hunting course 🤓🔥💙
Join @eric.zip, @bromiley.io, and @whit.zip for our 4-day training: www.blackhat.com/us-25/traini...
We'll be at @blackhatevents.bsky.social USA again this year!
Registration is now open for our Advanced Security Operations and Threat Hunting course 🤓🔥💙
Join @eric.zip, @bromiley.io, and @whit.zip for our 4-day training: www.blackhat.com/us-25/traini...
Reposted by DDI Training
Hunting MongoBleed (CVE-2025-14847)
Detecting CVE-2025-14847 Exploitation with Velociraptor
blog.ecapuano.com
December 27, 2025 at 3:42 AM
Reposted by DDI Training
I have PR'd a new @velocidex.com Artifact to the Exchange to hunt for exploitation of #CVE-2025–14847.
As far as I know, this is the only defensive signature for this CVE that exists currently.
github.com/Velocidex/ve...
As far as I know, this is the only defensive signature for this CVE that exists currently.
github.com/Velocidex/ve...
Create Linux.Detection.CVE202514847.MongoBleed.yaml by ecapuano · Pull Request #1161 · Velocidex/velociraptor-docs
Add Linux.Detection.CVE202514847.MongoBleed Artifact
Summary
This artifact detects evidence of CVE-2025-14847 (MongoBleed) exploitation on MongoDB servers by analyzing connection patterns in MongoD...
github.com
December 27, 2025 at 1:52 AM
I have PR'd a new @velocidex.com Artifact to the Exchange to hunt for exploitation of #CVE-2025–14847.
As far as I know, this is the only defensive signature for this CVE that exists currently.
github.com/Velocidex/ve...
As far as I know, this is the only defensive signature for this CVE that exists currently.
github.com/Velocidex/ve...
Reposted by DDI Training
Friendly reminder to my #DFIR friends... If you ever need an offline triage collector in a pinch, @whit.zip and I maintain one for you!
Powered by latest version of Velociraptor, preconfigured to get all the important pieces for investigation.
1. Download
2. Execute
3. Find bad guys
triage.zip
Powered by latest version of Velociraptor, preconfigured to get all the important pieces for investigation.
1. Download
2. Execute
3. Find bad guys
triage.zip
Triage.zip - Collector Package
triage.zip
December 5, 2025 at 9:08 PM
Friendly reminder to my #DFIR friends... If you ever need an offline triage collector in a pinch, @whit.zip and I maintain one for you!
Powered by latest version of Velociraptor, preconfigured to get all the important pieces for investigation.
1. Download
2. Execute
3. Find bad guys
triage.zip
Powered by latest version of Velociraptor, preconfigured to get all the important pieces for investigation.
1. Download
2. Execute
3. Find bad guys
triage.zip
Same awesome tool, new look -- triage.zip got a facelift!
Also, updated to work with latest changes to Velociraptor's new Triage Targets: triage.velocidex.com
This project made possible due to the epic team behind @velocidex.com 💙 We only aim to make it even more accessible to the masses. #DFIR
Also, updated to work with latest changes to Velociraptor's new Triage Targets: triage.velocidex.com
This project made possible due to the epic team behind @velocidex.com 💙 We only aim to make it even more accessible to the masses. #DFIR
November 24, 2025 at 8:04 PM
Same awesome tool, new look -- triage.zip got a facelift!
Also, updated to work with latest changes to Velociraptor's new Triage Targets: triage.velocidex.com
This project made possible due to the epic team behind @velocidex.com 💙 We only aim to make it even more accessible to the masses. #DFIR
Also, updated to work with latest changes to Velociraptor's new Triage Targets: triage.velocidex.com
This project made possible due to the epic team behind @velocidex.com 💙 We only aim to make it even more accessible to the masses. #DFIR
We are launching a Black Friday deal on our most popular course, Threat Hunting & Incident Response w/Velociraptor! From now until midnight (EST) 11/28, enjoy 40% off our best-selling on-demand course.
Register: ddi.sh/thvr-bf-2025
Use Code: blackfriday2025
#DFIR #ThreatHunting
Register: ddi.sh/thvr-bf-2025
Use Code: blackfriday2025
#DFIR #ThreatHunting
November 24, 2025 at 2:30 PM
We are launching a Black Friday deal on our most popular course, Threat Hunting & Incident Response w/Velociraptor! From now until midnight (EST) 11/28, enjoy 40% off our best-selling on-demand course.
Register: ddi.sh/thvr-bf-2025
Use Code: blackfriday2025
#DFIR #ThreatHunting
Register: ddi.sh/thvr-bf-2025
Use Code: blackfriday2025
#DFIR #ThreatHunting
Reposted by DDI Training
I have always wanted an app like Zimmerman's Timeline Explorer, but for macOS.... Sadly, nothing remotely close exists except Excel 🤮
Stoked to say, I am nearly done with the the MVP! 😎
Supertimelines on MBP! #dfir
Stoked to say, I am nearly done with the the MVP! 😎
Supertimelines on MBP! #dfir
November 19, 2025 at 7:19 PM
I have always wanted an app like Zimmerman's Timeline Explorer, but for macOS.... Sadly, nothing remotely close exists except Excel 🤮
Stoked to say, I am nearly done with the the MVP! 😎
Supertimelines on MBP! #dfir
Stoked to say, I am nearly done with the the MVP! 😎
Supertimelines on MBP! #dfir
Another THVR in the books! We had so much fun with this group of nerds this week.
Thanks for the engaging chats and for choosing to hang with us for a couple days--until next time 🤓🦖💙 We hope everyone enjoyed the con!
@wildwesthackinfest.bsky.social @antisyphontraining.bsky.social
Thanks for the engaging chats and for choosing to hang with us for a couple days--until next time 🤓🦖💙 We hope everyone enjoyed the con!
@wildwesthackinfest.bsky.social @antisyphontraining.bsky.social
October 11, 2025 at 1:00 AM
Another THVR in the books! We had so much fun with this group of nerds this week.
Thanks for the engaging chats and for choosing to hang with us for a couple days--until next time 🤓🦖💙 We hope everyone enjoyed the con!
@wildwesthackinfest.bsky.social @antisyphontraining.bsky.social
Thanks for the engaging chats and for choosing to hang with us for a couple days--until next time 🤓🦖💙 We hope everyone enjoyed the con!
@wildwesthackinfest.bsky.social @antisyphontraining.bsky.social
Reposted by DDI Training
If you’re interested in tinkering with LLMs to assist with incident triage, check out this demo I did with @limacharlie.io using Claude Code and the LC MCP: youtu.be/dSCmLIBkTdo?...
I open sourced the Claude configs and context files for anyone that wants to try it out: github.com/Digital-Defe...
I open sourced the Claude configs and context files for anyone that wants to try it out: github.com/Digital-Defe...
The unopinionated AI advantage: Building AI-powered SecOps on your terms
YouTube video by LimaCharlie
youtu.be
August 14, 2025 at 11:58 PM
If you’re interested in tinkering with LLMs to assist with incident triage, check out this demo I did with @limacharlie.io using Claude Code and the LC MCP: youtu.be/dSCmLIBkTdo?...
I open sourced the Claude configs and context files for anyone that wants to try it out: github.com/Digital-Defe...
I open sourced the Claude configs and context files for anyone that wants to try it out: github.com/Digital-Defe...
Reposted by DDI Training
DFIR Artifact: PowerShell Transcripts
The "flight data recorder" for PowerShell activity.
blog.ecapuano.com
August 14, 2025 at 8:21 PM
Reposted by DDI Training
a certain mr @timmedin.bsky.social made a guest appearance during ASOTH day 3 today to drop some kerberoasting knowledge bombs on our students
love this guy. THANK YOU TIM 🤓🫶🔥🎟️
@blackhatevents.bsky.social
love this guy. THANK YOU TIM 🤓🫶🔥🎟️
@blackhatevents.bsky.social
August 5, 2025 at 5:44 AM
a certain mr @timmedin.bsky.social made a guest appearance during ASOTH day 3 today to drop some kerberoasting knowledge bombs on our students
love this guy. THANK YOU TIM 🤓🫶🔥🎟️
@blackhatevents.bsky.social
love this guy. THANK YOU TIM 🤓🫶🔥🎟️
@blackhatevents.bsky.social
ATTN NERDS:
5 more days until it's go time at Hacker Summer Camp! 💙
There's still time to register: www.blackhat.com/us-25/traini...
And if you can't join us at @blackhatevents.bsky.social, check out our on demand courses 🤓🦖🔥
academy.digitaldefenseinstitute.com/catalog
5 more days until it's go time at Hacker Summer Camp! 💙
There's still time to register: www.blackhat.com/us-25/traini...
And if you can't join us at @blackhatevents.bsky.social, check out our on demand courses 🤓🦖🔥
academy.digitaldefenseinstitute.com/catalog
July 28, 2025 at 1:38 PM
ATTN NERDS:
5 more days until it's go time at Hacker Summer Camp! 💙
There's still time to register: www.blackhat.com/us-25/traini...
And if you can't join us at @blackhatevents.bsky.social, check out our on demand courses 🤓🦖🔥
academy.digitaldefenseinstitute.com/catalog
5 more days until it's go time at Hacker Summer Camp! 💙
There's still time to register: www.blackhat.com/us-25/traini...
And if you can't join us at @blackhatevents.bsky.social, check out our on demand courses 🤓🦖🔥
academy.digitaldefenseinstitute.com/catalog
Reposted by DDI Training
T-minus 12 days until my favorite humans - @eric.zip & @whit.zip - and I deliver our Advanced Security Operations and Threat Hunting training at @blackhatevents.bsky.social.
If you're a SOC analyst and/or work in IR, we'd love to have you. Come level up with us :)
www.blackhat.com/us-25/traini...
If you're a SOC analyst and/or work in IR, we'd love to have you. Come level up with us :)
www.blackhat.com/us-25/traini...
Black Hat
Black Hat
www.blackhat.com
July 21, 2025 at 4:13 PM
T-minus 12 days until my favorite humans - @eric.zip & @whit.zip - and I deliver our Advanced Security Operations and Threat Hunting training at @blackhatevents.bsky.social.
If you're a SOC analyst and/or work in IR, we'd love to have you. Come level up with us :)
www.blackhat.com/us-25/traini...
If you're a SOC analyst and/or work in IR, we'd love to have you. Come level up with us :)
www.blackhat.com/us-25/traini...
Join us at the @antisyphontraining.bsky.social Blue Team Summit Aug 28 – Aug 29 for Threat Hunting & Incident Response with Velociraptor!
www.antisyphontraining.com/course/threa...
www.antisyphontraining.com/course/threa...
July 8, 2025 at 6:52 PM
Join us at the @antisyphontraining.bsky.social Blue Team Summit Aug 28 – Aug 29 for Threat Hunting & Incident Response with Velociraptor!
www.antisyphontraining.com/course/threa...
www.antisyphontraining.com/course/threa...
1 month to go! 🤓🔥💙
Join @eric.zip, @bromiley.io, and @whit.zip at hacker summer camp!
Registration: www.blackhat.com/us-25/traini...
Join @eric.zip, @bromiley.io, and @whit.zip at hacker summer camp!
Registration: www.blackhat.com/us-25/traini...
July 2, 2025 at 11:10 AM
1 month to go! 🤓🔥💙
Join @eric.zip, @bromiley.io, and @whit.zip at hacker summer camp!
Registration: www.blackhat.com/us-25/traini...
Join @eric.zip, @bromiley.io, and @whit.zip at hacker summer camp!
Registration: www.blackhat.com/us-25/traini...
Reposted by DDI Training
🚀 Just launched: DetectionForge — a purpose-built platform for crafting, testing & validating @limacharlie.io detection rules.
Perform detection unit tests & multi-org backtesting + import/export IaC
🔗 Try it: detectionforge.ddi.sh
💻 GitHub: github.com/Digital-Defe... #detectionengineering #secops
Perform detection unit tests & multi-org backtesting + import/export IaC
🔗 Try it: detectionforge.ddi.sh
💻 GitHub: github.com/Digital-Defe... #detectionengineering #secops
DetectionForge
DetectionForge - A comprehensive detection engineering environment for crafting, validating, and testing LimaCharlie detection rules
detectionforge.ddi.sh
June 19, 2025 at 1:14 AM
🚀 Just launched: DetectionForge — a purpose-built platform for crafting, testing & validating @limacharlie.io detection rules.
Perform detection unit tests & multi-org backtesting + import/export IaC
🔗 Try it: detectionforge.ddi.sh
💻 GitHub: github.com/Digital-Defe... #detectionengineering #secops
Perform detection unit tests & multi-org backtesting + import/export IaC
🔗 Try it: detectionforge.ddi.sh
💻 GitHub: github.com/Digital-Defe... #detectionengineering #secops
Reposted by DDI Training
we had an absolutely amazing time at #x33fcon 🤓🇵🇱
thank you to our students who joined our @antisyphontraining.bsky.social class, and thank you to the organizers for taking such good care of us 🫶
poland is beautiful
thank you to our students who joined our @antisyphontraining.bsky.social class, and thank you to the organizers for taking such good care of us 🫶
poland is beautiful
June 14, 2025 at 3:19 PM
we had an absolutely amazing time at #x33fcon 🤓🇵🇱
thank you to our students who joined our @antisyphontraining.bsky.social class, and thank you to the organizers for taking such good care of us 🫶
poland is beautiful
thank you to our students who joined our @antisyphontraining.bsky.social class, and thank you to the organizers for taking such good care of us 🫶
poland is beautiful
Reposted by DDI Training
Here are the slides/resources from our #SecurityFest talk on "Modernizing Incident Response Using Techniques that Scale"
Talk: www.youtube.com/live/Znl7TBF...
Talk: www.youtube.com/live/Znl7TBF...
Security Fest 2025 - Day 2
YouTube video by Security Fest
www.youtube.com
June 5, 2025 at 5:58 PM
Here are the slides/resources from our #SecurityFest talk on "Modernizing Incident Response Using Techniques that Scale"
Talk: www.youtube.com/live/Znl7TBF...
Talk: www.youtube.com/live/Znl7TBF...
And next week we’re in Poland for x33fcon! We’re running our 2-day workshop: Threat Hunting & Incident Response with Velociraptor
www.x33fcon.com#!t/TI_IR.md
www.x33fcon.com#!t/TI_IR.md
June 3, 2025 at 9:31 AM
And next week we’re in Poland for x33fcon! We’re running our 2-day workshop: Threat Hunting & Incident Response with Velociraptor
www.x33fcon.com#!t/TI_IR.md
www.x33fcon.com#!t/TI_IR.md
Reposted by DDI Training
@whit.zip and I just arrived in Sweden for Security Fest and we’re so excited! 🇸🇪
cfp.securityfest.com/2025/talk/NP...
cfp.securityfest.com/2025/talk/NP...
Modernizing Incident Response Using Techniques that Scale Security Fest 2025
Traditional digital forensics and incident response (DFIR) techniques often fall short, struggling to keep up with the speed and scale required by modern environments. This talk explores the limitatio...
cfp.securityfest.com
June 3, 2025 at 9:27 AM
@whit.zip and I just arrived in Sweden for Security Fest and we’re so excited! 🇸🇪
cfp.securityfest.com/2025/talk/NP...
cfp.securityfest.com/2025/talk/NP...
Ready to level up your SOC skills?
Our Threat Hunting and IR With Velociraptor course dives deep into Velociraptor through hands-on labs and realistic attack scenarios.
Learn to build custom queries, triage systems, and take decisive action—confidently and repeatably.
Start here: ddi.sh/thvr 🔥🦖🤓
Our Threat Hunting and IR With Velociraptor course dives deep into Velociraptor through hands-on labs and realistic attack scenarios.
Learn to build custom queries, triage systems, and take decisive action—confidently and repeatably.
Start here: ddi.sh/thvr 🔥🦖🤓
May 25, 2025 at 8:52 PM
Ready to level up your SOC skills?
Our Threat Hunting and IR With Velociraptor course dives deep into Velociraptor through hands-on labs and realistic attack scenarios.
Learn to build custom queries, triage systems, and take decisive action—confidently and repeatably.
Start here: ddi.sh/thvr 🔥🦖🤓
Our Threat Hunting and IR With Velociraptor course dives deep into Velociraptor through hands-on labs and realistic attack scenarios.
Learn to build custom queries, triage systems, and take decisive action—confidently and repeatably.
Start here: ddi.sh/thvr 🔥🦖🤓
Reposted by DDI Training
ATTN NERDS:
we'll be teaching at @blackhatevents.bsky.social during hacker summer camp again!
come join me and @eric.zip and @bromiley.io for our 4-day training: Advanced Security Operations and Threat Hunting 🤓🔥💙
www.blackhat.com/us-25/traini...
we'll be teaching at @blackhatevents.bsky.social during hacker summer camp again!
come join me and @eric.zip and @bromiley.io for our 4-day training: Advanced Security Operations and Threat Hunting 🤓🔥💙
www.blackhat.com/us-25/traini...
May 20, 2025 at 10:29 AM
ATTN NERDS:
we'll be teaching at @blackhatevents.bsky.social during hacker summer camp again!
come join me and @eric.zip and @bromiley.io for our 4-day training: Advanced Security Operations and Threat Hunting 🤓🔥💙
www.blackhat.com/us-25/traini...
we'll be teaching at @blackhatevents.bsky.social during hacker summer camp again!
come join me and @eric.zip and @bromiley.io for our 4-day training: Advanced Security Operations and Threat Hunting 🤓🔥💙
www.blackhat.com/us-25/traini...
🥹💙
fear of asking "stupid" questions cost me hours trying to figure out why timesktech would not generate logon graphs. answer found in one of the @digitaldefenseinstitute.com's bash scripts: use .plaso files, not .csv files! logon analyzer takes the strings field from there. thank you DDI :)
May 7, 2025 at 11:18 AM
🥹💙
Reposted by DDI Training
ATTN NERDS:
join me and @eric.zip in october at @wildwesthackinfest.bsky.social where we are running our 2-day course! again! threat hunting & incident response w/velociraptor!
register virtual or in-person: ddi.sh/thvr-wwhf 🤓🦖🔥
#infosec #dfir #threathunting #WWHF #Deadwood2025
join me and @eric.zip in october at @wildwesthackinfest.bsky.social where we are running our 2-day course! again! threat hunting & incident response w/velociraptor!
register virtual or in-person: ddi.sh/thvr-wwhf 🤓🦖🔥
#infosec #dfir #threathunting #WWHF #Deadwood2025
Threat Hunting & Incident Response with Velociraptor with Eric Capuano and Whitney Champion - Antisyphon Training
Master the art of threat hunting and incident response with Velociraptor, a rapidly emerging powerhouse in cybersecurity.
ddi.sh
April 29, 2025 at 1:54 AM
ATTN NERDS:
join me and @eric.zip in october at @wildwesthackinfest.bsky.social where we are running our 2-day course! again! threat hunting & incident response w/velociraptor!
register virtual or in-person: ddi.sh/thvr-wwhf 🤓🦖🔥
#infosec #dfir #threathunting #WWHF #Deadwood2025
join me and @eric.zip in october at @wildwesthackinfest.bsky.social where we are running our 2-day course! again! threat hunting & incident response w/velociraptor!
register virtual or in-person: ddi.sh/thvr-wwhf 🤓🦖🔥
#infosec #dfir #threathunting #WWHF #Deadwood2025
Want to see a little bit of the magic behind our Threat Hunting & Incident Response w/Velociraptor course? Check out our Antisyphon webcast!
www.youtube.com/watch?v=MqQ-...
Now available OnDemand: ddi.sh/thvr
www.youtube.com/watch?v=MqQ-...
Now available OnDemand: ddi.sh/thvr
Threat Hunting with Velociraptor w/ Eric Capuano & Whitney Champion
/// 🔗 Register for future webcasts, summits, and workshops here - https://blackhillsinfosec.zoom.us/ze/hub/stadiumVelociraptor has been around for some time...
www.youtube.com
April 21, 2025 at 2:17 PM
Want to see a little bit of the magic behind our Threat Hunting & Incident Response w/Velociraptor course? Check out our Antisyphon webcast!
www.youtube.com/watch?v=MqQ-...
Now available OnDemand: ddi.sh/thvr
www.youtube.com/watch?v=MqQ-...
Now available OnDemand: ddi.sh/thvr
Our newest on-demand course, Threat Hunting and Incident Response with Velociraptor, contains over 10 hours of HD video content and 23(!) hands-on labs!
You can now see a free preview of one of the 23 labs: ddi.sh/thvr-preview #DFIR #infosec #incidentresponse #threathunting
You can now see a free preview of one of the 23 labs: ddi.sh/thvr-preview #DFIR #infosec #incidentresponse #threathunting
Threat Hunting & Incident Response with Velociraptor
Master the art of threat hunting and incident response with Velociraptor, a rapidly emerging powerhouse in cybersecurity. This hands-on course, led by industry experts Eric Capuano and Whitney…
ddi.sh
April 15, 2025 at 1:53 PM
Our newest on-demand course, Threat Hunting and Incident Response with Velociraptor, contains over 10 hours of HD video content and 23(!) hands-on labs!
You can now see a free preview of one of the 23 labs: ddi.sh/thvr-preview #DFIR #infosec #incidentresponse #threathunting
You can now see a free preview of one of the 23 labs: ddi.sh/thvr-preview #DFIR #infosec #incidentresponse #threathunting