DDI Training
@digitaldefenseinstitute.com
Advanced Cybersecurity Training provider focusing on security operations, threat hunting, digital forensics, and incident response. Learn more: https://digitaldefenseinstitute.com
Pinned
DDI Training
@digitaldefenseinstitute.com
ยท Feb 7
ATTN NERDS:
We'll be at @blackhatevents.bsky.social USA again this year!
Registration is now open for our Advanced Security Operations and Threat Hunting course ๐ค๐ฅ๐
Join @eric.zip, @bromiley.io, and @whit.zip for our 4-day training: www.blackhat.com/us-25/traini...
We'll be at @blackhatevents.bsky.social USA again this year!
Registration is now open for our Advanced Security Operations and Threat Hunting course ๐ค๐ฅ๐
Join @eric.zip, @bromiley.io, and @whit.zip for our 4-day training: www.blackhat.com/us-25/traini...
Reposted by DDI Training
Hunting MongoBleed (CVE-2025-14847)
Detecting CVE-2025-14847 Exploitation with Velociraptor
blog.ecapuano.com
December 27, 2025 at 3:42 AM
Reposted by DDI Training
I have PR'd a new @velocidex.com Artifact to the Exchange to hunt for exploitation of #CVE-2025โ14847.
As far as I know, this is the only defensive signature for this CVE that exists currently.
github.com/Velocidex/ve...
As far as I know, this is the only defensive signature for this CVE that exists currently.
github.com/Velocidex/ve...
Create Linux.Detection.CVE202514847.MongoBleed.yaml by ecapuano ยท Pull Request #1161 ยท Velocidex/velociraptor-docs
Add Linux.Detection.CVE202514847.MongoBleed Artifact
Summary
This artifact detects evidence of CVE-2025-14847 (MongoBleed) exploitation on MongoDB servers by analyzing connection patterns in MongoD...
github.com
December 27, 2025 at 1:52 AM
I have PR'd a new @velocidex.com Artifact to the Exchange to hunt for exploitation of #CVE-2025โ14847.
As far as I know, this is the only defensive signature for this CVE that exists currently.
github.com/Velocidex/ve...
As far as I know, this is the only defensive signature for this CVE that exists currently.
github.com/Velocidex/ve...
Reposted by DDI Training
Friendly reminder to my #DFIR friends... If you ever need an offline triage collector in a pinch, @whit.zip and I maintain one for you!
Powered by latest version of Velociraptor, preconfigured to get all the important pieces for investigation.
1. Download
2. Execute
3. Find bad guys
triage.zip
Powered by latest version of Velociraptor, preconfigured to get all the important pieces for investigation.
1. Download
2. Execute
3. Find bad guys
triage.zip
Triage.zip - Collector Package
triage.zip
December 5, 2025 at 9:08 PM
Friendly reminder to my #DFIR friends... If you ever need an offline triage collector in a pinch, @whit.zip and I maintain one for you!
Powered by latest version of Velociraptor, preconfigured to get all the important pieces for investigation.
1. Download
2. Execute
3. Find bad guys
triage.zip
Powered by latest version of Velociraptor, preconfigured to get all the important pieces for investigation.
1. Download
2. Execute
3. Find bad guys
triage.zip
Same awesome tool, new look -- triage.zip got a facelift!
Also, updated to work with latest changes to Velociraptor's new Triage Targets: triage.velocidex.com
This project made possible due to the epic team behind @velocidex.com ๐ We only aim to make it even more accessible to the masses. #DFIR
Also, updated to work with latest changes to Velociraptor's new Triage Targets: triage.velocidex.com
This project made possible due to the epic team behind @velocidex.com ๐ We only aim to make it even more accessible to the masses. #DFIR
November 24, 2025 at 8:04 PM
Same awesome tool, new look -- triage.zip got a facelift!
Also, updated to work with latest changes to Velociraptor's new Triage Targets: triage.velocidex.com
This project made possible due to the epic team behind @velocidex.com ๐ We only aim to make it even more accessible to the masses. #DFIR
Also, updated to work with latest changes to Velociraptor's new Triage Targets: triage.velocidex.com
This project made possible due to the epic team behind @velocidex.com ๐ We only aim to make it even more accessible to the masses. #DFIR
We are launching a Black Friday deal on our most popular course, Threat Hunting & Incident Response w/Velociraptor! From now until midnight (EST) 11/28, enjoy 40% off our best-selling on-demand course.
Register: ddi.sh/thvr-bf-2025
Use Code: blackfriday2025
#DFIR #ThreatHunting
Register: ddi.sh/thvr-bf-2025
Use Code: blackfriday2025
#DFIR #ThreatHunting
November 24, 2025 at 2:30 PM
We are launching a Black Friday deal on our most popular course, Threat Hunting & Incident Response w/Velociraptor! From now until midnight (EST) 11/28, enjoy 40% off our best-selling on-demand course.
Register: ddi.sh/thvr-bf-2025
Use Code: blackfriday2025
#DFIR #ThreatHunting
Register: ddi.sh/thvr-bf-2025
Use Code: blackfriday2025
#DFIR #ThreatHunting
Reposted by DDI Training
I have always wanted an app like Zimmerman's Timeline Explorer, but for macOS.... Sadly, nothing remotely close exists except Excel ๐คฎ
Stoked to say, I am nearly done with the the MVP! ๐
Supertimelines on MBP! #dfir
Stoked to say, I am nearly done with the the MVP! ๐
Supertimelines on MBP! #dfir
November 19, 2025 at 7:19 PM
I have always wanted an app like Zimmerman's Timeline Explorer, but for macOS.... Sadly, nothing remotely close exists except Excel ๐คฎ
Stoked to say, I am nearly done with the the MVP! ๐
Supertimelines on MBP! #dfir
Stoked to say, I am nearly done with the the MVP! ๐
Supertimelines on MBP! #dfir
Another THVR in the books! We had so much fun with this group of nerds this week.
Thanks for the engaging chats and for choosing to hang with us for a couple days--until next time ๐ค๐ฆ๐ We hope everyone enjoyed the con!
@wildwesthackinfest.bsky.social @antisyphontraining.bsky.social
Thanks for the engaging chats and for choosing to hang with us for a couple days--until next time ๐ค๐ฆ๐ We hope everyone enjoyed the con!
@wildwesthackinfest.bsky.social @antisyphontraining.bsky.social
October 11, 2025 at 1:00 AM
Another THVR in the books! We had so much fun with this group of nerds this week.
Thanks for the engaging chats and for choosing to hang with us for a couple days--until next time ๐ค๐ฆ๐ We hope everyone enjoyed the con!
@wildwesthackinfest.bsky.social @antisyphontraining.bsky.social
Thanks for the engaging chats and for choosing to hang with us for a couple days--until next time ๐ค๐ฆ๐ We hope everyone enjoyed the con!
@wildwesthackinfest.bsky.social @antisyphontraining.bsky.social
Reposted by DDI Training
If youโre interested in tinkering with LLMs to assist with incident triage, check out this demo I did with @limacharlie.io using Claude Code and the LC MCP: youtu.be/dSCmLIBkTdo?...
I open sourced the Claude configs and context files for anyone that wants to try it out: github.com/Digital-Defe...
I open sourced the Claude configs and context files for anyone that wants to try it out: github.com/Digital-Defe...
The unopinionated AI advantage: Building AI-powered SecOps on your terms
YouTube video by LimaCharlie
youtu.be
August 14, 2025 at 11:58 PM
If youโre interested in tinkering with LLMs to assist with incident triage, check out this demo I did with @limacharlie.io using Claude Code and the LC MCP: youtu.be/dSCmLIBkTdo?...
I open sourced the Claude configs and context files for anyone that wants to try it out: github.com/Digital-Defe...
I open sourced the Claude configs and context files for anyone that wants to try it out: github.com/Digital-Defe...
Reposted by DDI Training
DFIR Artifact: PowerShell Transcripts
The "flight data recorder" for PowerShell activity.
blog.ecapuano.com
August 14, 2025 at 8:21 PM
Reposted by DDI Training
a certain mr @timmedin.bsky.social made a guest appearance during ASOTH day 3 today to drop some kerberoasting knowledge bombs on our students
love this guy. THANK YOU TIM ๐ค๐ซถ๐ฅ๐๏ธ
@blackhatevents.bsky.social
love this guy. THANK YOU TIM ๐ค๐ซถ๐ฅ๐๏ธ
@blackhatevents.bsky.social
August 5, 2025 at 5:44 AM
a certain mr @timmedin.bsky.social made a guest appearance during ASOTH day 3 today to drop some kerberoasting knowledge bombs on our students
love this guy. THANK YOU TIM ๐ค๐ซถ๐ฅ๐๏ธ
@blackhatevents.bsky.social
love this guy. THANK YOU TIM ๐ค๐ซถ๐ฅ๐๏ธ
@blackhatevents.bsky.social
ATTN NERDS:
5 more days until it's go time at Hacker Summer Camp! ๐
There's still time to register: www.blackhat.com/us-25/traini...
And if you can't join us at @blackhatevents.bsky.social, check out our on demand courses ๐ค๐ฆ๐ฅ
academy.digitaldefenseinstitute.com/catalog
5 more days until it's go time at Hacker Summer Camp! ๐
There's still time to register: www.blackhat.com/us-25/traini...
And if you can't join us at @blackhatevents.bsky.social, check out our on demand courses ๐ค๐ฆ๐ฅ
academy.digitaldefenseinstitute.com/catalog
July 28, 2025 at 1:38 PM
ATTN NERDS:
5 more days until it's go time at Hacker Summer Camp! ๐
There's still time to register: www.blackhat.com/us-25/traini...
And if you can't join us at @blackhatevents.bsky.social, check out our on demand courses ๐ค๐ฆ๐ฅ
academy.digitaldefenseinstitute.com/catalog
5 more days until it's go time at Hacker Summer Camp! ๐
There's still time to register: www.blackhat.com/us-25/traini...
And if you can't join us at @blackhatevents.bsky.social, check out our on demand courses ๐ค๐ฆ๐ฅ
academy.digitaldefenseinstitute.com/catalog
Reposted by DDI Training
T-minus 12 days until my favorite humans - @eric.zip & @whit.zip - and I deliver our Advanced Security Operations and Threat Hunting training at @blackhatevents.bsky.social.
If you're a SOC analyst and/or work in IR, we'd love to have you. Come level up with us :)
www.blackhat.com/us-25/traini...
If you're a SOC analyst and/or work in IR, we'd love to have you. Come level up with us :)
www.blackhat.com/us-25/traini...
Black Hat
Black Hat
www.blackhat.com
July 21, 2025 at 4:13 PM
T-minus 12 days until my favorite humans - @eric.zip & @whit.zip - and I deliver our Advanced Security Operations and Threat Hunting training at @blackhatevents.bsky.social.
If you're a SOC analyst and/or work in IR, we'd love to have you. Come level up with us :)
www.blackhat.com/us-25/traini...
If you're a SOC analyst and/or work in IR, we'd love to have you. Come level up with us :)
www.blackhat.com/us-25/traini...
Join us at the @antisyphontraining.bsky.social Blue Team Summit Aug 28 โ Aug 29 for Threat Hunting & Incident Response with Velociraptor!
www.antisyphontraining.com/course/threa...
www.antisyphontraining.com/course/threa...
July 8, 2025 at 6:52 PM
Join us at the @antisyphontraining.bsky.social Blue Team Summit Aug 28 โ Aug 29 for Threat Hunting & Incident Response with Velociraptor!
www.antisyphontraining.com/course/threa...
www.antisyphontraining.com/course/threa...
1 month to go! ๐ค๐ฅ๐
Join @eric.zip, @bromiley.io, and @whit.zip at hacker summer camp!
Registration: www.blackhat.com/us-25/traini...
Join @eric.zip, @bromiley.io, and @whit.zip at hacker summer camp!
Registration: www.blackhat.com/us-25/traini...
July 2, 2025 at 11:10 AM
1 month to go! ๐ค๐ฅ๐
Join @eric.zip, @bromiley.io, and @whit.zip at hacker summer camp!
Registration: www.blackhat.com/us-25/traini...
Join @eric.zip, @bromiley.io, and @whit.zip at hacker summer camp!
Registration: www.blackhat.com/us-25/traini...
Reposted by DDI Training
๐ Just launched: DetectionForge โ a purpose-built platform for crafting, testing & validating @limacharlie.io detection rules.
Perform detection unit tests & multi-org backtesting + import/export IaC
๐ Try it: detectionforge.ddi.sh
๐ป GitHub: github.com/Digital-Defe... #detectionengineering #secops
Perform detection unit tests & multi-org backtesting + import/export IaC
๐ Try it: detectionforge.ddi.sh
๐ป GitHub: github.com/Digital-Defe... #detectionengineering #secops
DetectionForge
DetectionForge - A comprehensive detection engineering environment for crafting, validating, and testing LimaCharlie detection rules
detectionforge.ddi.sh
June 19, 2025 at 1:14 AM
๐ Just launched: DetectionForge โ a purpose-built platform for crafting, testing & validating @limacharlie.io detection rules.
Perform detection unit tests & multi-org backtesting + import/export IaC
๐ Try it: detectionforge.ddi.sh
๐ป GitHub: github.com/Digital-Defe... #detectionengineering #secops
Perform detection unit tests & multi-org backtesting + import/export IaC
๐ Try it: detectionforge.ddi.sh
๐ป GitHub: github.com/Digital-Defe... #detectionengineering #secops
Reposted by DDI Training
we had an absolutely amazing time at #x33fcon ๐ค๐ต๐ฑ
thank you to our students who joined our @antisyphontraining.bsky.social class, and thank you to the organizers for taking such good care of us ๐ซถ
poland is beautiful
thank you to our students who joined our @antisyphontraining.bsky.social class, and thank you to the organizers for taking such good care of us ๐ซถ
poland is beautiful
June 14, 2025 at 3:19 PM
we had an absolutely amazing time at #x33fcon ๐ค๐ต๐ฑ
thank you to our students who joined our @antisyphontraining.bsky.social class, and thank you to the organizers for taking such good care of us ๐ซถ
poland is beautiful
thank you to our students who joined our @antisyphontraining.bsky.social class, and thank you to the organizers for taking such good care of us ๐ซถ
poland is beautiful
Reposted by DDI Training
Here are the slides/resources from our #SecurityFest talk on "Modernizing Incident Response Using Techniques that Scale"
Talk: www.youtube.com/live/Znl7TBF...
Talk: www.youtube.com/live/Znl7TBF...
Security Fest 2025 - Day 2
YouTube video by Security Fest
www.youtube.com
June 5, 2025 at 5:58 PM
Here are the slides/resources from our #SecurityFest talk on "Modernizing Incident Response Using Techniques that Scale"
Talk: www.youtube.com/live/Znl7TBF...
Talk: www.youtube.com/live/Znl7TBF...
And next week weโre in Poland for x33fcon! Weโre running our 2-day workshop: Threat Hunting & Incident Response with Velociraptor
www.x33fcon.com#!t/TI_IR.md
www.x33fcon.com#!t/TI_IR.md
June 3, 2025 at 9:31 AM
And next week weโre in Poland for x33fcon! Weโre running our 2-day workshop: Threat Hunting & Incident Response with Velociraptor
www.x33fcon.com#!t/TI_IR.md
www.x33fcon.com#!t/TI_IR.md
Reposted by DDI Training
@whit.zip and I just arrived in Sweden for Security Fest and weโre so excited! ๐ธ๐ช
cfp.securityfest.com/2025/talk/NP...
cfp.securityfest.com/2025/talk/NP...
Modernizing Incident Response Using Techniques that Scale Security Fest 2025
Traditional digital forensics and incident response (DFIR) techniques often fall short, struggling to keep up with the speed and scale required by modern environments. This talk explores the limitatio...
cfp.securityfest.com
June 3, 2025 at 9:27 AM
@whit.zip and I just arrived in Sweden for Security Fest and weโre so excited! ๐ธ๐ช
cfp.securityfest.com/2025/talk/NP...
cfp.securityfest.com/2025/talk/NP...
Ready to level up your SOC skills?
Our Threat Hunting and IR With Velociraptor course dives deep into Velociraptor through hands-on labs and realistic attack scenarios.
Learn to build custom queries, triage systems, and take decisive actionโconfidently and repeatably.
Start here: ddi.sh/thvr ๐ฅ๐ฆ๐ค
Our Threat Hunting and IR With Velociraptor course dives deep into Velociraptor through hands-on labs and realistic attack scenarios.
Learn to build custom queries, triage systems, and take decisive actionโconfidently and repeatably.
Start here: ddi.sh/thvr ๐ฅ๐ฆ๐ค
May 25, 2025 at 8:52 PM
Ready to level up your SOC skills?
Our Threat Hunting and IR With Velociraptor course dives deep into Velociraptor through hands-on labs and realistic attack scenarios.
Learn to build custom queries, triage systems, and take decisive actionโconfidently and repeatably.
Start here: ddi.sh/thvr ๐ฅ๐ฆ๐ค
Our Threat Hunting and IR With Velociraptor course dives deep into Velociraptor through hands-on labs and realistic attack scenarios.
Learn to build custom queries, triage systems, and take decisive actionโconfidently and repeatably.
Start here: ddi.sh/thvr ๐ฅ๐ฆ๐ค
Reposted by DDI Training
ATTN NERDS:
we'll be teaching at @blackhatevents.bsky.social during hacker summer camp again!
come join me and @eric.zip and @bromiley.io for our 4-day training: Advanced Security Operations and Threat Hunting ๐ค๐ฅ๐
www.blackhat.com/us-25/traini...
we'll be teaching at @blackhatevents.bsky.social during hacker summer camp again!
come join me and @eric.zip and @bromiley.io for our 4-day training: Advanced Security Operations and Threat Hunting ๐ค๐ฅ๐
www.blackhat.com/us-25/traini...
May 20, 2025 at 10:29 AM
ATTN NERDS:
we'll be teaching at @blackhatevents.bsky.social during hacker summer camp again!
come join me and @eric.zip and @bromiley.io for our 4-day training: Advanced Security Operations and Threat Hunting ๐ค๐ฅ๐
www.blackhat.com/us-25/traini...
we'll be teaching at @blackhatevents.bsky.social during hacker summer camp again!
come join me and @eric.zip and @bromiley.io for our 4-day training: Advanced Security Operations and Threat Hunting ๐ค๐ฅ๐
www.blackhat.com/us-25/traini...
๐ฅน๐
fear of asking "stupid" questions cost me hours trying to figure out why timesktech would not generate logon graphs. answer found in one of the @digitaldefenseinstitute.com's bash scripts: use .plaso files, not .csv files! logon analyzer takes the strings field from there. thank you DDI :)
May 7, 2025 at 11:18 AM
๐ฅน๐
Reposted by DDI Training
ATTN NERDS:
join me and @eric.zip in october at @wildwesthackinfest.bsky.social where we are running our 2-day course! again! threat hunting & incident response w/velociraptor!
register virtual or in-person: ddi.sh/thvr-wwhf ๐ค๐ฆ๐ฅ
#infosec #dfir #threathunting #WWHF #Deadwood2025
join me and @eric.zip in october at @wildwesthackinfest.bsky.social where we are running our 2-day course! again! threat hunting & incident response w/velociraptor!
register virtual or in-person: ddi.sh/thvr-wwhf ๐ค๐ฆ๐ฅ
#infosec #dfir #threathunting #WWHF #Deadwood2025
Threat Hunting & Incident Response with Velociraptor with Eric Capuano and Whitney Champion - Antisyphon Training
Master the art of threat hunting and incident response with Velociraptor, a rapidly emerging powerhouse in cybersecurity.
ddi.sh
April 29, 2025 at 1:54 AM
ATTN NERDS:
join me and @eric.zip in october at @wildwesthackinfest.bsky.social where we are running our 2-day course! again! threat hunting & incident response w/velociraptor!
register virtual or in-person: ddi.sh/thvr-wwhf ๐ค๐ฆ๐ฅ
#infosec #dfir #threathunting #WWHF #Deadwood2025
join me and @eric.zip in october at @wildwesthackinfest.bsky.social where we are running our 2-day course! again! threat hunting & incident response w/velociraptor!
register virtual or in-person: ddi.sh/thvr-wwhf ๐ค๐ฆ๐ฅ
#infosec #dfir #threathunting #WWHF #Deadwood2025
yes :) we will still be doing the in person classes through antisyphon, but now we are offering the on demand/do-it-at-your-own-pace as well!
April 28, 2025 at 7:14 PM
yes :) we will still be doing the in person classes through antisyphon, but now we are offering the on demand/do-it-at-your-own-pace as well!