Author | Lightnews

Johan Berggren @jbn.the4711.net · Jun 19

Great stuff from Maarten and the Timesketch team!

Maarten van Dantzig @maartenvdantzig.bsky.social · Jun 19

Using Timesketch for timeline analysis? We recently added a new feature: LLM summaries of up to 500 events in view. Example below uses Gemini Flash, but you can just as easily use a local Ollama model. Setup guide: timesketch.org/guides/user/...

1

Reposted by Johan Berggren

Eric Capuano @eric.zip · Jun 19

🚀 Just launched: DetectionForge — a purpose-built platform for crafting, testing & validating @limacharlie.io detection rules.

Perform detection unit tests & multi-org backtesting + import/export IaC

🔗 Try it: detectionforge.ddi.sh
💻 GitHub: github.com/Digital-Defe... #detectionengineering #secops

DetectionForge

DetectionForge - A comprehensive detection engineering environment for crafting, validating, and testing LimaCharlie detection rules

detectionforge.ddi.sh

6 12

Johan Berggren @jbn.the4711.net · Jun 13

Great summary of a great paper. Worth a read if you are building LLM agents systems.

Simon Willison @simonwillison.net · Jun 13

"Design Patterns for Securing LLM Agents against Prompt Injections" is an excellent new paper that provides six design patterns to help protect LLM tool-using systems (call them "agents" if you like) against prompt injection attacks

Here are my notes on the paper simonwillison.net/2025/Jun/13/...

Design Patterns for Securing LLM Agents against Prompt Injections

This a new paper by 11 authors from organizations including IBM, Invariant Labs, ETH Zurich, Google and Microsoft is an excellent addition to the literature on prompt injection and LLM …

simonwillison.net

Johan Berggren @jbn.the4711.net · Jun 5

Great stuff from Eric and Whitney.

Eric Capuano @eric.zip · Jun 5

Here are the slides/resources from our #SecurityFest talk on "Modernizing Incident Response Using Techniques that Scale"

Talk: www.youtube.com/live/Znl7TBF...

Security Fest 2025 - Day 2

YouTube video by Security Fest

www.youtube.com

1 5

Reposted by Johan Berggren

Eric Capuano @eric.zip · Jun 5

Here are the slides/resources from our #SecurityFest talk on "Modernizing Incident Response Using Techniques that Scale"

Talk: www.youtube.com/live/Znl7TBF...

Security Fest 2025 - Day 2

YouTube video by Security Fest

www.youtube.com

2 8 14

Johan Berggren @jbn.the4711.net · Jun 5

Yeah, looking forward to building together :)

2

Johan Berggren @jbn.the4711.net · Jun 5

Thank you for taking the time to visit! It was really great to finally meet in person.

2

Reposted by Johan Berggren

Heather Adkins @argv.bsky.social · May 23

Some excellent work by @craiggidney.bsky.social that reduces the number of qubits (in a quantum computer) required to break RSA by 20-fold. If you don’t have a migration plan to safe algorithms, now is the time to start one!

Craig Gidney @craiggidney.bsky.social · May 23

I'm often asked if I'll redo the 2019 quantum factoring estimate. Denser storage by yokes, smaller magic factories by cultivation, slimmer approx arithmetic by Chevignard et al… surely the cost is lower now?

Yes, it's lower now.

security.googleblog.com/2025/05/trac...

arxiv.org/abs/2505.15917

6 11

Reposted by Johan Berggren

b1acktu1ip.bsky.social @b1acktu1ip.bsky.social · Apr 30

tested #openrelik, #hayabusa, #timesketch and #splunk4dfir using #thedfirreport recent analyst case. was a lot fun! will definitely use those tools more now 🚀

1 2

Johan Berggren @jbn.the4711.net · Feb 26

Hey #DFIR people! New #OpenRelik release just dropped. Some cool new features and a bunch of bug fixes.

openrelik.bsky.social @openrelik.bsky.social · Feb 26

New #OpenRelik release 0.5.0 is here with some cool new additions:

* Import files directly from Google Cloud Storage
* Updated AI summary visuals
* Glob filtering support when extracting archives
* BlockDevice support for mounting disk images and partitions

Changelog: openrelik.org/changelog/#050

Changelog

0.5.0 ℹ️ We are moving to semantic versioning from this release in order to better track compatibility aross all components. Server Added a health check endpoint for service monitoring. Implemented a ...

openrelik.org

2 5

Reposted by Johan Berggren

Ryan Benson @hindsig.ht · Feb 19

A new Unfurl release is here! v2025.02 adds:

🌐 Parsing encoded/obfuscated IP addresses
🦋 Resolving #Bluesky handles to their identifiers (DIDs) and looking up their creation timestamps
🐛 Bug fixes & better bulk parsing

Blog: dfir.blog/unfurl-parse...
Code: github.com/obsidianfore...

#DFIR #OSINT

unfurl

Extract and Visualized Data from URLs

unfurl.link

7 8

Johan Berggren @jbn.the4711.net · Feb 8

We should meet up in person.

1 1

Reposted by Johan Berggren

Tanisha L. Turner @cybersecdiva.bsky.social · Jan 12

Hayabusa - A sigma-based threat hunting and fast forensics 🔎 timeline generator for Windows event logs.
It can easily be integrated with other hunting & DFIR tools such as Velociraptor & OpenRelik.

Check it out 🔥🔥:
github.com/Yamato-Secur...

#threathunting #DFIR #sigma #cybersecurity #infosec

GitHub - Yamato-Security/hayabusa: Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.

Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs. - Yamato-Security/hayabusa

github.com

1 6 13

Reposted by Johan Berggren

halvarflake.bsky.social @halvarflake.bsky.social · Feb 2

This is absolute insanity.

Gen Michael Hayden @genmhayden.bsky.social · Feb 2

Fellow NSA - National Security Agency veterans. Look at what’s happened at the National Cryptologic Museum. They covered up with brown paper the photos of Women in American Cryptology. All in response to President Trump’s anti-diversity executive order.

2 16 73

Johan Berggren @jbn.the4711.net · Jan 19

Much welcomed updates to GitHub Issues.

simonwillison.net/2025/Jan/16/...

Evolving GitHub Issues (public preview)

GitHub just shipped the largest set of changes to GitHub Issues I can remember in a few years. As an Issues power-user this is directly relevant to me. The big …

simonwillison.net

Reposted by Johan Berggren

Tailscale @tailscale.com · Jan 8

It's easy to lose sight of the fact that, from a tech perspective, we're absolutely living in the future. Our CEO and co-founder @apenwarr.ca looks at just how powerful our modern machines are — and what that means for all of us

Living in the future, by the numbers

Instead of making the traditional New Year predictions, let’s talk instead about the beautiful technological future we live in: the one that exists right now but we don’t always notice.

tailscale.com

18 47

Johan Berggren @jbn.the4711.net · Jan 8

Wooden satellite.. amazing. And built without nails or glue. Oh Japan, never change ♥️

www.theregister.com/2025/01/08/j...

Japan's wooden satellite leaves International Space Station

Carefully crafted wooden box, LignoSat, is on its own

www.theregister.com

1

Johan Berggren @jbn.the4711.net · Jan 7

Great stuff from @tomchop.me! Memory analysis and Yara support in #OpenRelik

#DFIR

tomchop @tomchop.me · Jan 7

I had a look at #OpenRelik last year and wrote a couple workers that might be useful:

* github.com/tomchop/open...: Scan memory images using @volatilityfoundation.org plugins. Supports Yara rules
* github.com/tomchop/open... - Run Yara rules on a directory. Supports third-party systems like #Yeti!

Demo of the Volatility 3 worker extracting files and plugin output

Demo of the Yara scanner worker showing matches for a dumb DarkComet rule

3 5

Johan Berggren @jbn.the4711.net · Jan 1

Great summary of last year of databases.

Andy Pavlo @andypavlo.bsky.social · Jan 1

Buckle up because we're banging into the new year with my annual retrospective of the last year in databases! Highlights include license change blowback, Databricks vs. Snowflake gangwar, @duckdb.org's shotgun weddings, and buying a quarterback to impress your lover: www.cs.cmu.edu/~pavlo/blog/...

Databases in 2024: A Year in Review

Andy rises from the ashes of his dead startup and discusses what happened in 2024 in the database game.

www.cs.cmu.edu

1

Reposted by Johan Berggren

Simon Willison @simonwillison.net · Dec 31

Here's my end-of-year review of things we learned out about LLMs in 2024 - we learned a LOT of things simonwillison.net/2024/Dec/31/...

Table of contents:

The GPT-4 barrier was comprehensively broken
Some of those GPT-4 models run on my laptop
LLM prices crashed, thanks to competition and increased efficiency
Multimodal vision is common, audio and video are starting to emerge
Voice and live camera mode are science fiction come to life
Prompt driven app generation is a commodity already
Universal access to the best models lasted for just a few short months
“Agents” still haven’t really happened yet
Evals really matter
Apple Intelligence is bad, Apple’s MLX library is excellent
The rise of inference-scaling “reasoning” models
Was the best currently available LLM trained in China for less than $6m?
The environmental impact got better
The environmental impact got much, much worse
The year of slop
Synthetic training data works great
LLMs somehow got even harder to use
Knowledge is incredibly unevenly distributed
LLMs need better criticism
Everything tagged “llms” on my blog in 2024

28 150 650

Johan Berggren @jbn.the4711.net · Dec 22

In Sweden you have to take every opportunity to surf, regardless of the weather and season.. this one is for @halvarflake.bsky.social

(In Swedish, but the picture really tells the whole story :)
www.svt.se/nyheter/loka...

Snöstorm i Jämtland – då surfade Årebor i Kallsjön

Vanligtvis brukar nysnö locka ut människor i backar och skidspår så här års. Men i veckan var det annat som lockade för ett gäng Årebor. Istället för att ta till vara på vinterns första ordentliga snö...

www.svt.se

1 2 10

Johan Berggren @jbn.the4711.net · Dec 21

Home Assistant is an amazing OSS project. I'll excited to build on the new Voice device. I will get mine in a few days, and I can finally talk to my house! Build any automation I can imagen. Custom wake word (ok computer 🖖). LLM function calling anyone...

www.youtube.com/live/ZgoaoTp...

YouTube

Share your videos with friends, family, and the world

www.youtube.com

2

Johan Berggren @jbn.the4711.net · Dec 12

New #OpenRelik release. Task metrics (queue length, completion, failures etc) & new Prometheus exporter. Plus, a new task dashboard for deep dives into task performance.

📝 openrelik.org/changelog/
🔗 discord.gg/hg652gktwX

#DFIR

1 3

Reposted by Johan Berggren

Gergely Orosz @gergely.pragmaticengineer.com · Dec 4

Within software architecture, few people shaped the industry as much as @gradybooch.bsky.social. Safe to say he's a true legend.

In today's The Pragmatic Engineer Podcast episode, he shares fascinating stories, insights, observations.

Watch here: newsletter.pragmaticengineer.com/p/software-a...

14 61 460

Johan Berggren @jbn.the4711.net · Dec 4

When I moved back to Sweden a few years back my team snagged my password in this great tradition. The hack involved ketchup and I was very proud of everyone involved.

bughunters.google.com/blog/6355265...

Blog: The Great Google Password Heist: 15 years of hacking passwords to test our security (and build team culture!)

The Leaving Tradition in Google's security team, which could be described as a type of small-scale offensive security exercise, is a great (and fun) example of team culture. Curious? See this blog pos...

bughunters.google.com

1 7