Ken Pryor
@kdpryor.bsky.social
Retired police officer and digital forensics guy. Former GCFA. Ham radio Extra class. I LOVE Linux. Firm believer in just being nice to people.
So great being back to work in a job I'm really enjoying. Been brushing up on my Wireshark skills this morning before work to help me diagnose some issues. So much fun getting my mind re-engaged on cool stuff.
January 31, 2025 at 12:56 PM
So great being back to work in a job I'm really enjoying. Been brushing up on my Wireshark skills this morning before work to help me diagnose some issues. So much fun getting my mind re-engaged on cool stuff.
Reposted by Ken Pryor
There seemed to be enough interest so I decided to do a write up on what I have found about OneDrive Offline Mode. Hate to burn a forensic artifact but I’m concerned about what Microsoft feels is secure. #DFIR
https://malwaremaloney.blogspot.com/2025/01/onedrive-offline-mode-recallish-vibes.html
https://malwaremaloney.blogspot.com/2025/01/onedrive-offline-mode-recallish-vibes.html
MALoney (It's in the name): OneDrive Offline Mode (Recallish vibes)
Back in April 2024, Microsoft announced a new feature coming to OneDrive for Business called Offline Mode. The feature al...
malwaremaloney.blogspot.com
January 28, 2025 at 2:41 AM
There seemed to be enough interest so I decided to do a write up on what I have found about OneDrive Offline Mode. Hate to burn a forensic artifact but I’m concerned about what Microsoft feels is secure. #DFIR
https://malwaremaloney.blogspot.com/2025/01/onedrive-offline-mode-recallish-vibes.html
https://malwaremaloney.blogspot.com/2025/01/onedrive-offline-mode-recallish-vibes.html
I got a poorly written job offer email last night with a link to an online Office.com application form. Obvious scam & I reported it to MS. Just in case you want to scam anyone, MS confirmed to me that abusing online Office forms for job scams is not a violation of the terms of service.
January 26, 2025 at 3:14 PM
I got a poorly written job offer email last night with a link to an online Office.com application form. Obvious scam & I reported it to MS. Just in case you want to scam anyone, MS confirmed to me that abusing online Office forms for job scams is not a violation of the terms of service.
I saw a link to this terrible post & decided to take a look. The article suggests "free & open source" alternatives for antivirus. One suggestion hasn't had a release in over 20 years. Another that hasn't had a release in 15 years and one more whose Github page indicates it's been 8 years. 1/2
January 25, 2025 at 1:54 AM
I saw a link to this terrible post & decided to take a look. The article suggests "free & open source" alternatives for antivirus. One suggestion hasn't had a release in over 20 years. Another that hasn't had a release in 15 years and one more whose Github page indicates it's been 8 years. 1/2
Reposted by Ken Pryor
Hey! I was on a podcast with some truly great people. Talking about learning in cybersecurity, the jobs market, and more! gettingdefensive.com/getting-defe...
Getting Defensive With Michael Taggart – Getting Defensive Podcast
gettingdefensive.com
January 21, 2025 at 3:40 AM
Hey! I was on a podcast with some truly great people. Talking about learning in cybersecurity, the jobs market, and more! gettingdefensive.com/getting-defe...
Currently half time at a high school basketball game I'm attending and once again I'm pondering what it is about sports that tells people that in order to be a fan of their team they have to be a complete and total a-hole.
January 18, 2025 at 1:52 AM
Currently half time at a high school basketball game I'm attending and once again I'm pondering what it is about sports that tells people that in order to be a fan of their team they have to be a complete and total a-hole.
So excited to be going back to work as of tomorrow after a few months without a job. Going in in the morning to meet with HR and do the on-boarding stuff. Best part of the job is I'm going to be working on things that really interest me with people I already know and like.
January 7, 2025 at 7:58 PM
So excited to be going back to work as of tomorrow after a few months without a job. Going in in the morning to meet with HR and do the on-boarding stuff. Best part of the job is I'm going to be working on things that really interest me with people I already know and like.
Definitely join if you have an interest in a malware reversing and analysis. One of the most welcoming and helpful Discord groups you could hope to find.
🦹♂️ Join our Discord community if you're passionate about reverse engineering & malware analysis! Connect with experts, engage in discussions, & access unique resources 👇
https://buff.ly/4a8HjmE
Whether you're a beginner or experienced, our welcoming environment helps you advance your skills!
https://buff.ly/4a8HjmE
Whether you're a beginner or experienced, our welcoming environment helps you advance your skills!
Home | The Cyber Yeti (TCY) - Grow Your Career
They Cyber Yeti produces engaging cyber security content to help you grow your career!
www.thecyberyeti.com
January 7, 2025 at 2:41 PM
Definitely join if you have an interest in a malware reversing and analysis. One of the most welcoming and helpful Discord groups you could hope to find.
Reposted by Ken Pryor
also, NIMS is 100% @eric.zip's brainchild. he started it a few weeks ago and i've been testing and providing feedback along the way
last week i dove in with him and wrote the middleware for it, github.com/shortstack/n..., and we geeked out all weekend, bingeing shows and making new nerd toys 🥹🌈
last week i dove in with him and wrote the middleware for it, github.com/shortstack/n..., and we geeked out all weekend, bingeing shows and making new nerd toys 🥹🌈
January 7, 2025 at 5:25 AM
also, NIMS is 100% @eric.zip's brainchild. he started it a few weeks ago and i've been testing and providing feedback along the way
last week i dove in with him and wrote the middleware for it, github.com/shortstack/n..., and we geeked out all weekend, bingeing shows and making new nerd toys 🥹🌈
last week i dove in with him and wrote the middleware for it, github.com/shortstack/n..., and we geeked out all weekend, bingeing shows and making new nerd toys 🥹🌈
Reposted by Ken Pryor
Key features of NIMS:
🕐 Incident management & timeline tracking
🔗 Correlation between incidents
🔔 Alert ingestion via webhooks
🔍 IOC enrichment links
✅ Task management
📺 Dashboard views
📚 Documentation
🆓 It's free!
🚀 ...much more!
🕐 Incident management & timeline tracking
🔗 Correlation between incidents
🔔 Alert ingestion via webhooks
🔍 IOC enrichment links
✅ Task management
📺 Dashboard views
📚 Documentation
🆓 It's free!
🚀 ...much more!
January 7, 2025 at 12:42 AM
Key features of NIMS:
🕐 Incident management & timeline tracking
🔗 Correlation between incidents
🔔 Alert ingestion via webhooks
🔍 IOC enrichment links
✅ Task management
📺 Dashboard views
📚 Documentation
🆓 It's free!
🚀 ...much more!
🕐 Incident management & timeline tracking
🔗 Correlation between incidents
🔔 Alert ingestion via webhooks
🔍 IOC enrichment links
✅ Task management
📺 Dashboard views
📚 Documentation
🆓 It's free!
🚀 ...much more!
Reposted by Ken Pryor
Exciting News🚀🎉:
Our @cyber5w.bsky.social Intro to DFIR Course is now FREE!🔍
Please read our announcement found below. The course will also be available for FREE @opensectraining.bsky.social very soon! #DFIR #infosec #cybersecurity #DigitalForensics
cyber5w.com/into-dfir.html
Our @cyber5w.bsky.social Intro to DFIR Course is now FREE!🔍
Please read our announcement found below. The course will also be available for FREE @opensectraining.bsky.social very soon! #DFIR #infosec #cybersecurity #DigitalForensics
cyber5w.com/into-dfir.html
January 7, 2025 at 1:43 AM
Exciting News🚀🎉:
Our @cyber5w.bsky.social Intro to DFIR Course is now FREE!🔍
Please read our announcement found below. The course will also be available for FREE @opensectraining.bsky.social very soon! #DFIR #infosec #cybersecurity #DigitalForensics
cyber5w.com/into-dfir.html
Our @cyber5w.bsky.social Intro to DFIR Course is now FREE!🔍
Please read our announcement found below. The course will also be available for FREE @opensectraining.bsky.social very soon! #DFIR #infosec #cybersecurity #DigitalForensics
cyber5w.com/into-dfir.html
Coming to you live from 2025 Snowpocalypse. My area is forecast to get 8-12 inches of the white stuff mixed with sleet and freezing rain. I'm just hoping the rural electric co-op we have can keep the power on throughout. Here's a pic of the current view out my back door. Everyone be safe out there!
January 5, 2025 at 3:07 PM
Coming to you live from 2025 Snowpocalypse. My area is forecast to get 8-12 inches of the white stuff mixed with sleet and freezing rain. I'm just hoping the rural electric co-op we have can keep the power on throughout. Here's a pic of the current view out my back door. Everyone be safe out there!
I got exciting news on the employment front yesterday. Starting back at a former employer that I miss greatly on a part-time basis for now with the near future plan of being full time. I'm so excited at this opportunity and so very grateful for it.
January 4, 2025 at 2:29 PM
I got exciting news on the employment front yesterday. Starting back at a former employer that I miss greatly on a part-time basis for now with the near future plan of being full time. I'm so excited at this opportunity and so very grateful for it.
@kirbstr.bsky.social I really enjoyed the class today. Very well done!
January 3, 2025 at 2:13 AM
@kirbstr.bsky.social I really enjoyed the class today. Very well done!
Reposted by Ken Pryor
🔐 Learn how to detect and reverse engineer anti-analysis techniques using LockBit3 in this mini-course I created on YouTube 👇
https://buff.ly/3BTy2lv
All of the videos are public now as well 🍻
https://buff.ly/3BTy2lv
All of the videos are public now as well 🍻
Reversing LockBit 3.0 (Black) Anti-Analysis Techniques - DefCon 32 Workshop Extras
This playlist covers analysis that I wasn't able to squeeze into my Defcon32 workshop - Dissecting and Defeating Ransomware's Evasion Tactics. This playlist ...
buff.ly
January 2, 2025 at 7:00 PM
🔐 Learn how to detect and reverse engineer anti-analysis techniques using LockBit3 in this mini-course I created on YouTube 👇
https://buff.ly/3BTy2lv
All of the videos are public now as well 🍻
https://buff.ly/3BTy2lv
All of the videos are public now as well 🍻
One of my jobs these days is being an adjunct Criminal Justice instructor for the local community college district. Last semester was my first time in that role & I'm just over a week away from starting my second time. I'll be teaching Criminal Law 2 (online) & I'm really excited about it.
December 30, 2024 at 2:22 PM
One of my jobs these days is being an adjunct Criminal Justice instructor for the local community college district. Last semester was my first time in that role & I'm just over a week away from starting my second time. I'll be teaching Criminal Law 2 (online) & I'm really excited about it.
Reposted by Ken Pryor
🚀 Embarking on the journey to acquire technical skills in cybersecurity begins with setting up a lab environment, often by creating virtual machines. But where to start? Learn more in these videos 👇
FLARE-VM: https://buff.ly/3DH29Nr
REMnux: https://buff.ly/4fG08OR
Kali: https://buff.ly/3BOj7sN
FLARE-VM: https://buff.ly/3DH29Nr
REMnux: https://buff.ly/4fG08OR
Kali: https://buff.ly/3BOj7sN
Building a VM for Reverse Engineering and Malware Analysis! Installing the FLARE-VM
Building an analysis VM for reversing and malware is step 1!🔥 FREE DOWNLOADABLE PDF - MALICIOUS DOCS QUICK REFERENCEhttps://quickreference.thecyberyeti.com/...
buff.ly
December 26, 2024 at 9:13 PM
🚀 Embarking on the journey to acquire technical skills in cybersecurity begins with setting up a lab environment, often by creating virtual machines. But where to start? Learn more in these videos 👇
FLARE-VM: https://buff.ly/3DH29Nr
REMnux: https://buff.ly/4fG08OR
Kali: https://buff.ly/3BOj7sN
FLARE-VM: https://buff.ly/3DH29Nr
REMnux: https://buff.ly/4fG08OR
Kali: https://buff.ly/3BOj7sN
@bbaskin.bsky.social Still finding and catching up with old friends here at bsky. Hope you are doing well!
December 26, 2024 at 3:02 PM
@bbaskin.bsky.social Still finding and catching up with old friends here at bsky. Hope you are doing well!
Totally agree. I took most of the scam related complaints during the later parts of my police career. I wanted the cases & was always glad to work with victims. If I knew of a job today where I could help scam victims I'd do it.
Idk about y’all but nothing in the cyber world makes me more angry than romance based scamming. It breaks my heart every time I hear a new victim story.
December 20, 2024 at 10:45 PM
Totally agree. I took most of the scam related complaints during the later parts of my police career. I wanted the cases & was always glad to work with victims. If I knew of a job today where I could help scam victims I'd do it.
Reposted by Ken Pryor
I see PDFSkills has a new code-signing certificate "BLACK INDIGO LTD".
#EV #ImpostorCert #Reported
Please don't let your employees use "Free" PDF editing tools.
virustotal.com/gui/file/1c3...
#EV #ImpostorCert #Reported
Please don't let your employees use "Free" PDF editing tools.
virustotal.com/gui/file/1c3...
December 20, 2024 at 3:55 PM
I see PDFSkills has a new code-signing certificate "BLACK INDIGO LTD".
#EV #ImpostorCert #Reported
Please don't let your employees use "Free" PDF editing tools.
virustotal.com/gui/file/1c3...
#EV #ImpostorCert #Reported
Please don't let your employees use "Free" PDF editing tools.
virustotal.com/gui/file/1c3...
Reposted by Ken Pryor
December 20, 2024 at 12:47 AM
Reposted by Ken Pryor
Knowledge is power!
Prepare your #ThreatHunting sessions by gathering intelligence reports on specific topics - could be tools, patterns, or threat actor groups
🏛️ mthcht.github.io/ThreatIntel-...
Now featuring more than 1,000 search results in over 11,000 Intelligence Reports updated regularly!
Prepare your #ThreatHunting sessions by gathering intelligence reports on specific topics - could be tools, patterns, or threat actor groups
🏛️ mthcht.github.io/ThreatIntel-...
Now featuring more than 1,000 search results in over 11,000 Intelligence Reports updated regularly!
December 9, 2024 at 1:12 AM
Knowledge is power!
Prepare your #ThreatHunting sessions by gathering intelligence reports on specific topics - could be tools, patterns, or threat actor groups
🏛️ mthcht.github.io/ThreatIntel-...
Now featuring more than 1,000 search results in over 11,000 Intelligence Reports updated regularly!
Prepare your #ThreatHunting sessions by gathering intelligence reports on specific topics - could be tools, patterns, or threat actor groups
🏛️ mthcht.github.io/ThreatIntel-...
Now featuring more than 1,000 search results in over 11,000 Intelligence Reports updated regularly!
Excellent explanation of fuzzy hashing and even has a lab so you can try it yourself!
New blog post!
"The Role of Fuzzy Hashes in Security Operations"
blog.ecapuano.com/p/the-role-o... #infosec #DFIR
"The Role of Fuzzy Hashes in Security Operations"
blog.ecapuano.com/p/the-role-o... #infosec #DFIR
The Role of Fuzzy Hashes in Security Operations
Enhancing Malware Analysis with Similarity-Based Hashing Techniques
blog.ecapuano.com
December 19, 2024 at 3:50 AM
Excellent explanation of fuzzy hashing and even has a lab so you can try it yourself!