Author | Lightnews

Mari DeGrazia @maridegrazia.bsky.social · Aug 22

Overheard in the grocery store last night:

"Why is beefstew not a good password?"

Me, in my head: "That's terrible. No random numbers, letters, symbols.. actually random phrases..."

Them: "It's not stroganoff"

3

Mari DeGrazia @maridegrazia.bsky.social · Aug 21

Check out this cool new open-source Dark Web Monitoring AI Agent platform by AI Anytime - it looks like it will work with a local LLM too. I know what my next weekend project is going to be :) #AI #LocalLLMs #DFIR

www.youtube.com/watch?v=9e24...

AI Agents for Dark Web Monitoring | AI for Security Agencies

YouTube video by AI Anytime

www.youtube.com

1 2

Mari DeGrazia @maridegrazia.bsky.social · Aug 18

I'm a big believer in local LLMs for DFIR—privacy & security matter. In my keynote, "How to DFIR AI-ze Your Workflow," I demo how to use local LLMs with FOSS tools + share common pitfalls. 🎥 youtu.be/eG2wHGIPCaQ?... #DFIR #FOSS @sansinstitute.bsky.social

Keynote | DFIR AI-ze Your Workflow

YouTube video by SANS Digital Forensics and Incident Response

youtu.be

1

Mari DeGrazia @maridegrazia.bsky.social · Jul 28

Check out this excellent blog post by Ryan Chapman from last month's Stay Ahead of Ransomware live stream. I was bummed I missed this one, but Ryan's recap is great. #DFIR
www.sans.org/blog/shaking...

1 2

Mari DeGrazia @maridegrazia.bsky.social · Jul 7

The SANS #DFIR Summit has always been one of my favorite conferences to attend. This year, I'm excited and honored to be giving the keynote! Attend in person or attend online for free! www.sans.org/cyber-securi...

Digital Forensics & Incident Response Summit & Training 2025 | SANS Institute

Obtain hands-on, practical skills from the world's best instructors by taking a SANS course at DFIR Summit & Training 2025.

www.sans.org

1

Mari DeGrazia @maridegrazia.bsky.social · Jul 7

The SANS Institute #DFIR Summit has always been one of my favorite conferences to attend. This year, I'm excited and honored to be giving the keynote! Attend in person or attend online for free - www.sans.org/cyber-securi...

Digital Forensics & Incident Response Summit & Training 2025 | SANS Institute

Obtain hands-on, practical skills from the world's best instructors by taking a SANS course at DFIR Summit & Training 2025.

www.sans.org

1 1

Mari DeGrazia @maridegrazia.bsky.social · May 29

It's almost here!!! Join Ryan Chapman and me at the SANS Ransomware Summit tomorrow. I will also be hosting an AI workshop over lunch. Learn how to install and use a local LLM. Register for the free conference and workshop here: www.sans.org/cyber-securi...

Ransomware Summit | SANS Institute

SANS Ransomware Summit provides the very best forum for ransomware content and applicable lessons to safeguard ourselves and our organizations from harmful ransomware tactics.

www.sans.org

Mari DeGrazia @maridegrazia.bsky.social · May 19

Thinking about taking the SANS 528 Ransomware course? I love teaching it—not only do we focus on ransomware, but also host-based forensics and analysis at scale. It's great for a wide range of investigations!
Use code FOR528-SUMMIT for 30% off
www.sans.org/cyber-securi...

Ransomware Summit | SANS Institute

SANS Ransomware Summit provides the very best forum for ransomware content and applicable lessons to safeguard ourselves and our organizations from harmful ransomware tactics.

www.sans.org

Reposted by Mari DeGrazia

Curtis @cybershtuff.bsky.social · Apr 2

🚨 New blog: BlackBasta’s leaks show how ransomware crews still exploit hybrid environments while Scattered Spider leans fully into cloud.

Two actors, two strategies. What it means for IR, cloud defense, and ransomware readiness.

👉 invictus-ir.com/news/cloud-h...

#DFIR #CloudSecurity #CTI

Cloud Heavy, Hybrid Ready: Lessons from BlackBasta and Scattered Spider

invictus-ir.com

1

Mari DeGrazia @maridegrazia.bsky.social · Apr 1

Join me, Ryan Chapman and guest @ransomwaresommelier.com today at 10AM PT/ 1PM ET as we talk about the state of Ransomware payments. www.linkedin.com/events/73031...

The State of Ransomware Payments | LinkedIn

Episode One: The State of Ransomware Payments What's going on with ransomware payments? Have they dropped off? Have they gone up? What are we in the global IT community seeing in terms of ransomware ...

www.linkedin.com

1

Reposted by Mari DeGrazia

djannot.bsky.social @djannot.bsky.social · Mar 21

Anthropic explores the advancements and implications of frontier AI.''s dual-use capabilities in cybersecurity and biology. Learn more about their strategies to navigate emerging risks: https://www.anthropic.com/news/strategic-warning-for-ai-risk-progress-and-insights-from-our-frontier-red-team

1

Reposted by Mari DeGrazia

Dr. Shannon Cofield 🪨🗺️🌊 @geoshanz.bsky.social · Mar 13

“Your face looks like a museum.”

For all my geology + ocean peeps 🧪🪨🌊

Dr. Wendy Bohon @drwendyrocks.bsky.social · Mar 13

This is phenomenal geology humor (full video at www.instagram.com/reel/DHHL3fI...)

1 9 54

Mari DeGrazia @maridegrazia.bsky.social · Feb 12

Like usual, the airport charging station is not working. I found a working plug in a pillar and all these strangers are plugged into my charging hub instead 😂 #JustTravelThings

Reposted by Mari DeGrazia

Women in Security and Privacy (WISP) @wisporg.bsky.social · Feb 3

Should you pursue the leadership track or thrive as an individual contributor in cybersecurity? Join us for a panel discussion on February 13 with top security leaders as they share insights on making this career-defining choice. Register now: us06web.zoom.us/meeting/regi...

1 1

Mari DeGrazia @maridegrazia.bsky.social · Feb 3

This is really cool and runs 100% locally - a silent speech recognition tool that reads your lips in real time and types whatever you mouth. The power of local LLMs is amazing. Open source too! - github.com/amanvirparha... #AI.

Mari DeGrazia @maridegrazia.bsky.social · Feb 1

I asked Deepseek-r1 14B to tell me a good digital forensics joke. Watching the thought process is so cute and entertaining... #DFIR #AI

1

Mari DeGrazia @maridegrazia.bsky.social · Jan 25

I'm honored to be hosting the SANS Institute Ransomware Summit in May with Ryan Chapman. 5 days left to submit a talk - we want to hear from you! www.sans.org/mlp/ransomwa...

1

Mari DeGrazia @maridegrazia.bsky.social · Jan 24

WinSCP and Rclone are used by this TA (and others) to exfiltrate data... check out my presentation on WinSCP artifacts to help locate relevant evidence : www.youtube.com/watch?v=sCqy...

Mari DeGrazia @maridegrazia.bsky.social · Jan 24

This is one of my favorite #DFIR #INFOSEC conferences to attend. They have workshops for kids that I want to attend! Kids and students are free, and just $25 to attend. Well worth the price.

cactuscon @cactuscon.com · Jan 24

CactusCon is FEBRUARY 14-15, packed with great talks, people, and sponsors.

Much thanks to our Gold Sponsor Hunters. They've got a SIEM packed with automation and AI to help cybersecurity teams deal with threats. Meet their team in the Main Hall at CC13!

#cc13

Mari DeGrazia @maridegrazia.bsky.social · Jan 24

One of my favorite tools for BEC cases just had a nice update! If you are working BEC cases, make sure and check it out
www.invictus-ir.com/news/the-mic...

Release: Microsoft Extractor Suite v3

www.invictus-ir.com

1

Reposted by Mari DeGrazia

Phill Moore @phillmoore.bsky.social · Jan 19

Week 03 - 2025 #DFIR
thisweekin4n6.com/2025/01/19/w...

Week 03 – 2025

ThinkDFIRSRUMday Funday! Akash PatelHandling Incident Response: A Guide with Velociraptor and KAPE BelkasoftEmail Forensics with Belkasoft X Christopher Eng at Ogmini Homelab Part 1 – The Cur…

thisweekin4n6.com

4 5

Reposted by Mari DeGrazia

mthcht @mthcht.bsky.social · Jan 4

I made a windows #DFIR artifacts collection MindMap, it's tough to fit everything into a readable overview (might change later)

1 12 23

Mari DeGrazia @maridegrazia.bsky.social · Dec 29

Time for a decaf latte and a wrap up from last week's forensic goodies!

Phill Moore @phillmoore.bsky.social · Dec 29

Week 52 - 2024 #DFIR
thisweekin4n6.com/2024/12/29/w...

Week 52 – 2024

Akash Patel Update on My Azure Incident Response Series SentinelOne(P5- Incidents): A Practical Guide SentinelOne(P6- ISPM/Application Management): An Practical Training Digital Forensics Myanmar M…

thisweekin4n6.com

2

Reposted by Mari DeGrazia

Markus @mascho.bsky.social · Dec 28

For those looking to practice a realistic #DFIR scenario, here is a free case for you to investigate.

Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File

Link: bluecapesecurity.com/courses/elev...

Elevate Your DFIR Skills: Deeper Insights and Practical Applications - Blue Cape Security

bluecapesecurity.com

1 4 9

Mari DeGrazia @maridegrazia.bsky.social · Dec 24

Found my first #cruisingducks during my Christmas 🎄 cruise this year. Should I rehide it, or keep it???