Rory
@sleuthifer.bsky.social
// Digging through ya artifacts - DFIR // Running out of “It is what it is” // Dumpster Firefighter -> Preventer of Dumpster Fires @ Internal SecOps
Crack up read from the WATCHTOWR team, highly recommend for an educational giggle.
labs.watchtowr.com/more-governm...
labs.watchtowr.com/more-governm...
Backdooring Your Backdoors - Another $20 Domain, More Governments
After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process...
labs.watchtowr.com
January 9, 2025 at 8:47 AM
Crack up read from the WATCHTOWR team, highly recommend for an educational giggle.
labs.watchtowr.com/more-governm...
labs.watchtowr.com/more-governm...
Reposted by Rory
Happy New Year! 🎉🥳 The first 13Cubed episode of 2025 is here! Let's explore some groundbreaking research from CyberCX on “rewinding the NTFS USN Journal.” www.youtube.com/watch?v=GDc8... #DFIR
Be Kind, Rewind... The USN Journal
YouTube video by 13Cubed
www.youtube.com
January 6, 2025 at 12:36 PM
Happy New Year! 🎉🥳 The first 13Cubed episode of 2025 is here! Let's explore some groundbreaking research from CyberCX on “rewinding the NTFS USN Journal.” www.youtube.com/watch?v=GDc8... #DFIR
Reposted by Rory
Reposted by Rory
Agreed 😄 please refer to the “actually interesting to read content” part of that sentence.
January 4, 2025 at 10:36 PM
Agreed 😄 please refer to the “actually interesting to read content” part of that sentence.
Hey Harlan, are you using flat files for timelines or host analysis?
January 3, 2025 at 11:22 PM
Hey Harlan, are you using flat files for timelines or host analysis?
Reposted by Rory
How do you track DFIR timelines and findings? There doesn't seem to be a one size fits all solution in the industry.
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
CrowdStrike Services Releases Free Incident Response Tracker
This blog post provides an overview of the newly released CrowdStrike Incident Response Tracker and how it is leveraged by our experts on the front lines.
www.crowdstrike.com
January 3, 2025 at 7:41 PM
How do you track DFIR timelines and findings? There doesn't seem to be a one size fits all solution in the industry.
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
OneNote or Microsoft Loop for triage and deeper dive host analysis 🕵️♂️
January 3, 2025 at 8:59 PM
OneNote or Microsoft Loop for triage and deeper dive host analysis 🕵️♂️
A slightly modified version of the CrowdStrike Excel Sheet. Aurora IR is an option but I prefer the excel imo
January 3, 2025 at 8:56 PM
A slightly modified version of the CrowdStrike Excel Sheet. Aurora IR is an option but I prefer the excel imo
Where about was this? Planning a surf trip 🌊 I’ve had penguins and seals in NZ but no dolphins… yet
December 30, 2024 at 11:42 PM
Where about was this? Planning a surf trip 🌊 I’ve had penguins and seals in NZ but no dolphins… yet
Reposted by Rory
So, the other day I started to whisper and my wife asked why I was whispering? I told her I didn't want Mark Zuckerberg to hear us.
I laughed.
My wife laughed.
Alexa laughed.
Siri laughed.
I laughed.
My wife laughed.
Alexa laughed.
Siri laughed.
December 30, 2024 at 11:11 AM
So, the other day I started to whisper and my wife asked why I was whispering? I told her I didn't want Mark Zuckerberg to hear us.
I laughed.
My wife laughed.
Alexa laughed.
Siri laughed.
I laughed.
My wife laughed.
Alexa laughed.
Siri laughed.
Them Bastogne episodes hit different… I may need to join ya
a soldier in a helmet sits in the snow
ALT: a soldier in a helmet sits in the snow
media.tenor.com
December 30, 2024 at 3:44 PM
Them Bastogne episodes hit different… I may need to join ya
Can’t beat a good ankle nut
December 29, 2024 at 12:03 AM
Can’t beat a good ankle nut
What’s the suggested alternative in your opinion? Agreed Google sucks
December 28, 2024 at 11:43 PM
What’s the suggested alternative in your opinion? Agreed Google sucks
Godspeed brave man 🙏
December 28, 2024 at 11:39 PM
Godspeed brave man 🙏
Reposted by Rory
December 16, 2024 at 9:58 PM
Sir please! Some respect.
December 10, 2024 at 1:16 PM
Sir please! Some respect.
