DFIR Notes @DfirNotes
design, build, teach threat-informed information security programs and techniques. Also: retweets of interesting classes, tools, research. They/them dfirnotes.net Earth (Sol-3) Joined October 2015-
Tweets13K
-
Followers962
-
Following233
-
Likes1K
(1/n) WinDbg finally released outside the store, and no more "Preview"! Ecstatic to see my old team hit this milestone! It's come so far since @aluhrs13 and I started the "WinDbgNext" project so many years ago. learn.microsoft.com/en-us/windows-…
For $20 a month, you get access to a bunch of knowledge from smart people like @ForensicITGuy on topics from malware analysis to network forensics to EXCEL ❤️, and much more. This isn't sponsored, I just think it's awesome they're making such useful content so accessible!
For $20 a month, you get access to a bunch of knowledge from smart people like @ForensicITGuy on topics from malware analysis to network forensics to EXCEL ❤️, and much more. This isn't sponsored, I just think it's awesome they're making such useful content so accessible!
Domain fronting is hands-down the weirdest thing. I think a lot of blue team (including myself) would have heard the term over the years without looking into it. 1/4
Domain fronting is hands-down the weirdest thing. I think a lot of blue team (including myself) would have heard the term over the years without looking into it. 1/4
@Cyb3rMonk I think it depends on what you want the EDR. Personally, I have never looked at an EDR as a source for detection but a source of telemetry. I see vendors say they detect "x", but I have always used that as one of my detections for a given operation versus the sole detection.
Anyone who wants a mentor, to give back to the community, or to just share resources should definitely check out #CyberMentoringMonday loads of amazing people and info in the tag!!
Introducing VT4Splunk, our official App for @splunk blog.virustotal.com/2023/03/introd… by @TheTravelr
Reminded by @jaredcatkinson what an invaluable project Security Datasets is: OSS initiative that contributes malicious & benign datasets from different platforms to expedite data analysis & threat research. @Cyb3rWard0g @Cyb3rPandaH github.com/OTRF/Security-…
Our Sigma rule extension for @code got a major update by my team member @paulhagertheo It allows lookups of similar and related rules & uses a new web service to do that it's still new & only superficially tested - feedback & bug reports are welcome marketplace.visualstudio.com/items?itemName…
Our call for sponsors is open! Our prospectus is now up at dianainitiative.org/sponsor/?utm_c… Your support will help us do even more amazing things this year. Great opportunity to connect & support #womenInTech #diversity in #infosec #LeadTheChange #TDI2023
"The labs were fun and interesting. The feedback is fast and insightful...I'm not used to that much interaction with an instructor in an asynchronous course!" - Rob
"If you pay attention and give Investigation Theory its due, you will come out the other side a much better analyst for having taken it."
@netresec @GuhnooPlusLinux That said, the way meterpreter does TLS is strange, so you can do detection on how it behaves. However, again... this is defaults, you can change the TLS behavior in your payload options and advanced options.
well, Balkan Cyberia finally has a cover and it is marching robotically towards its publication on the 13th June with @mitpress! It has spies & cyborgs, not just apparatchiks - and will be open access but if you want a copy, there will be a discount code! mitpress.mit.edu/9780262545129/…
IMO, BYOD is *the most expensive* cost savings measure ever.
IMO, BYOD is *the most expensive* cost savings measure ever.
We often get asked how to land a job in cybersecurity. In today's video, Heath discusses the importance of community and giving back as one of the important steps to getting a job in cybersecurity. youtu.be/pJimy574Sh8
New release: #PEbear 0.6.5: github.com/hasherezade/pe… - several new features, fixes and improvements - check it out!
I'll be giving a talk next week over my journey into #DFIR and give some tips to help others find their way into this space! #memoryforensics #malware #infosec #infosecurity
I'll be giving a talk next week over my journey into #DFIR and give some tips to help others find their way into this space! #memoryforensics #malware #infosec #infosecurity
Assert dominance in your ticket queue by submitting all technical details necessary with screenshot of Hello Kitty terminal.
Happy 1st anniversary to @NonprofitCyber!
#SLEUTHCON provides cybersecurity newcomers & professionals the opportunity to learn from industry experts in easy-to-follow 30 min talks. Join us online or in Arlington, VA on 5/12! Register today at sleuthcon.com. #cybercrime #infosec #cyberattacks #CTI #ransomware
Florian Roth ⚡️ @cyb3rops
206K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
💻 Sherrod DeGrippo... @sherrod_im
36K Followers 7K Following Weird security voyeur. Vibe merchant. CISO of your 🩷 Official USPS fan account. 🎉 Host of THE Microsoft Threat Intelligence Podcast. I like crime actors.
Will @BushidoToken
36K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
Heather Mahalik Barnh... @HeatherMahalik
23K Followers 1K Following DFIR @cellebrite, Faculty Fellow & author @sansforensics #FOR585 #FOR500, wife, mama, researcher, USAF. Trust but validate. Thoughts are mine.
J⩜⃝mie Williams @jamieantisocial
10K Followers 7K Following threats && stuff || #UNC1799 forever 🤘|| @DistrictHeather ♥️ + 🍷 **𝚅𝚒𝚎𝚠𝚜 𝚎𝚡𝚙𝚛𝚎𝚜𝚜𝚎𝚍 𝚊𝚛𝚎 𝚖𝚈 օ𝚠𝚗**
DFIR Diva @DfirDiva
21K Followers 5K Following DFIR Analyst trying to learn all the things | DFIR Blog for Beginners | Founder @GetYourStart | https://t.co/7cHco4FjUS
Microsoft Threat Inte... @MsftSecIntel
187K Followers 1K Following We are Microsoft's global network of security experts. Follow for security research and threat intelligence.
Eric Capuano - Bsky: ... @eric_capuano
11K Followers 3K Following Co-Founder @recon_infosec | SANS DFIR Instructor | IANS Faculty | https://t.co/yUXCSu2Yso | ⬡ ❤ @shortxstack
corgi @corg_e
53K Followers 3K Following ssh'd into the espresso machine | (mostly) harmless pentester | president @bsidesnash | @defcon615 | chaotic neutral
Nicole Beckwith @NicoleBeckwith
42K Followers 7K Following Director, Security Operations @kroger 🍓 Intel, Hunting, IR, Detection Engineering, Insider Risk, Fraud & Forensics 💻 Fmr LE & DFIR for OH & Secret Service TF.
Ryan "Chaps" Chapman @rj_chap
8K Followers 3K Following DFIR & malware analyst. @sansforensics FOR528 Author & FOR610 Instructor. @CactusCon crew. Husband & father. Comments = own.
Phill Moore @phillmoore
9K Followers 3K Following This Week in 4n6 // ThinkDFIR // SANS // CyberCX (DFIR) https://t.co/vLyL2sxTuy I might not know much, but I do know how to Google Tweets are mine
deaddisk @dead_disk
7 Followers 85 Following
Tawengwa Toronga @TawengwaToronga
21 Followers 369 Following
TWPro_RandomX @TwproR80891
0 Followers 91 Following
Yusuf Talha ARABACI @yusufarbc
0 Followers 318 Following I am an engineer who develops himself in language-independent concepts related to software, does research in the field of Cyber Security, is interested in Cyber
shlok aaptee @Shlokaptee
6 Followers 126 Following
Constantinos Evangelo... @qlean
27 Followers 504 Following
Hussein Sherafat @Hussein_Sherafa
233 Followers 6K Following
L², PhD @L_Lgde
669 Followers 3K Following DFIR, Malware & CTI. Head of a CSIRT. Ex @ANSSI_FR. PhD in intl law. Mostly working on Chinese #APT but also on russian and cybercrime actors #CTI #Malware
Andrew Joseph @jose3253
49 Followers 802 Following
Vincent.Y @v_iy64
141 Followers 5K Following
JunkerXL @JunkerAF
0 Followers 2K Following
Amorodio @xoamorodio
1 Followers 61 Following
7-Zark-7 @7Zark76
239 Followers 2K Following «Φύσει μέν ἐστιν ἄνθρωπος ζῷον πολιτικόν» | IT Guy | Also, Star Trek Online and Humour
. @HolaWorldO
6 Followers 111 Following
Abolfazl Hayati @HayatiAbolfazl
6 Followers 377 Following و تو چه میدانی، شاید تقدیرت بهتر از آرزویت باشد…
hi @dingoman45
2 Followers 73 Following
KhaTsjing @pwetpwetet
115 Followers 482 Following
Jen McCabre @S0B0MA
171 Followers 247 Following
AbdulJalil Jibril @Abdul23180
58 Followers 482 Following ISC2 Certified in CyberSecurity /Digital forensics investigator/+DFMC
Javier Alejandro @JavierA13286076
0 Followers 11 Following
Macky @Macky9918
18 Followers 51 Following
bullfrog9355 @bullfrog9355
1 Followers 180 Following
Geri Pyle @PyleGeri14779
0 Followers 24 Following
Xe1phix @xe1phix
133 Followers 2K Following Linux Systems Engineer, studying malware analysis, memory forensics, & kernel hardening. GPG Key: https://t.co/BQS4zj2Xpk…
Oxdine @DINESHPrathi12
232 Followers 7K Following #CybersecurityResearcher #Ethical Hacking #Pentester #IoT #CodeReview #WirelessSecurity #Automotive #NatureEnthusiast
Cliff @CMUK20
104 Followers 423 Following Husband, Father and Trained Monkey. CISMP | GICSP | GCIH | CISSP | GCFE | Based in the UK.
Mostafa @mostafasg1990
129 Followers 2K Following
enthusiast @enthusiast16240
0 Followers 123 Following
🅜 @Mostafa_3zzat0
287 Followers 225 Following مازلت علي أرض الواقع بس دماغي مسافرة --------- زايبر زيكيورتي | آتاك بقي وكده ❤️
NBFTools @NbfTools
6 Followers 53 Following We offer Digital Forensic imaging and analysis products, customized training, and expert consultation services to help you achieve the best results. #DFIR
0xW43L @GhnimiWael
683 Followers 4K Following CTI Researcher | SRT Member @synack | X-Red-Teamer | X-Blue-Teamer | Bug Bounty Hunter | OSEP | eWAPTx | arcX ... Hunt threats, secure systems, learn always.
Vlad Baader @BaaderVlad
3 Followers 115 Following
MalwareUpdates @HashShaw50040
30 Followers 753 Following Hunting Malwares #Malware #Threathunting #DFIR
VTHANG @VTHANG28692635
10 Followers 696 Following
Alejandro Chirivella @alejandrochiri_
17 Followers 344 Following DFIR Analyst | Cybersecurity Enthusiast 🔍💻 | Digital Forensics & Incident Response – finding answers in the chaos. #DFIR #CyberSecurity #Infosec
Adli Bilişim Uzmanı @adlibilisim4n6
163 Followers 349 Following Adli Bilişim, HTS, CGNAT, Mobil Cihaz İncelemeleri. [email protected]
BTD @TheDukeZip
2K Followers 2K Following Hacker. Relapsing denim snob. Spin class connoisseur and cyclocross wannabe.
vx-underground @vxunderground
368K Followers 290 Following The largest collection of malware source code, samples, and papers on the internet. Password: infected
Florian Roth ⚡️ @cyb3rops
206K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Chris Sanders 🔎 �... @chrissanders88
34K Followers 489 Following Ed.D. | Founder @networkdefense @RuralTechFund | Former @Mandiant, DoD | Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSM
Katie Nickels @likethecoins
55K Followers 3K Following Director of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
SANS DFIR @sansforensics
109K Followers 98 Following The world's leading Digital Forensics and Incident Response provider. This feed updates you on latest DFIR news, events, and training.
💻 Sherrod DeGrippo... @sherrod_im
36K Followers 7K Following Weird security voyeur. Vibe merchant. CISO of your 🩷 Official USPS fan account. 🎉 Host of THE Microsoft Threat Intelligence Podcast. I like crime actors.
Will @BushidoToken
36K Followers 3K Following Senior Threat Intel Advisor @TeamCymru | Co-founder @CuratedIntel | Co-author @SANSForensics FOR589 | Co-founder @BSidesBournemth | @darknetdiaries #126: REvil
Thomas Roccia 🤘 @fr0gger_
31K Followers 2K Following AI Security x Threat Intel · Sr. Threat Researcher @Microsoft · Creator of #Unprotect & #NOVA · Malware Warlock · Python 🧡 · Prev @McAfee_Labs · Views mine 😈
Heather Mahalik Barnh... @HeatherMahalik
23K Followers 1K Following DFIR @cellebrite, Faculty Fellow & author @sansforensics #FOR585 #FOR500, wife, mama, researcher, USAF. Trust but validate. Thoughts are mine.
Mick Douglas 🇺🇦... @bettersafetynet
30K Followers 568 Following Consultant for InfoSec Innovations | @SANSInstitute Principal Instructor | @IANS_Security Faculty | I like information security. How about you?
Microsoft Threat Inte... @MsftSecIntel
187K Followers 1K Following We are Microsoft's global network of security experts. Follow for security research and threat intelligence.
Unit 42 @Unit42_Intel
63K Followers 82 Following The latest research and news from Unit 42, the Palo Alto Networks (@paloaltontwks) Threat Intelligence and Security Consulting Team covering incident response.
corgi @corg_e
53K Followers 3K Following ssh'd into the espresso machine | (mostly) harmless pentester | president @bsidesnash | @defcon615 | chaotic neutral
13Cubed @13CubedDFIR
7K Followers 0 Following The official Twitter account for 13Cubed. Follow @davisrichardg for my personal account.
TCM Security @TCMSecurity
207K Followers 360 Following Come learn to hack at TCM Security Academy! Veteran owned. Quality results.
𝙽𝙴𝚃𝚁𝙴�... @netresec
9K Followers 815 Following Experts in Network Forensics and Network Security Monitoring. Creators of #NetworkMiner, #CapLoader, #PacketCache, #PolarProxy and #RawCap.
Phill Moore @phillmoore
9K Followers 3K Following This Week in 4n6 // ThinkDFIR // SANS // CyberCX (DFIR) https://t.co/vLyL2sxTuy I might not know much, but I do know how to Google Tweets are mine
SANS Institute @SANSInstitute
191K Followers 417 Following SANS is the most trusted and by far the largest source for information & cyber security training, certification and research in the world.
SANS.edu Internet Sto... @sans_isc
116K Followers 86 Following @[email protected] - https://t.co/8IgCGtJnZd - Global Network Security Information Sharing Community -
Katie Paxton-Fear @InsiderPhD
93K Followers 2K Following Dr, apparently. Security Adovcate @semgrep & Hacker. #BugBounty hunter & #infosec YouTuber. APIs & Interlinked OffSec, PhD in AI+Sec @hacknotcrime. she/her
Philippe Teuwen @doegox
4K Followers 1K Following If you can't root it you don't own it. doegox infosec exchange
Kimberly McKinnis @starbreiz
903 Followers 2K Following Silicon Valley Pittsburgh-at-heart computer geek/music nerd. Sparkly NetEng Princess and Mistress of VPN. She/her
Turbinia @TurbiniaProj
61 Followers 4 Following Automation and Scaling of Digital Forensics Tools. Turbinia is an open-source framework for deploying, managing, and running distributed forensic workloads.
Jesse Spangenberger @AzuleOnyx
523 Followers 982 Following Geek / Computer Networking & Security / SBT Student Advisor/ Supports @csilinux, @tsurugi_linux, and Open-Source Tools/ Runs @DfirFenix
Prelude @preludeorg
2K Followers 506 Following Prelude is building the next generation of endpoint security to augment existing tools and catch the threats they can't see yet.
OpenSecurityTraining2 @OpenSecTraining
9K Followers 17 Following 501(c)3 Nonprofit providing Open Source and Open Access computer security training material. #OST2 re-launched July 2021! [email protected]
TheCyberQueens @TheCyberQueens
409 Followers 49 Following The Cyber Queens Podcast featuring @SheWhoHacks @EakinsErika and @EngineerAmber
Reverse Engineering a... @re_and_more
15K Followers 521 Following RE and More by Alexey Kleymenov (https://t.co/s1pWjL46AW). Private classes and group workshops in malware analysis and reverse engineering. #infosec #malware
Vincent Le Toux (Pari... @mysmartlogon
12K Followers 58 Following Author of #PingCastle, contributor to #mimikatz (DCSync, setntlm, DCShadow) and #OpenSC. Wrote GIDS applet, OpenPGP card driver on Windows and OpenSC stuff.
Howard Oakley, Eclect... @howardnoakley
4K Followers 137 Following Chief illuminator at the Eclectic Light Company, writing about macOS, paintings; author of over 40 free utilities for macOS.
msticpy @msticpy
850 Followers 21 Following #msticpy is an open source library for InfoSec investigation and hunting in #Jupyter Notebooks and #Python.
Thinkst Canary @ThinkstCanary
13K Followers 10K Following Most companies only realise they are breached when informed by a 3rd party. This is a stupid problem! Thinkst Canary. Know. When it Matters.
Threat Insight @threatinsight
11K Followers 218 Following @Proofpoint's insights on targeted attacks & the security landscape. Follow us on Bluesky: https://t.co/8OVfhotdeP
Reid Gilman @reidgilman
102 Followers 268 Following SOC maturity, training, security architecture. Practical advice. Founder, Watch City Cybersecurity. Also handstands. he/him. retweets ≠ endorsement
wallfacer @simplylurking2
1K Followers 1K Following
Igor Bogdanov @IgorBog61650384
1K Followers 134 Following Introverted blue teamer and hobbiest hardware researcher - I like to find out how things work, and prevent others from breaking them.
Gerald Combs @geraldcombs
4K Followers 99 Following Creator & lead developer, Wireshark. Works at Sysdig. He/him. Mostly over at @[email protected] and @geraldcombs.bsky.social now.
🇺🇦 Joe Gray aka... @C_3PJoe
14K Followers 2K Following Abandoned account. BlueSky: C_3PJoe & Mastodon: JOSINT. Threat Intel; 5x Black Badge; Views: my own; https://t.co/eGtH4P4tzV
🦊🇦🇲 th3CyF0x... @th3cyF0x
2K Followers 805 Following 赤城 cyFox 🦊. #ThoughtSmuggler "Go forth and impose cost." #DEATHCon. Former @Mandiant @grimmcyber #100DaysofYara Honorable Intentions. Deviant Methods.
Maya Kaczorowski @MayaKaczorowski
10K Followers 805 Following I love puzzles almost as much as ice cream. she/her @[email protected]
Black Lotus Labs @BlackLotusLabs
3K Followers 586 Following The official Threat Research and Operations arm of @lumentechco. Providing #ThreatIntelligence to help protect our customers and keep the internet clean.
Anuj Soni @asoni
3K Followers 353 Following https://t.co/pXcki8DdvF — Malware Reverse Engineer. Instructor & Author @SANSInstitute (FOR710, FOR610). Occasional YouTuber.
Maril Vernon (Find me... @shewhohacks
10K Followers 377 Following “The One Woman Purple Team” Sr Sec Eng @ Aquia. Host of @TheCyberQueens Podcast. For help breaking in to #cybersecurity see @FearlessSec and @Maekshyft.
Jun34u @Jun34u_sec
12K Followers 3K Following Alaskan in LA & chaotic idealist. Game Theorist. cDc cultist. Forever Script Kiddy @DC214DFW! @nyu_cse Fellow! She/They 🏳️🌈🏴☠️
Dwayne Green @N00bTester
204 Followers 160 Following
Thomas Patzke @blubbfiction
5K Followers 445 Following Incident Response, Threat Hunting. Opensource security tool developer (https://t.co/2twMtVpZtL). Moved to @[email protected]
Simson Garfinkel @xchatty
2K Followers 2K Following Computer scientist & journalist, specializing in AI, privacy, ethics, big data, usability and security. My opinions here. ORCID 0000-0003-1294-2831
Krebs Stamos Group @KrebsStamos
3K Followers 20 Following We can turn your greatest cybersecurity challenges into triumphs.
Antisyphon Training @Antisy_Training
6K Followers 422 Following Antisyphon Training is here to disrupt the traditional training industry by providing high-quality and affordable education to everyone.
gender of the day @genderoftheday
75K Followers 0 Following Genderbot lets us outsource our feelings about gender to a bot, which I think should free up a lot of mental space for other things. Botparent: @mishafletch
Tyler Hudak @SecShoggoth
7K Followers 958 Following Reverse Engineering, IR, InfoSec. Also huge RPG guy. Elder of the Internet. Tweets and opinions are my own and not the views of my employer.
Mara @m_ou_se
45K Followers 415 Following Rust dev, Electronics engineer, Author, @rustlang Library team lead, ADHD, Polyamorous, Lesbian, She/Her
Jen Miller Osborn @jadefh
2K Followers 2K Following Head of Intelligence R&D at NetWitness. Co-founder of Unit 42 - Palo Alto Networks and NCIJTF, co-creator of ATT&CK, USAF vet. She/Her.
Doug Bienstock @doughsec
2K Followers 112 Following IR Leader @Mandiant. Hacking things and responding to things being hacked. Opinions my own
SecuriTeeStar @SecuriTeeStar
467 Followers 464 Following FITS TO FLATTER ALL | Just Say No to the Unisex Tee | Hacker/InfoSec Apparel | Support the movement https://t.co/7Apr4GoKiO
CYBERWARCON @CYBERWARCON
6K Followers 570 Following #CYBERWARCON 2025 Registration and CFP are now open | 📧 Subscribe to receive updates at https://t.co/5lb0WvK6MJ
crads @crads_io
34 Followers 13 Following
Malik 4stacks @Malik4thousand
202 Followers 417 Following #KSUGRAD| #FAMU | #RiseUp | #TrueToAtlanta | #AimHighFlyFightWin | Imitation #Chef | #HBCUBands #Videographer
Diaz @CaptainDiaz_GB
9 Followers 56 Following Cybersecurity Professional Independent Videographer AP Computer Science Instructor
Scoubi @ScoubiMtl
2K Followers 259 Following All Things BloodHound | InfoSec, Threat Hunting, Detection Engineering, DFIR and some personal stuff.
Paul Masek @paulmasek... @paul_masek
696 Followers 1K Following IT Recruitment Consultant. @BSidesFortWayne Co-founder. GSEC & GIAC Advisory Board. #detectionengineering & #threathunting fan.
Dr. Anton Chuvakin @anton_chuvakin
41K Followers 9K Following Information security - #SIEM, #DFIR, #EDR formerly at Gartner! Now @GoogleCloud Office of the #CISO; host of @CloudSecPodcast https://t.co/VpKtfz8nXG
Web Security Academy @WebSecAcademy
130K Followers 36 Following Free web security training from @PortSwiggerTrends for United States
You might like
