ChocolateCoat
@chocolatecoat4n6.com
💼 DFIR for Cisco Talos Incident Response. Thoughts are my own.
📝 Blog: https://chocolatecoat4n6.com/
✨NBA • Comics • Movies/TV • Tekken • Anime/Weeb • Human Centric Design • Drawing/Digital Art • Home Design • Forensics • Paleontology • Menswear
📝 Blog: https://chocolatecoat4n6.com/
✨NBA • Comics • Movies/TV • Tekken • Anime/Weeb • Human Centric Design • Drawing/Digital Art • Home Design • Forensics • Paleontology • Menswear
Reposted by ChocolateCoat
Think you know Cisco Talos Incident Response? Join us over the next few weeks to bust some common myths about our services. First up...
October 15, 2025 at 3:24 PM
Think you know Cisco Talos Incident Response? Join us over the next few weeks to bust some common myths about our services. First up...
Appreciate folks tuning in or attending my talk for Wild West Hackin' Fest, if you are interested in the slides I have them here below
github.com/chocolatecoa...
github.com/chocolatecoa...
github.com
October 9, 2025 at 8:39 PM
Appreciate folks tuning in or attending my talk for Wild West Hackin' Fest, if you are interested in the slides I have them here below
github.com/chocolatecoa...
github.com/chocolatecoa...
Cannot wait to present at this con, hoping to meet up with a few of y’all
Don’t go missin’ Terryn Valikodath's campfire talk, "Analysis without Paralysis: Mastering the Art of Investigation," ridin’ into Wild West Hackin' Fest - Deadwood 2025! Grab yer tickets to the con here: wildwesthackinfest.com/register-for...
October 8, 2025 at 12:18 AM
Cannot wait to present at this con, hoping to meet up with a few of y’all
Reposted by ChocolateCoat
When a cybersecurity crisis strikes, Cisco Talos Incident Response transforms chaos into control. Read our latest blog for a behind-the-scenes look at what happens when you engage our team: cs.co/63324AZeIQ
September 24, 2025 at 2:22 PM
When a cybersecurity crisis strikes, Cisco Talos Incident Response transforms chaos into control. Read our latest blog for a behind-the-scenes look at what happens when you engage our team: cs.co/63324AZeIQ
After wayyyy too long. I've updated my DF/IR templates for documentation. I've added fictional examples within the docs so you can see a good reference and how it's intended.
github.com/chocolatecoa...
github.com/chocolatecoa...
September 7, 2025 at 12:06 AM
After wayyyy too long. I've updated my DF/IR templates for documentation. I've added fictional examples within the docs so you can see a good reference and how it's intended.
github.com/chocolatecoa...
github.com/chocolatecoa...
Would love for anyone interested to join us and hear about what we’re doing out here!
Join Cisco Talos Incident Response for an off-the-record briefing on how we tackle threats on the frontlines. Real stories, real lessons. Register now: cs.co/IRTales
August 5, 2025 at 12:32 PM
Would love for anyone interested to join us and hear about what we’re doing out here!
Hope you all can make my talk at @blueteamcon.com! Super excited to be able to talk all about investigation!
🚨Blue Team Con 2025 Talk Alert🚨
Talk Title: Analysis without Paralysis: Mastering the Art of Investigation
Presented by: Terryn Valikodath
See abstract: blueteamcon.com/directory/an...
Talk Title: Analysis without Paralysis: Mastering the Art of Investigation
Presented by: Terryn Valikodath
See abstract: blueteamcon.com/directory/an...
July 22, 2025 at 3:59 PM
Hope you all can make my talk at @blueteamcon.com! Super excited to be able to talk all about investigation!
Finally got around to writing another post, appreciate all the views!
Why Learning Through Books is Key in Cybersecurity
📚 Types of Books
☯️ The Tao of Books
🏫 Other Sources of Information
chocolatecoat4n6.com/2025/04/09/w...
#DFIR #CyberSecurity #books #infosec
📚 Types of Books
☯️ The Tao of Books
🏫 Other Sources of Information
chocolatecoat4n6.com/2025/04/09/w...
#DFIR #CyberSecurity #books #infosec
Why Learning Through Books is Key in Cybersecurity
If you’re diving into cybersecurity, remember: you’re always learning! Books, despite some hesitations, are key to that journey. They offer depth and context, unlike quick online conten…
chocolatecoat4n6.com
April 10, 2025 at 11:36 AM
Finally got around to writing another post, appreciate all the views!
Why Learning Through Books is Key in Cybersecurity
📚 Types of Books
☯️ The Tao of Books
🏫 Other Sources of Information
chocolatecoat4n6.com/2025/04/09/w...
#DFIR #CyberSecurity #books #infosec
📚 Types of Books
☯️ The Tao of Books
🏫 Other Sources of Information
chocolatecoat4n6.com/2025/04/09/w...
#DFIR #CyberSecurity #books #infosec
Why Learning Through Books is Key in Cybersecurity
If you’re diving into cybersecurity, remember: you’re always learning! Books, despite some hesitations, are key to that journey. They offer depth and context, unlike quick online conten…
chocolatecoat4n6.com
April 9, 2025 at 1:44 PM
Why Learning Through Books is Key in Cybersecurity
📚 Types of Books
☯️ The Tao of Books
🏫 Other Sources of Information
chocolatecoat4n6.com/2025/04/09/w...
#DFIR #CyberSecurity #books #infosec
📚 Types of Books
☯️ The Tao of Books
🏫 Other Sources of Information
chocolatecoat4n6.com/2025/04/09/w...
#DFIR #CyberSecurity #books #infosec
Reposted by ChocolateCoat
Cisco Talos’ 2024 Year in Review is available now! With visibility into more than 886 billion security events per day, the report features our key insights. Read the full report here: http://cs.co/63320FzuMG
March 31, 2025 at 12:05 PM
Cisco Talos’ 2024 Year in Review is available now! With visibility into more than 886 billion security events per day, the report features our key insights. Read the full report here: http://cs.co/63320FzuMG
Reposted by ChocolateCoat
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
March 24, 2025 at 9:08 AM
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
Reposted by ChocolateCoat
From threat hunting, detection building, vulnerability discoveries and incident response, Cisco Talos shows up every day to try and make the internet a safer place. Watch our full overview here: http://cs.co/633280m3rs
March 19, 2025 at 4:13 PM
From threat hunting, detection building, vulnerability discoveries and incident response, Cisco Talos shows up every day to try and make the internet a safer place. Watch our full overview here: http://cs.co/633280m3rs
Reposted by ChocolateCoat
Pro tip: set your logs to be all UTC. This will save your forensic analyst (who bills by the hour) the trouble of having to convert timestamps (and even figuring out which timestamps are in which TZ).
It also keeps them ordered correctly when forwarded to a SIEM, especially from multiple TZ's.
It also keeps them ordered correctly when forwarded to a SIEM, especially from multiple TZ's.
February 23, 2025 at 7:03 PM
Pro tip: set your logs to be all UTC. This will save your forensic analyst (who bills by the hour) the trouble of having to convert timestamps (and even figuring out which timestamps are in which TZ).
It also keeps them ordered correctly when forwarded to a SIEM, especially from multiple TZ's.
It also keeps them ordered correctly when forwarded to a SIEM, especially from multiple TZ's.
Check out all the great work our team puts together from real life investigations
The Talos Incident Response Quarterly Trends report for Q4 2024 is out now! The report covers web shell usage and a spike in the exploitation of public-facing applications. Read the full findings here: blog.talosintelligence.com/talos-ir-tre...
January 30, 2025 at 3:53 PM
Check out all the great work our team puts together from real life investigations
Reposted by ChocolateCoat
No, I don't need a bloody copilot for this document, thank you.
Writing is, in no small part, a tool for thinking. If you outsource that element to a machine that cannot think, you shouldn't be surprised if, at the end of the process, neither you nor your reader are any the wiser.
Writing is, in no small part, a tool for thinking. If you outsource that element to a machine that cannot think, you shouldn't be surprised if, at the end of the process, neither you nor your reader are any the wiser.
January 26, 2025 at 1:31 PM
No, I don't need a bloody copilot for this document, thank you.
Writing is, in no small part, a tool for thinking. If you outsource that element to a machine that cannot think, you shouldn't be surprised if, at the end of the process, neither you nor your reader are any the wiser.
Writing is, in no small part, a tool for thinking. If you outsource that element to a machine that cannot think, you shouldn't be surprised if, at the end of the process, neither you nor your reader are any the wiser.
Reposted by ChocolateCoat
DF/IR tools: amazing at everything, except making decisions, solving cases, and doing your job for you. brettshavers.com/brett-s-blog... #DFIR
The Human Element of DF/IR (YOU!)
The clock is racing. A global breach is unraveling on one side of the room; millions siphoned in real-time, systems crashing, and reputations crumbling by the second. On the other, the unthinkable: a ...
brettshavers.com
January 24, 2025 at 11:27 PM
DF/IR tools: amazing at everything, except making decisions, solving cases, and doing your job for you. brettshavers.com/brett-s-blog... #DFIR
Reposted by ChocolateCoat
tip from an incident responder:
take care of your mental and have a meditative habit. You can be at peace while chaos reigns.
I love yoga, I know some who enjoy painting, lock picking, metalcrafting, create something, do something.
love the world around you by loving yourself.
take care of your mental and have a meditative habit. You can be at peace while chaos reigns.
I love yoga, I know some who enjoy painting, lock picking, metalcrafting, create something, do something.
love the world around you by loving yourself.
January 23, 2025 at 2:41 PM
tip from an incident responder:
take care of your mental and have a meditative habit. You can be at peace while chaos reigns.
I love yoga, I know some who enjoy painting, lock picking, metalcrafting, create something, do something.
love the world around you by loving yourself.
take care of your mental and have a meditative habit. You can be at peace while chaos reigns.
I love yoga, I know some who enjoy painting, lock picking, metalcrafting, create something, do something.
love the world around you by loving yourself.
Reminder for the new year and setting goals.
Underpromise, overdeliver
Underpromise, overdeliver
January 7, 2025 at 6:50 PM
Reminder for the new year and setting goals.
Underpromise, overdeliver
Underpromise, overdeliver
I have a blog. Did I make a new post, nope. Just making a mention that I have a blog 🫡
chocolatecoat4n6.com
chocolatecoat4n6.com
DFIR & Ramblings
ChocolateCoat4n6
chocolatecoat4n6.com
December 2, 2024 at 5:23 PM
I have a blog. Did I make a new post, nope. Just making a mention that I have a blog 🫡
chocolatecoat4n6.com
chocolatecoat4n6.com
Reposted by ChocolateCoat
looking for people in tech on Bluesky from Grand Rapids and West Michigan.
All Eyes On Michigan Michigan GIF
ALT: All Eyes On Michigan Michigan GIF
media.tenor.com
December 2, 2024 at 4:10 PM
looking for people in tech on Bluesky from Grand Rapids and West Michigan.
Reposted by ChocolateCoat
PISTONS FANS PUT IT IN THE RAFTERSSS
November 30, 2024 at 3:23 AM
PISTONS FANS PUT IT IN THE RAFTERSSS
Reposted by ChocolateCoat
If you need datasets for your #DFIR training? Feel free to use any of my cases found in the URL below. They can be used for both academic or commercial training.
www.ashemery.com/dfir.html
www.ashemery.com/dfir.html
November 1, 2024 at 4:07 PM
If you need datasets for your #DFIR training? Feel free to use any of my cases found in the URL below. They can be used for both academic or commercial training.
www.ashemery.com/dfir.html
www.ashemery.com/dfir.html
Another reminder for the Michigan and anyone wanting to make the trip for this event! 👾💻🧤
Using my first Bluesky post to point out that #misecCON is coming up. If you’re in Michigan on Nov. 22 check us out in Lansing! Great talks, great CTF from #ctf313 and all around fun!
miseccon.misec.us
miseccon.misec.us
misecCON – November 22, 2024 / Lansing, MI
miseccon.misec.us
November 20, 2024 at 5:09 PM
Another reminder for the Michigan and anyone wanting to make the trip for this event! 👾💻🧤