Mike Wilkinson
@dfirmike.bsky.social
#DFIR investigator & trainer.
Reposted by Mike Wilkinson
Learn from 4 IR experts on how they do Endpoint Triage.
Apr 17.
I'll MC and you'll hear from @keydet89.bsky.social (Huntress), Kai Thomsen (Dragos), @dfirmike.bsky.social (Sleuth Kit Labs) and Quinnlan Varcoe (Blueberry Security).
See you there!
register.gotowebinar.com/register/600...
Apr 17.
I'll MC and you'll hear from @keydet89.bsky.social (Huntress), Kai Thomsen (Dragos), @dfirmike.bsky.social (Sleuth Kit Labs) and Quinnlan Varcoe (Blueberry Security).
See you there!
register.gotowebinar.com/register/600...
April 1, 2025 at 4:04 PM
Learn from 4 IR experts on how they do Endpoint Triage.
Apr 17.
I'll MC and you'll hear from @keydet89.bsky.social (Huntress), Kai Thomsen (Dragos), @dfirmike.bsky.social (Sleuth Kit Labs) and Quinnlan Varcoe (Blueberry Security).
See you there!
register.gotowebinar.com/register/600...
Apr 17.
I'll MC and you'll hear from @keydet89.bsky.social (Huntress), Kai Thomsen (Dragos), @dfirmike.bsky.social (Sleuth Kit Labs) and Quinnlan Varcoe (Blueberry Security).
See you there!
register.gotowebinar.com/register/600...
Reposted by Mike Wilkinson
For those in the #SOC: Alert Triage vs Endpoint Triage
Blog post that is part of our Endpoint Triage series.
Alert triage focuses on validating and prioritizing the EDR/SIEM alert.
Endpoint triage focuses on prioritizing the host. How bad is it?
www.cybertriage.com/blog/alert-t...
Blog post that is part of our Endpoint Triage series.
Alert triage focuses on validating and prioritizing the EDR/SIEM alert.
Endpoint triage focuses on prioritizing the host. How bad is it?
www.cybertriage.com/blog/alert-t...
Alert Triage vs Endpoint Triage: What SOCs Need to Know
As we talk to corporate security teams about how they respond to incidents and EDR alerts, we find it useful to highlight the Endpoint Triage step in
www.cybertriage.com
March 21, 2025 at 1:38 PM
For those in the #SOC: Alert Triage vs Endpoint Triage
Blog post that is part of our Endpoint Triage series.
Alert triage focuses on validating and prioritizing the EDR/SIEM alert.
Endpoint triage focuses on prioritizing the host. How bad is it?
www.cybertriage.com/blog/alert-t...
Blog post that is part of our Endpoint Triage series.
Alert triage focuses on validating and prioritizing the EDR/SIEM alert.
Endpoint triage focuses on prioritizing the host. How bad is it?
www.cybertriage.com/blog/alert-t...
Anyone looking for a free open source forensic tool that can mount bitlockered disk images? If so check out the new release of Autopsy. www.autopsy.com/autopsy-4-22...
Autopsy - Autopsy 4.22.0: BitLocker Support, Cyber Triage Sidecar, Library Updates
Autopsy 4.22.0 includes BitLocker support, ability to run alongside Cyber Triage, and updates to lower-level libraries.
www.autopsy.com
March 12, 2025 at 1:32 PM
Anyone looking for a free open source forensic tool that can mount bitlockered disk images? If so check out the new release of Autopsy. www.autopsy.com/autopsy-4-22...
Reposted by Mike Wilkinson
We're using the term "Information Artifacts" for high-level #DFIR concepts like "Processes" and "Inbound Logins". I think they are easier to train than low-level Prefetch, UserAssist etc. (i.e. Data Artifacts). Those map to an Info Artifact (Prefetch -> Process).
www.cybertriage.com/blog/informa...
www.cybertriage.com/blog/informa...
Information Artifacts: Simplify DFIR Analysis
Do you know the differences between MUICache, ShimCache, AMCache, and PMCache without the help of Google? Did you know that one of them is made up?
www.cybertriage.com
January 27, 2025 at 5:30 PM
We're using the term "Information Artifacts" for high-level #DFIR concepts like "Processes" and "Inbound Logins". I think they are easier to train than low-level Prefetch, UserAssist etc. (i.e. Data Artifacts). Those map to an Info Artifact (Prefetch -> Process).
www.cybertriage.com/blog/informa...
www.cybertriage.com/blog/informa...
This is a fascinating interview from @campuscodi.risky.biz about the actual productive use of LLMs in combating insider threats. Well worth the listen for a conversation around AI without a bunch of marketing BS. risky.biz/RBTALKS5/
RBTALKS5: How Pfizer uses AI to detect insider risk - Risky Business
RBTALKS5: How Pfizer uses AI to detect insider risk
risky.biz
December 20, 2024 at 2:09 PM
This is a fascinating interview from @campuscodi.risky.biz about the actual productive use of LLMs in combating insider threats. Well worth the listen for a conversation around AI without a bunch of marketing BS. risky.biz/RBTALKS5/
Reposted by Mike Wilkinson
Cyber Triage 3.13 is the holiday gift you’ve been waiting for:
Integrations that make you faster.
→ MemProcFS integration
→ Expanded S3 integration
→ Detailed sandbox report
Complete 3.13 release notes: www.cybertriage.com/blog/release...
Integrations that make you faster.
→ MemProcFS integration
→ Expanded S3 integration
→ Detailed sandbox report
Complete 3.13 release notes: www.cybertriage.com/blog/release...
3.13 Adds MemProcFS and Extends the S3 and Recorded Future Sandbox Integrations
Our holiday gift this year is some frequently requested features that came out in the 3.13 release: MemProcFS to support Windows 10 and 11 images
www.cybertriage.com
December 19, 2024 at 10:56 PM
Cyber Triage 3.13 is the holiday gift you’ve been waiting for:
Integrations that make you faster.
→ MemProcFS integration
→ Expanded S3 integration
→ Detailed sandbox report
Complete 3.13 release notes: www.cybertriage.com/blog/release...
Integrations that make you faster.
→ MemProcFS integration
→ Expanded S3 integration
→ Detailed sandbox report
Complete 3.13 release notes: www.cybertriage.com/blog/release...