Chris DiSalle
@chrisdfir.updatex64.zip
Technical Lead, Incident Response @ Cisco Talos
DFIR, drums, and the simple things
DFIR, drums, and the simple things
Check out this blog post to learn more about our Incident Response team at Cisco Talos and how we can help your organization.
When a cybersecurity crisis strikes, Cisco Talos Incident Response transforms chaos into control. Read our latest blog for a behind-the-scenes look at what happens when you engage our team: cs.co/63324AZeIQ
September 25, 2025 at 12:34 AM
Check out this blog post to learn more about our Incident Response team at Cisco Talos and how we can help your organization.
Reposted by Chris DiSalle
Experiencing a security incident? The Cisco Talos Incident Response team delivers fast, expert support to help you identify, contain and remediate threats when every second counts: www.youtube.com/watch?v=XFw0...
September 15, 2025 at 4:14 PM
Experiencing a security incident? The Cisco Talos Incident Response team delivers fast, expert support to help you identify, contain and remediate threats when every second counts: www.youtube.com/watch?v=XFw0...
Reposted by Chris DiSalle
Watch out for threat actors who try to reel you in! 🎣 Phishing to achieve initial access soared this quarter, comprising 50% of all Talos IR incidents. Read our Quarterly Trends report for Q1 2025: http://cs.co/633252gat3
April 28, 2025 at 2:04 PM
Watch out for threat actors who try to reel you in! 🎣 Phishing to achieve initial access soared this quarter, comprising 50% of all Talos IR incidents. Read our Quarterly Trends report for Q1 2025: http://cs.co/633252gat3
Hot off the press! Check out the Talos 2024 Year In Review report to learn about threat actor activities we encountered last year.
Cisco Talos’ 2024 Year in Review is available now! With visibility into more than 886 billion security events per day, the report features our key insights. Read the full report here: http://cs.co/63320FzuMG
March 31, 2025 at 2:13 PM
Hot off the press! Check out the Talos 2024 Year In Review report to learn about threat actor activities we encountered last year.
The post-SB set list.. GNX
February 10, 2025 at 5:37 PM
The post-SB set list.. GNX
The Talos Incident Response Quarterly Trends report for Q4 2024 is out now! The report covers web shell usage and a spike in the exploitation of public-facing applications. Read the full findings here: blog.talosintelligence.com/talos-ir-tre...
January 30, 2025 at 4:26 PM
Found one of my favorites in the used bin at the record store today.
Cat Stevens - Buddha and the Chocolate Box (1974)
Cat Stevens - Buddha and the Chocolate Box (1974)
December 22, 2024 at 7:24 PM
Found one of my favorites in the used bin at the record store today.
Cat Stevens - Buddha and the Chocolate Box (1974)
Cat Stevens - Buddha and the Chocolate Box (1974)
December 8, 2024 at 9:59 PM
Smooth beats fuel the DFIR soul.
My 2024 Wrapped - Get yours
2024 Wrapped
open.spotify.com
December 4, 2024 at 5:51 PM
Smooth beats fuel the DFIR soul.
Reposted by Chris DiSalle
While there are some awesome methods to detect web shells with Yara, sometimes structured data can help solve the case. In this oversimplified example, I go over how you can use two artifacts with Velociraptor to help you find evil on your Linux server.
#dfir #blueteam #cybersecurity
#dfir #blueteam #cybersecurity
Hunting Linux Web Shells with Velociraptor
Linux forensics can be tricky, especially when investigating subtle threats like web shells. Unlike Windows, which provides tools like the Master File Table ($MFT) for metadata-rich investigations, Li...
www.linkedin.com
December 1, 2024 at 1:04 AM
While there are some awesome methods to detect web shells with Yara, sometimes structured data can help solve the case. In this oversimplified example, I go over how you can use two artifacts with Velociraptor to help you find evil on your Linux server.
#dfir #blueteam #cybersecurity
#dfir #blueteam #cybersecurity
While there are some awesome methods to detect web shells with Yara, sometimes structured data can help solve the case. In this oversimplified example, I go over how you can use two artifacts with Velociraptor to help you find evil on your Linux server.
#dfir #blueteam #cybersecurity
#dfir #blueteam #cybersecurity
Hunting Linux Web Shells with Velociraptor
Linux forensics can be tricky, especially when investigating subtle threats like web shells. Unlike Windows, which provides tools like the Master File Table ($MFT) for metadata-rich investigations, Li...
www.linkedin.com
December 1, 2024 at 1:04 AM
While there are some awesome methods to detect web shells with Yara, sometimes structured data can help solve the case. In this oversimplified example, I go over how you can use two artifacts with Velociraptor to help you find evil on your Linux server.
#dfir #blueteam #cybersecurity
#dfir #blueteam #cybersecurity
Reposted by Chris DiSalle
#Linux lacks a resource like the Windows Master File Table ($MFT). I've developed this #Velociraptor artifact to collect metadata from files and folders recursively in selected paths to create a bodyfile. This may bring an MFT-like feel to filesystem analysis. #dfir
github.com/chrisdfir/Ve...
github.com/chrisdfir/Ve...
github.com
November 12, 2024 at 9:01 PM
#Linux lacks a resource like the Windows Master File Table ($MFT). I've developed this #Velociraptor artifact to collect metadata from files and folders recursively in selected paths to create a bodyfile. This may bring an MFT-like feel to filesystem analysis. #dfir
github.com/chrisdfir/Ve...
github.com/chrisdfir/Ve...
Played The Incredible Machine a lot as a little kid. Same dev has a modern version on Steam. store.steampowered.com/app/241240/C...
#games #steam
#games #steam
November 26, 2024 at 12:24 PM
Played The Incredible Machine a lot as a little kid. Same dev has a modern version on Steam. store.steampowered.com/app/241240/C...
#games #steam
#games #steam
"According to Cisco Talos’ data, roughly 60% of all email containing a QR code is spam."
Malicious QR codes - how big of a problem is it really? Check out this 60 second recap. The full analysis is available at cs.co/6010tMy7s
#cybersecurity #qrcodes #talosthings
Malicious QR codes - how big of a problem is it really? Check out this 60 second recap. The full analysis is available at cs.co/6010tMy7s
#cybersecurity #qrcodes #talosthings
Malicious QR Codes: How big of a problem is it, really?
QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumpti...
cs.co
November 25, 2024 at 4:10 PM
"According to Cisco Talos’ data, roughly 60% of all email containing a QR code is spam."
Malicious QR codes - how big of a problem is it really? Check out this 60 second recap. The full analysis is available at cs.co/6010tMy7s
#cybersecurity #qrcodes #talosthings
Malicious QR codes - how big of a problem is it really? Check out this 60 second recap. The full analysis is available at cs.co/6010tMy7s
#cybersecurity #qrcodes #talosthings
Reposted by Chris DiSalle
Russian spies—likely Russia's GRU intelligence agency—used a new trick to hack a victim in Washington, DC: They remotely infected another network in a building across the street, hijacked a laptop there, then breached the target organization via its Wifi. www.wired.com/story/russia...
Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack
In a first, Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.
www.wired.com
November 22, 2024 at 12:06 PM
Russian spies—likely Russia's GRU intelligence agency—used a new trick to hack a victim in Washington, DC: They remotely infected another network in a building across the street, hijacked a laptop there, then breached the target organization via its Wifi. www.wired.com/story/russia...
The 2025 Snort Calendar has arrived 🎉 This year’s theme is Video Games! To get your copy of the 2025 Snort Calendar, fill out our short survey here: cs.co/6018sNeKi Calendars will begin shipping in December 2024. U.S. shipping only, available while supplies last.
#cybersecurity #snort #talosthings
#cybersecurity #snort #talosthings
November 21, 2024 at 10:13 PM
The 2025 Snort Calendar has arrived 🎉 This year’s theme is Video Games! To get your copy of the 2025 Snort Calendar, fill out our short survey here: cs.co/6018sNeKi Calendars will begin shipping in December 2024. U.S. shipping only, available while supplies last.
#cybersecurity #snort #talosthings
#cybersecurity #snort #talosthings
New edition of the Talos Threat Source Newsletter is out. Drums, leadership communications, and the intersection between. Good stuff although I wouldn't say Travis Barker is "easy".. those hands are fast.
#cybersecurity #threatintel #talosthings
#cybersecurity #threatintel #talosthings
Bidirectional communication via polyrhythms and shuffles: Without Jon the beat must go on
The Threat Source Newsletter is back! William Largent discusses bidirectional communication in the SOC, and highlights new Talos research including the discovery of PXA Stealers.
blog.talosintelligence.com
November 21, 2024 at 8:01 PM
New edition of the Talos Threat Source Newsletter is out. Drums, leadership communications, and the intersection between. Good stuff although I wouldn't say Travis Barker is "easy".. those hands are fast.
#cybersecurity #threatintel #talosthings
#cybersecurity #threatintel #talosthings
Topics covered with the kids:
- What is cybersecurity? (high level)
- How does the Internet work?
- Underwater sea cable map
- How technology can be used for bad
- Stranger danger
- Password security hands-on
- Don't click random things
#cybersecurity #education #teachin
- What is cybersecurity? (high level)
- How does the Internet work?
- Underwater sea cable map
- How technology can be used for bad
- Stranger danger
- Password security hands-on
- Don't click random things
#cybersecurity #education #teachin
November 21, 2024 at 2:08 PM
Topics covered with the kids:
- What is cybersecurity? (high level)
- How does the Internet work?
- Underwater sea cable map
- How technology can be used for bad
- Stranger danger
- Password security hands-on
- Don't click random things
#cybersecurity #education #teachin
- What is cybersecurity? (high level)
- How does the Internet work?
- Underwater sea cable map
- How technology can be used for bad
- Stranger danger
- Password security hands-on
- Don't click random things
#cybersecurity #education #teachin
Speaking at the elementary school teach-in tomorrow. Building a small cyber army one class room at a time. It's the long game...
#cybersecurity
#cybersecurity
November 20, 2024 at 10:01 PM
Speaking at the elementary school teach-in tomorrow. Building a small cyber army one class room at a time. It's the long game...
#cybersecurity
#cybersecurity
Reposted by Chris DiSalle
🔥 You can now allow/block FQDNs using Windows Firewall
learn.microsoft.com/en-us/window...
learn.microsoft.com/en-us/window...
Windows Firewall dynamic keywords
Learn about Windows Firewall dynamic keywords and how to configure it using Windows PowerShell.
learn.microsoft.com
November 20, 2024 at 10:19 AM
🔥 You can now allow/block FQDNs using Windows Firewall
learn.microsoft.com/en-us/window...
learn.microsoft.com/en-us/window...
Reposted by Chris DiSalle
Hey #infosec and #cybersecurity folks. I have a couple thinky questions I'd like to get perspective on:
- What makes a "good" cybersecurity partner in this day and age?
- What services or capabilities are table stakes for you?
always curious what you folks are seeing or would like to see
- What makes a "good" cybersecurity partner in this day and age?
- What services or capabilities are table stakes for you?
always curious what you folks are seeing or would like to see
November 19, 2024 at 1:57 AM
Hey #infosec and #cybersecurity folks. I have a couple thinky questions I'd like to get perspective on:
- What makes a "good" cybersecurity partner in this day and age?
- What services or capabilities are table stakes for you?
always curious what you folks are seeing or would like to see
- What makes a "good" cybersecurity partner in this day and age?
- What services or capabilities are table stakes for you?
always curious what you folks are seeing or would like to see
Reposted by Chris DiSalle
Random Monday thoughts…
As most of us have come here to find a safe haven from extremism, I feel it’s important not to use this sanctuary to intentionally sow further division.
Paraphrasing Ram Dass, “individualism leads to war, anger, insecurity, and fear.”
As most of us have come here to find a safe haven from extremism, I feel it’s important not to use this sanctuary to intentionally sow further division.
Paraphrasing Ram Dass, “individualism leads to war, anger, insecurity, and fear.”
November 18, 2024 at 6:57 PM
Random Monday thoughts…
As most of us have come here to find a safe haven from extremism, I feel it’s important not to use this sanctuary to intentionally sow further division.
Paraphrasing Ram Dass, “individualism leads to war, anger, insecurity, and fear.”
As most of us have come here to find a safe haven from extremism, I feel it’s important not to use this sanctuary to intentionally sow further division.
Paraphrasing Ram Dass, “individualism leads to war, anger, insecurity, and fear.”
Securing a #web server? Consider using CSPBypass to check your HTTP headers for flaws in your Content Security Policies (CSP). Designed for ethical hacking, this is can be multi-purpose. Protect ya neck! #cybersecurity #blueteam #websecurity #http
github.com/renniepak/CS...
github.com/renniepak/CS...
November 18, 2024 at 5:18 PM
Securing a #web server? Consider using CSPBypass to check your HTTP headers for flaws in your Content Security Policies (CSP). Designed for ethical hacking, this is can be multi-purpose. Protect ya neck! #cybersecurity #blueteam #websecurity #http
github.com/renniepak/CS...
github.com/renniepak/CS...
This git is full of resources for event logs/auditing. Covers everything from tool configs to audit cheatsheets to event attack chains and data samples. In #DFIR visibility is key. This is a solid resource for those responding to an incident or trying to prevent one. #grc
github.com/stuhli/aweso...
github.com/stuhli/aweso...
GitHub - stuhli/awesome-event-ids: Collection of Event ID ressources useful for Digital Forensics and Incident Response
Collection of Event ID ressources useful for Digital Forensics and Incident Response - stuhli/awesome-event-ids
github.com
November 17, 2024 at 10:29 PM
This git is full of resources for event logs/auditing. Covers everything from tool configs to audit cheatsheets to event attack chains and data samples. In #DFIR visibility is key. This is a solid resource for those responding to an incident or trying to prevent one. #grc
github.com/stuhli/aweso...
github.com/stuhli/aweso...
Beastie Boys - License To Ill
"Now here's a little story I've got to tell about three bad brothers you know so well"
"Now here's a little story I've got to tell about three bad brothers you know so well"
What was the first album that you bought?
November 17, 2024 at 9:36 PM
Beastie Boys - License To Ill
"Now here's a little story I've got to tell about three bad brothers you know so well"
"Now here's a little story I've got to tell about three bad brothers you know so well"