Chris Sanders 🔎 🧠
@chrissanders88.bsky.social
Digital Forensic Analyst, Researcher, Author
Ed.D.
Founder Applied Network Defense and Rural Tech Fund
Former Mandiant, InGuardians, DoD
Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSM
Ed.D.
Founder Applied Network Defense and Rural Tech Fund
Former Mandiant, InGuardians, DoD
Author: Intrusion Detection Honeypots, Practical Packet Analysis, Applied NSM
3. Many of the initial investigative questions analysts will ask in response to these cues can be predicted.
October 29, 2025 at 4:48 PM
3. Many of the initial investigative questions analysts will ask in response to these cues can be predicted.
My photo submission for the 2026 Meteorite Calendar... three lunar stones from my collection, titled "Colors of the Moon". While we primarily think of the moon as a uniform shade, there's a lot more there than what initially meets the eye!
#space #astronomy #science #geology #STEM
#space #astronomy #science #geology #STEM
October 10, 2025 at 1:22 PM
My photo submission for the 2026 Meteorite Calendar... three lunar stones from my collection, titled "Colors of the Moon". While we primarily think of the moon as a uniform shade, there's a lot more there than what initially meets the eye!
#space #astronomy #science #geology #STEM
#space #astronomy #science #geology #STEM
My Intrusion Detection Honeypots book turns 5 years old today! It's the most fun book I've ever written, and I still think it's the one the industry needs the most.
September 1, 2025 at 3:00 PM
My Intrusion Detection Honeypots book turns 5 years old today! It's the most fun book I've ever written, and I still think it's the one the industry needs the most.
Our newest online course, Command Line Essentials for Security Analysts, is open now. It covers Bash, Windows CMD, and PowerShell.
Details and Registration:
www.networkdefense.co/courses/cli/
Use code ITSTHECLIYALL at checkout for a limited time discount. #DFIR #SOC
Details and Registration:
www.networkdefense.co/courses/cli/
Use code ITSTHECLIYALL at checkout for a limited time discount. #DFIR #SOC
August 22, 2025 at 2:15 PM
Our newest online course, Command Line Essentials for Security Analysts, is open now. It covers Bash, Windows CMD, and PowerShell.
Details and Registration:
www.networkdefense.co/courses/cli/
Use code ITSTHECLIYALL at checkout for a limited time discount. #DFIR #SOC
Details and Registration:
www.networkdefense.co/courses/cli/
Use code ITSTHECLIYALL at checkout for a limited time discount. #DFIR #SOC
I'm excited to announce our newest online course, Command Line Essentials for Security Analysts.
Learn about the course and register here:
www.networkdefense.co/courses/cli/
Learn about the course and register here:
www.networkdefense.co/courses/cli/
August 20, 2025 at 2:03 PM
I'm excited to announce our newest online course, Command Line Essentials for Security Analysts.
Learn about the course and register here:
www.networkdefense.co/courses/cli/
Learn about the course and register here:
www.networkdefense.co/courses/cli/
New course officially drops tomorrow morning... 👀
August 19, 2025 at 8:26 PM
New course officially drops tomorrow morning... 👀
Who wants to win a bottle of this limited edition hot sauce we had made for @RuralTechFund? Beyond the awesome label and cause, it's also my favorite everyday hot sauce to eat.
If you donate at least $3 today, I'll pick a few folks and send you a bottle:
ruraltechfund.org/donate/
If you donate at least $3 today, I'll pick a few folks and send you a bottle:
ruraltechfund.org/donate/
August 12, 2025 at 2:50 PM
Who wants to win a bottle of this limited edition hot sauce we had made for @RuralTechFund? Beyond the awesome label and cause, it's also my favorite everyday hot sauce to eat.
If you donate at least $3 today, I'll pick a few folks and send you a bottle:
ruraltechfund.org/donate/
If you donate at least $3 today, I'll pick a few folks and send you a bottle:
ruraltechfund.org/donate/
How about a surprise sale as we wind down summer?
All Applied Network Defense online courses are 20% off today and tomorrow.
I'll also pick five random folks who buy a course to win a free six-month subscription to my Analyst Skills Vault.
networkdefense.io
All Applied Network Defense online courses are 20% off today and tomorrow.
I'll also pick five random folks who buy a course to win a free six-month subscription to my Analyst Skills Vault.
networkdefense.io
August 6, 2025 at 2:58 PM
How about a surprise sale as we wind down summer?
All Applied Network Defense online courses are 20% off today and tomorrow.
I'll also pick five random folks who buy a course to win a free six-month subscription to my Analyst Skills Vault.
networkdefense.io
All Applied Network Defense online courses are 20% off today and tomorrow.
I'll also pick five random folks who buy a course to win a free six-month subscription to my Analyst Skills Vault.
networkdefense.io
Investigation Scenario 🔎
The information in the screenshot was logged by System EID 7.
What do you look for to investigate whether an incident occurred?
BONUS: What are some legitimate scenarios in which you might observe this behavior?
#InvestigationPath #DFIR #SOC
The information in the screenshot was logged by System EID 7.
What do you look for to investigate whether an incident occurred?
BONUS: What are some legitimate scenarios in which you might observe this behavior?
#InvestigationPath #DFIR #SOC
July 29, 2025 at 2:00 PM
Investigation Scenario 🔎
The information in the screenshot was logged by System EID 7.
What do you look for to investigate whether an incident occurred?
BONUS: What are some legitimate scenarios in which you might observe this behavior?
#InvestigationPath #DFIR #SOC
The information in the screenshot was logged by System EID 7.
What do you look for to investigate whether an incident occurred?
BONUS: What are some legitimate scenarios in which you might observe this behavior?
#InvestigationPath #DFIR #SOC
Our book launch and signing for Milo and the Midnight Meteorite today! We enjoyed sharing the book and some meteorites with local folks ☄️ #space #STEM #astronomy #science
July 9, 2025 at 9:36 PM
Our book launch and signing for Milo and the Midnight Meteorite today! We enjoyed sharing the book and some meteorites with local folks ☄️ #space #STEM #astronomy #science
I've acquired a bigger piece since then ☄️😃
June 29, 2025 at 4:04 PM
I've acquired a bigger piece since then ☄️😃
Analysts derive playbooks through inductive reasoning processes. The process is often as valuable as the result. We needed a way to express those cleanly and effectively, supporting analyst cognition.
June 25, 2025 at 6:48 PM
Analysts derive playbooks through inductive reasoning processes. The process is often as valuable as the result. We needed a way to express those cleanly and effectively, supporting analyst cognition.
Analysts encounter common scenarios (cues) across diverse investigations based on the evidence they encounter and their forecasting of potentially related events. Many of the initial investigative questions analysts will ask in response to these cues can be predicted.
June 25, 2025 at 6:48 PM
Analysts encounter common scenarios (cues) across diverse investigations based on the evidence they encounter and their forecasting of potentially related events. Many of the initial investigative questions analysts will ask in response to these cues can be predicted.
Better yet, the folks at Security Onion have integrated the standard into their platform and released a new guided investigation feature today. Every alert in Security Onion will now have linked investigation playbooks you can work from.
June 25, 2025 at 6:48 PM
Better yet, the folks at Security Onion have integrated the standard into their platform and released a new guided investigation feature today. Every alert in Security Onion will now have linked investigation playbooks you can work from.
If you've taken my Investigation Theory course, then you're familiar with my Human-Centered Investigation Playbooks. I'm excited to share that I'm releasing that standard publicly today. You can read about it here: chrissanders.org/2025/06/hum...
June 25, 2025 at 6:48 PM
If you've taken my Investigation Theory course, then you're familiar with my Human-Centered Investigation Playbooks. I'm excited to share that I'm releasing that standard publicly today. You can read about it here: chrissanders.org/2025/06/hum...
You can pick up your copy at milosmeteorite.com/. There's also an option to bundle your copy with an authentic meteorite sample in a display case. You can actually hold a piece of space in your hand!
June 20, 2025 at 2:11 PM
You can pick up your copy at milosmeteorite.com/. There's also an option to bundle your copy with an authentic meteorite sample in a display case. You can actually hold a piece of space in your hand!
We'll be using part of the proceeds from the book to fund space and science education for kids. I've already had the chance to do a couple of readings of the book in schools!
June 20, 2025 at 2:11 PM
We'll be using part of the proceeds from the book to fund space and science education for kids. I've already had the chance to do a couple of readings of the book in schools!
Scientific accuracy was a top priority for this project. The meteorite images in this book aren’t just random; they depict real meteorite types—like chondrites and pallasites—ensuring that the introduction to meteorites is both informative and thrilling.
June 20, 2025 at 2:11 PM
Scientific accuracy was a top priority for this project. The meteorite images in this book aren’t just random; they depict real meteorite types—like chondrites and pallasites—ensuring that the introduction to meteorites is both informative and thrilling.
Simply put, there just aren't any great kids' books out there that introduce the wonder of meteorites in an accessible, engaging way. I wanted to create a book to help children learn about space through the lens of the meteorites that eventually make their way to Earth.
June 20, 2025 at 2:11 PM
Simply put, there just aren't any great kids' books out there that introduce the wonder of meteorites in an accessible, engaging way. I wanted to create a book to help children learn about space through the lens of the meteorites that eventually make their way to Earth.
The book follows Milo's journey as he meets Stella, an astronomer passionate about understanding the cosmos. Stella opens his eyes to the secrets of meteorites, from those formed deep within Earth-like worlds to rare treasures from Mars and the Moon.
June 20, 2025 at 2:11 PM
The book follows Milo's journey as he meets Stella, an astronomer passionate about understanding the cosmos. Stella opens his eyes to the secrets of meteorites, from those formed deep within Earth-like worlds to rare treasures from Mars and the Moon.
One sleepless night, Milo spots a glowing object streaking across the sky from his bedroom window. With his loyal dog Rocket by his side the next day, he sets off to find where it landed. But with so many ordinary rocks around, how can he tell if he’s really found a piece of space?
June 20, 2025 at 2:11 PM
One sleepless night, Milo spots a glowing object streaking across the sky from his bedroom window. With his loyal dog Rocket by his side the next day, he sets off to find where it landed. But with so many ordinary rocks around, how can he tell if he’s really found a piece of space?
It's release day for my latest book... but this one's a bit different!
Milo and the Midnight Meteorite is a captivating children’s book that sparks curiosity about meteorites and the magnificent universe we inhabit!
Milo and the Midnight Meteorite is a captivating children’s book that sparks curiosity about meteorites and the magnificent universe we inhabit!
June 20, 2025 at 2:11 PM
It's release day for my latest book... but this one's a bit different!
Milo and the Midnight Meteorite is a captivating children’s book that sparks curiosity about meteorites and the magnificent universe we inhabit!
Milo and the Midnight Meteorite is a captivating children’s book that sparks curiosity about meteorites and the magnificent universe we inhabit!
Last week, we launched a high-altitude balloon into the stratosphere. The payload included three Cube Satellite emulators built by rural classroom students we worked with. Their CubeSats collected real atmospheric data, which was returned to the classes for analysis.
May 29, 2025 at 6:52 PM
Last week, we launched a high-altitude balloon into the stratosphere. The payload included three Cube Satellite emulators built by rural classroom students we worked with. Their CubeSats collected real atmospheric data, which was returned to the classes for analysis.
Investigation Scenario 🔎
PowerShell Script Block Logging (EID 4104) reveals the pictured command was executed:
What do you look for to investigate whether an incident occurred and its extent?
#InvestigationPath #DFIR #SOC
PowerShell Script Block Logging (EID 4104) reveals the pictured command was executed:
What do you look for to investigate whether an incident occurred and its extent?
#InvestigationPath #DFIR #SOC
April 2, 2025 at 2:00 PM
Investigation Scenario 🔎
PowerShell Script Block Logging (EID 4104) reveals the pictured command was executed:
What do you look for to investigate whether an incident occurred and its extent?
#InvestigationPath #DFIR #SOC
PowerShell Script Block Logging (EID 4104) reveals the pictured command was executed:
What do you look for to investigate whether an incident occurred and its extent?
#InvestigationPath #DFIR #SOC
I'm delivering the closing Keynote at RejectionCon (virtually) this year. I'll talk a bit about my story, how poverty charges interest, and some of the ways we provide unique learning opportunities to students at the Rural Tech Fund.
March 17, 2025 at 6:05 PM
I'm delivering the closing Keynote at RejectionCon (virtually) this year. I'll talk a bit about my story, how poverty charges interest, and some of the ways we provide unique learning opportunities to students at the Rural Tech Fund.