Eric Capuano
@eric.zip
- Dad of two <3
- Co-founder Recon InfoSec
- SANS DFIR Instructor
- BlackHat Trainer
- IANS Faculty
- Trainer @digitaldefenseinstitute.com
- Blog: https://blog.ecapuano.com
- ⬡ ODESZA, Lane 8, Kasbo 🎧
- ❤ @whit.zip
- Co-founder Recon InfoSec
- SANS DFIR Instructor
- BlackHat Trainer
- IANS Faculty
- Trainer @digitaldefenseinstitute.com
- Blog: https://blog.ecapuano.com
- ⬡ ODESZA, Lane 8, Kasbo 🎧
- ❤ @whit.zip
Impressive Weismann score 🗜️
November 25, 2025 at 6:03 PM
Impressive Weismann score 🗜️
Reposted by Eric Capuano
Same awesome tool, new look -- triage.zip got a facelift!
Also, updated to work with latest changes to Velociraptor's new Triage Targets: triage.velocidex.com
This project made possible due to the epic team behind @velocidex.com 💙 We only aim to make it even more accessible to the masses. #DFIR
Also, updated to work with latest changes to Velociraptor's new Triage Targets: triage.velocidex.com
This project made possible due to the epic team behind @velocidex.com 💙 We only aim to make it even more accessible to the masses. #DFIR
November 24, 2025 at 8:04 PM
Same awesome tool, new look -- triage.zip got a facelift!
Also, updated to work with latest changes to Velociraptor's new Triage Targets: triage.velocidex.com
This project made possible due to the epic team behind @velocidex.com 💙 We only aim to make it even more accessible to the masses. #DFIR
Also, updated to work with latest changes to Velociraptor's new Triage Targets: triage.velocidex.com
This project made possible due to the epic team behind @velocidex.com 💙 We only aim to make it even more accessible to the masses. #DFIR
Reposted by Eric Capuano
We are launching a Black Friday deal on our most popular course, Threat Hunting & Incident Response w/Velociraptor! From now until midnight (EST) 11/28, enjoy 40% off our best-selling on-demand course.
Register: ddi.sh/thvr-bf-2025
Use Code: blackfriday2025
#DFIR #ThreatHunting
Register: ddi.sh/thvr-bf-2025
Use Code: blackfriday2025
#DFIR #ThreatHunting
November 24, 2025 at 2:30 PM
We are launching a Black Friday deal on our most popular course, Threat Hunting & Incident Response w/Velociraptor! From now until midnight (EST) 11/28, enjoy 40% off our best-selling on-demand course.
Register: ddi.sh/thvr-bf-2025
Use Code: blackfriday2025
#DFIR #ThreatHunting
Register: ddi.sh/thvr-bf-2025
Use Code: blackfriday2025
#DFIR #ThreatHunting
Reposted by Eric Capuano
Achievement unlocked: Presenting at BSides Munich! ✅✨
On Nov 17th I presented my talk ”From Hours to Minutes: Automating Incident Response Triage with Open-Source Tools”. Thanks to the @bsidesmunich.bsky.social organizers, volunteers and attendees for an amazing conference!
On Nov 17th I presented my talk ”From Hours to Minutes: Automating Incident Response Triage with Open-Source Tools”. Thanks to the @bsidesmunich.bsky.social organizers, volunteers and attendees for an amazing conference!
November 23, 2025 at 10:38 AM
Achievement unlocked: Presenting at BSides Munich! ✅✨
On Nov 17th I presented my talk ”From Hours to Minutes: Automating Incident Response Triage with Open-Source Tools”. Thanks to the @bsidesmunich.bsky.social organizers, volunteers and attendees for an amazing conference!
On Nov 17th I presented my talk ”From Hours to Minutes: Automating Incident Response Triage with Open-Source Tools”. Thanks to the @bsidesmunich.bsky.social organizers, volunteers and attendees for an amazing conference!
ZEDS DEAD - CHANNEL FLIPPING 2: ONLY YOU
YouTube video by Zeds Dead
youtu.be
November 21, 2025 at 8:18 AM
The damage done by this administration will take years to undo. Cool.
Breaking: The FCC has voted 2-1 along party lines to eliminate cybersecurity requirements for telecom companies that the commission adopted at the end of the Biden administration.
Telecoms had lobbied for the change. Democrats said it would invite another Salt Typhoon.
Story coming shortly.
Telecoms had lobbied for the change. Democrats said it would invite another Salt Typhoon.
Story coming shortly.
November 20, 2025 at 8:09 PM
The damage done by this administration will take years to undo. Cool.
I have always wanted an app like Zimmerman's Timeline Explorer, but for macOS.... Sadly, nothing remotely close exists except Excel 🤮
Stoked to say, I am nearly done with the the MVP! 😎
Supertimelines on MBP! #dfir
Stoked to say, I am nearly done with the the MVP! 😎
Supertimelines on MBP! #dfir
November 19, 2025 at 7:19 PM
I have always wanted an app like Zimmerman's Timeline Explorer, but for macOS.... Sadly, nothing remotely close exists except Excel 🤮
Stoked to say, I am nearly done with the the MVP! 😎
Supertimelines on MBP! #dfir
Stoked to say, I am nearly done with the the MVP! 😎
Supertimelines on MBP! #dfir
Reposted by Eric Capuano
Reposted by Eric Capuano
When thinking about memory analysis do you immediately think a memory image? Did you know Velociraptor has powerful live memory analysis capabilities, that can be applied at scale?
In my latest post I cover some memory analysis capabilities and how they can be used to detect inline DLL hooking.
In my latest post I cover some memory analysis capabilities and how they can be used to detect inline DLL hooking.
Memory Analysis with Velociraptor - Part 1 :: Velociraptor - Digging deeper!
This Blog post explores Velociraptor's memory analysis capabilities.
docs.velociraptor.app
November 18, 2025 at 2:43 PM
When thinking about memory analysis do you immediately think a memory image? Did you know Velociraptor has powerful live memory analysis capabilities, that can be applied at scale?
In my latest post I cover some memory analysis capabilities and how they can be used to detect inline DLL hooking.
In my latest post I cover some memory analysis capabilities and how they can be used to detect inline DLL hooking.
Outstanding post from @velocidex.com on the dire need to shift memory forensics capabilities to more scalable techniques... I love volatility, and I *really* love MemProcFS, but the usage of these tools adds *significant* overhead to fast-paced IR.
docs.velociraptor.app/blog/2025/20...
docs.velociraptor.app/blog/2025/20...
Memory Analysis with Velociraptor - Part 1 :: Velociraptor - Digging deeper!
This Blog post explores Velociraptor's memory analysis capabilities.
docs.velociraptor.app
November 18, 2025 at 10:10 AM
Outstanding post from @velocidex.com on the dire need to shift memory forensics capabilities to more scalable techniques... I love volatility, and I *really* love MemProcFS, but the usage of these tools adds *significant* overhead to fast-paced IR.
docs.velociraptor.app/blog/2025/20...
docs.velociraptor.app/blog/2025/20...
TFW the CISO invests all energy into simply documenting the “incident response plan” but never fully testing it end to end.
One day somebody is going to push the “button” and realize it’s just the wall behind the sticker.
One day somebody is going to push the “button” and realize it’s just the wall behind the sticker.
November 15, 2025 at 3:03 PM
TFW the CISO invests all energy into simply documenting the “incident response plan” but never fully testing it end to end.
One day somebody is going to push the “button” and realize it’s just the wall behind the sticker.
One day somebody is going to push the “button” and realize it’s just the wall behind the sticker.
Me and my 15 Warp + Claude Code + Codex tabs.
November 14, 2025 at 1:13 PM
Me and my 15 Warp + Claude Code + Codex tabs.
Reposted by Eric Capuano
ICE abducted a 57 year old US Citizen and Veteran along with 11 others, outside of the Portland ICE Detention Center.
11/11/25
11/11/25
November 14, 2025 at 11:18 AM
ICE abducted a 57 year old US Citizen and Veteran along with 11 others, outside of the Portland ICE Detention Center.
11/11/25
11/11/25
November 14, 2025 at 9:17 AM
And that, friends, is how you get 3 devices on airplane wifi for the price of one.
Next stop, London, then onto Dubai. ✈️
Next stop, London, then onto Dubai. ✈️
November 13, 2025 at 2:12 AM
And that, friends, is how you get 3 devices on airplane wifi for the price of one.
Next stop, London, then onto Dubai. ✈️
Next stop, London, then onto Dubai. ✈️
At the Dr this AM, which has recently moved to online-only check in.
Watched the receptionist completely berate a man in his 80s for not being able to sign in due to not owning a cell phone or a computer, saying “I’ll make an exception this time but you’ll need to figure it out next time”
Watched the receptionist completely berate a man in his 80s for not being able to sign in due to not owning a cell phone or a computer, saying “I’ll make an exception this time but you’ll need to figure it out next time”
November 11, 2025 at 4:54 PM
At the Dr this AM, which has recently moved to online-only check in.
Watched the receptionist completely berate a man in his 80s for not being able to sign in due to not owning a cell phone or a computer, saying “I’ll make an exception this time but you’ll need to figure it out next time”
Watched the receptionist completely berate a man in his 80s for not being able to sign in due to not owning a cell phone or a computer, saying “I’ll make an exception this time but you’ll need to figure it out next time”
Happy day to the people that did the thing and those that do it still.
November 11, 2025 at 2:55 PM
Happy day to the people that did the thing and those that do it still.
Reposted by Eric Capuano
another epic #HackerHoedown with @eric.zip -- amazing humans, amazing talks
thank you, @pedramamini.com! we had so much fun
💾🔥🫶🏻👩🏻💻🍻
thank you, @pedramamini.com! we had so much fun
💾🔥🫶🏻👩🏻💻🍻
November 7, 2025 at 6:37 PM
another epic #HackerHoedown with @eric.zip -- amazing humans, amazing talks
thank you, @pedramamini.com! we had so much fun
💾🔥🫶🏻👩🏻💻🍻
thank you, @pedramamini.com! we had so much fun
💾🔥🫶🏻👩🏻💻🍻
Friday Hot Take: people that are consistently dunking on AI for "hallucinating" are unknowingly admitting their own lack of understanding of how to use it properly.
It's akin to an auto mechanic saying, "This wrench is dumb because I don't know how to repair an engine, and neither does the wrench."
It's akin to an auto mechanic saying, "This wrench is dumb because I don't know how to repair an engine, and neither does the wrench."
October 31, 2025 at 1:58 PM
Friday Hot Take: people that are consistently dunking on AI for "hallucinating" are unknowingly admitting their own lack of understanding of how to use it properly.
It's akin to an auto mechanic saying, "This wrench is dumb because I don't know how to repair an engine, and neither does the wrench."
It's akin to an auto mechanic saying, "This wrench is dumb because I don't know how to repair an engine, and neither does the wrench."
I love having a front row seat to the robot wars
October 28, 2025 at 1:44 AM
I love having a front row seat to the robot wars
October 23, 2025 at 2:19 AM
Hope they transmitted the dox data over the newly redefined “FTP” protocol.
WRT the protocol itself, there’s passive FTP, but this feels more like active FTP and I’m here for it.
WRT the protocol itself, there’s passive FTP, but this feels more like active FTP and I’m here for it.
October 20, 2025 at 2:26 AM
Hope they transmitted the dox data over the newly redefined “FTP” protocol.
WRT the protocol itself, there’s passive FTP, but this feels more like active FTP and I’m here for it.
WRT the protocol itself, there’s passive FTP, but this feels more like active FTP and I’m here for it.
Damn, it’s getting real when Canada starts actively looking for US refugees.
October 19, 2025 at 6:01 AM
Damn, it’s getting real when Canada starts actively looking for US refugees.