Jim Clausing
@jclausing.bsky.social
pilot, cyclist, Unix/Linux, DFIR
2 more days to get the early-bird discount for one of my all-time favorite conferences, #SANS #DFIRCON in Miami in Nov. There are a bunch of hands-on workshops on Sun, 16 Nov, lots of evening events during the week #FOR577 my last in 2025. Reg here: www.sans.org/cyber-securi...
September 29, 2025 at 6:25 PM
2 more days to get the early-bird discount for one of my all-time favorite conferences, #SANS #DFIRCON in Miami in Nov. There are a bunch of hands-on workshops on Sun, 16 Nov, lots of evening events during the week #FOR577 my last in 2025. Reg here: www.sans.org/cyber-securi...
Linux touches every part of our networks. Our routers, switches, and firewalls likely run some flavor of Linux or Unix. Join me in London in July for the newly updated #SANS #FOR577 where we'll learn how to investigate attacks on Linux systems. www.sans.org/cyber-securi...
April 29, 2025 at 12:20 PM
Linux touches every part of our networks. Our routers, switches, and firewalls likely run some flavor of Linux or Unix. Join me in London in July for the newly updated #SANS #FOR577 where we'll learn how to investigate attacks on Linux systems. www.sans.org/cyber-securi...
Reposted by Jim Clausing
Tool update: sigs.py - added check mode https://isc.sans.edu/diary/31706
February 21, 2025 at 12:06 AM
Tool update: sigs.py - added check mode https://isc.sans.edu/diary/31706
Reposted by Jim Clausing
SANS Stormcast Monday Feb 24th: sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns;
https://isc.sans.edu/podcastdetail/9336
https://isc.sans.edu/podcastdetail/9336
February 24, 2025 at 2:00 AM
SANS Stormcast Monday Feb 24th: sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns;
https://isc.sans.edu/podcastdetail/9336
https://isc.sans.edu/podcastdetail/9336
Reposted by Jim Clausing
Unfurl v2025.02 released https://isc.sans.edu/diary/31716
February 24, 2025 at 8:35 PM
Unfurl v2025.02 released https://isc.sans.edu/diary/31716
Join me in one of my favorite places for the updated FOR577. Now, with more BTRFS, more rootkits, and more Linux attacks. #FOR577 #SANSSecWest
February 14, 2025 at 4:58 PM
Join me in one of my favorite places for the updated FOR577. Now, with more BTRFS, more rootkits, and more Linux attacks. #FOR577 #SANSSecWest
Reposted by Jim Clausing
New tool: immutable.py https://isc.sans.edu/diary/31598
January 18, 2025 at 4:56 AM
New tool: immutable.py https://isc.sans.edu/diary/31598
I just posted a Handler's Diary, I've released a python script to find Linux files with the immutable bit set. #FOR577 @sansisc.bsky.social #SANSDFIR isc.sans.edu/diary/New+to...
New tool: immutable.py - SANS Internet Storm Center
New tool: immutable.py, Author: Jim Clausing
isc.sans.edu
January 18, 2025 at 5:40 AM
I just posted a Handler's Diary, I've released a python script to find Linux files with the immutable bit set. #FOR577 @sansisc.bsky.social #SANSDFIR isc.sans.edu/diary/New+to...
Reposted by Jim Clausing
November 30, 2024 at 1:00 PM
Reposted by Jim Clausing
if you have a @github.com profile, can i ask you to update it with your @bsky.app handle? 🙏
👉 it enables some very cool integrations, like auto curated feeds and starter packs for contributors and tech
👉 it enables some very cool integrations, like auto curated feeds and starter packs for contributors and tech
November 23, 2024 at 1:53 PM
if you have a @github.com profile, can i ask you to update it with your @bsky.app handle? 🙏
👉 it enables some very cool integrations, like auto curated feeds and starter packs for contributors and tech
👉 it enables some very cool integrations, like auto curated feeds and starter packs for contributors and tech
Reposted by Jim Clausing
Since I'm trying out #Bluesky, I figured I should add in support for it in Unfurl!
The v2024.11.20 release has some minor updates, but the biggest feature is the ability to parse a timestamp from Bluesky post IDs (or atproto TIDs).
Example: dfir.blog/unfurl/?url=...
Give it a try at unfurl.link!
The v2024.11.20 release has some minor updates, but the biggest feature is the ability to parse a timestamp from Bluesky post IDs (or atproto TIDs).
Example: dfir.blog/unfurl/?url=...
Give it a try at unfurl.link!
November 21, 2024 at 4:19 AM
Since I'm trying out #Bluesky, I figured I should add in support for it in Unfurl!
The v2024.11.20 release has some minor updates, but the biggest feature is the ability to parse a timestamp from Bluesky post IDs (or atproto TIDs).
Example: dfir.blog/unfurl/?url=...
Give it a try at unfurl.link!
The v2024.11.20 release has some minor updates, but the biggest feature is the ability to parse a timestamp from Bluesky post IDs (or atproto TIDs).
Example: dfir.blog/unfurl/?url=...
Give it a try at unfurl.link!
Reposted by Jim Clausing
Awesome research ! - The Nearest Neighbor Attack: How A Russian #APT Weaponized Nearby Wi-Fi Networks for Covert Access - @volexity.com - www.volexity.com/blog/2024/11... #cyberespionage
November 23, 2024 at 8:32 AM
Awesome research ! - The Nearest Neighbor Attack: How A Russian #APT Weaponized Nearby Wi-Fi Networks for Covert Access - @volexity.com - www.volexity.com/blog/2024/11... #cyberespionage
November 23, 2024 at 1:59 PM
Reposted by Jim Clausing
Daughter tells me she heard today that if you wear a band T-shirt (especially as a young woman) and a man says to you “name five of their songs”, the correct response is “name five women who trust you”, so I pass this on in case any of you need it
February 20, 2024 at 7:01 PM
Daughter tells me she heard today that if you wear a band T-shirt (especially as a young woman) and a man says to you “name five of their songs”, the correct response is “name five women who trust you”, so I pass this on in case any of you need it
So, I was considering the cost of #12DaysOfChrostmas gifts from #truelove and was wondering do I need to include 12 pear trees or can she just use the 2 we already have?
December 25, 2023 at 3:57 PM
So, I was considering the cost of #12DaysOfChrostmas gifts from #truelove and was wondering do I need to include 12 pear trees or can she just use the 2 we already have?
Join me for one of the last opportunities to take #SANS #FOR610 this year in virtual Phoenix/Tempe. #malware #malwareanalysis www.sans.org/cyber-securi...
SANS Phoenix 2023 | Cyber Security Training
SANS Phoenix 2023 (Dec 4-9) offers hands-on cybersecurity training taught by top industry practitioners. Attend Live Online or in Tempe, TX.
www.sans.org
October 29, 2023 at 1:34 AM
Join me for one of the last opportunities to take #SANS #FOR610 this year in virtual Phoenix/Tempe. #malware #malwareanalysis www.sans.org/cyber-securi...
I dropped a quick little tool today after some discussion on class today of the /proc filesystem and network connections #dfir #for577 isc.sans.edu/diary/New%20...
New tool: le-hex-to-ip.py - SANS Internet Storm Center
New tool: le-hex-to-ip.py, Author: Jim Clausing
isc.sans.edu
October 5, 2023 at 9:19 PM
I dropped a quick little tool today after some discussion on class today of the /proc filesystem and network connections #dfir #for577 isc.sans.edu/diary/New%20...
Interested in learning #malware analysis Down Under? Join me as we bring SANS #FOR610 back to Syney in September
July 27, 2023 at 5:50 PM
Interested in learning #malware analysis Down Under? Join me as we bring SANS #FOR610 back to Syney in September
Time to crown some new REM Masters in Singapore. Who will they be?
July 15, 2023 at 12:48 AM
Time to crown some new REM Masters in Singapore. Who will they be?