Mari DeGrazia
@maridegrazia.bsky.social
Digital Forensics and Incident Response
SANS Instructor
CyberSecurity
VR E-Sports
Maker
SANS Instructor
CyberSecurity
VR E-Sports
Maker
Overheard in the grocery store last night:
"Why is beefstew not a good password?"
Me, in my head: "That's terrible. No random numbers, letters, symbols.. actually random phrases..."
Them: "It's not stroganoff"
"Why is beefstew not a good password?"
Me, in my head: "That's terrible. No random numbers, letters, symbols.. actually random phrases..."
Them: "It's not stroganoff"
August 22, 2025 at 4:06 PM
Overheard in the grocery store last night:
"Why is beefstew not a good password?"
Me, in my head: "That's terrible. No random numbers, letters, symbols.. actually random phrases..."
Them: "It's not stroganoff"
"Why is beefstew not a good password?"
Me, in my head: "That's terrible. No random numbers, letters, symbols.. actually random phrases..."
Them: "It's not stroganoff"
Check out this cool new open-source Dark Web Monitoring AI Agent platform by AI Anytime - it looks like it will work with a local LLM too. I know what my next weekend project is going to be :) #AI #LocalLLMs #DFIR
www.youtube.com/watch?v=9e24...
www.youtube.com/watch?v=9e24...
AI Agents for Dark Web Monitoring | AI for Security Agencies
YouTube video by AI Anytime
www.youtube.com
August 21, 2025 at 9:15 PM
Check out this cool new open-source Dark Web Monitoring AI Agent platform by AI Anytime - it looks like it will work with a local LLM too. I know what my next weekend project is going to be :) #AI #LocalLLMs #DFIR
www.youtube.com/watch?v=9e24...
www.youtube.com/watch?v=9e24...
I'm a big believer in local LLMs for DFIR—privacy & security matter. In my keynote, "How to DFIR AI-ze Your Workflow," I demo how to use local LLMs with FOSS tools + share common pitfalls. 🎥 youtu.be/eG2wHGIPCaQ?... #DFIR #FOSS @sansinstitute.bsky.social
Keynote | DFIR AI-ze Your Workflow
YouTube video by SANS Digital Forensics and Incident Response
youtu.be
August 18, 2025 at 2:09 PM
I'm a big believer in local LLMs for DFIR—privacy & security matter. In my keynote, "How to DFIR AI-ze Your Workflow," I demo how to use local LLMs with FOSS tools + share common pitfalls. 🎥 youtu.be/eG2wHGIPCaQ?... #DFIR #FOSS @sansinstitute.bsky.social
Check out this excellent blog post by Ryan Chapman from last month's Stay Ahead of Ransomware live stream. I was bummed I missed this one, but Ryan's recap is great. #DFIR
www.sans.org/blog/shaking...
www.sans.org/blog/shaking...
July 28, 2025 at 7:51 PM
Check out this excellent blog post by Ryan Chapman from last month's Stay Ahead of Ransomware live stream. I was bummed I missed this one, but Ryan's recap is great. #DFIR
www.sans.org/blog/shaking...
www.sans.org/blog/shaking...
The SANS #DFIR Summit has always been one of my favorite conferences to attend. This year, I'm excited and honored to be giving the keynote! Attend in person or attend online for free! www.sans.org/cyber-securi...
Digital Forensics & Incident Response Summit & Training 2025 | SANS Institute
Obtain hands-on, practical skills from the world's best instructors by taking a SANS course at DFIR Summit & Training 2025.
www.sans.org
July 7, 2025 at 5:40 PM
The SANS #DFIR Summit has always been one of my favorite conferences to attend. This year, I'm excited and honored to be giving the keynote! Attend in person or attend online for free! www.sans.org/cyber-securi...
The SANS Institute #DFIR Summit has always been one of my favorite conferences to attend. This year, I'm excited and honored to be giving the keynote! Attend in person or attend online for free - www.sans.org/cyber-securi...
Digital Forensics & Incident Response Summit & Training 2025 | SANS Institute
Obtain hands-on, practical skills from the world's best instructors by taking a SANS course at DFIR Summit & Training 2025.
www.sans.org
July 7, 2025 at 5:36 PM
The SANS Institute #DFIR Summit has always been one of my favorite conferences to attend. This year, I'm excited and honored to be giving the keynote! Attend in person or attend online for free - www.sans.org/cyber-securi...
It's almost here!!! Join Ryan Chapman and me at the SANS Ransomware Summit tomorrow. I will also be hosting an AI workshop over lunch. Learn how to install and use a local LLM. Register for the free conference and workshop here: www.sans.org/cyber-securi...
Ransomware Summit | SANS Institute
SANS Ransomware Summit provides the very best forum for ransomware content and applicable lessons to safeguard ourselves and our organizations from harmful ransomware tactics.
www.sans.org
May 29, 2025 at 6:14 PM
It's almost here!!! Join Ryan Chapman and me at the SANS Ransomware Summit tomorrow. I will also be hosting an AI workshop over lunch. Learn how to install and use a local LLM. Register for the free conference and workshop here: www.sans.org/cyber-securi...
Thinking about taking the SANS 528 Ransomware course? I love teaching it—not only do we focus on ransomware, but also host-based forensics and analysis at scale. It's great for a wide range of investigations!
Use code FOR528-SUMMIT for 30% off
www.sans.org/cyber-securi...
Use code FOR528-SUMMIT for 30% off
www.sans.org/cyber-securi...
Ransomware Summit | SANS Institute
SANS Ransomware Summit provides the very best forum for ransomware content and applicable lessons to safeguard ourselves and our organizations from harmful ransomware tactics.
www.sans.org
May 19, 2025 at 4:27 PM
Thinking about taking the SANS 528 Ransomware course? I love teaching it—not only do we focus on ransomware, but also host-based forensics and analysis at scale. It's great for a wide range of investigations!
Use code FOR528-SUMMIT for 30% off
www.sans.org/cyber-securi...
Use code FOR528-SUMMIT for 30% off
www.sans.org/cyber-securi...
Reposted by Mari DeGrazia
🚨 New blog: BlackBasta’s leaks show how ransomware crews still exploit hybrid environments while Scattered Spider leans fully into cloud.
Two actors, two strategies. What it means for IR, cloud defense, and ransomware readiness.
👉 invictus-ir.com/news/cloud-h...
#DFIR #CloudSecurity #CTI
Two actors, two strategies. What it means for IR, cloud defense, and ransomware readiness.
👉 invictus-ir.com/news/cloud-h...
#DFIR #CloudSecurity #CTI
Cloud Heavy, Hybrid Ready: Lessons from BlackBasta and Scattered Spider
invictus-ir.com
April 2, 2025 at 12:57 PM
🚨 New blog: BlackBasta’s leaks show how ransomware crews still exploit hybrid environments while Scattered Spider leans fully into cloud.
Two actors, two strategies. What it means for IR, cloud defense, and ransomware readiness.
👉 invictus-ir.com/news/cloud-h...
#DFIR #CloudSecurity #CTI
Two actors, two strategies. What it means for IR, cloud defense, and ransomware readiness.
👉 invictus-ir.com/news/cloud-h...
#DFIR #CloudSecurity #CTI
Join me, Ryan Chapman and guest @ransomwaresommelier.com today at 10AM PT/ 1PM ET as we talk about the state of Ransomware payments. www.linkedin.com/events/73031...
The State of Ransomware Payments | LinkedIn
Episode One: The State of Ransomware Payments
What's going on with ransomware payments? Have they dropped off? Have they gone up? What are we in the global IT community seeing in terms of ransomware ...
www.linkedin.com
April 1, 2025 at 3:34 PM
Join me, Ryan Chapman and guest @ransomwaresommelier.com today at 10AM PT/ 1PM ET as we talk about the state of Ransomware payments. www.linkedin.com/events/73031...
Reposted by Mari DeGrazia
Anthropic explores the advancements and implications of frontier AI.''s dual-use capabilities in cybersecurity and biology. Learn more about their strategies to navigate emerging risks: https://www.anthropic.com/news/strategic-warning-for-ai-risk-progress-and-insights-from-our-frontier-red-team
March 21, 2025 at 3:01 PM
Anthropic explores the advancements and implications of frontier AI.''s dual-use capabilities in cybersecurity and biology. Learn more about their strategies to navigate emerging risks: https://www.anthropic.com/news/strategic-warning-for-ai-risk-progress-and-insights-from-our-frontier-red-team
Reposted by Mari DeGrazia
“Your face looks like a museum.”
For all my geology + ocean peeps 🧪🪨🌊
For all my geology + ocean peeps 🧪🪨🌊
This is phenomenal geology humor (full video at www.instagram.com/reel/DHHL3fI...)
March 13, 2025 at 2:12 AM
“Your face looks like a museum.”
For all my geology + ocean peeps 🧪🪨🌊
For all my geology + ocean peeps 🧪🪨🌊
Like usual, the airport charging station is not working. I found a working plug in a pillar and all these strangers are plugged into my charging hub instead 😂 #JustTravelThings
February 12, 2025 at 9:22 PM
Like usual, the airport charging station is not working. I found a working plug in a pillar and all these strangers are plugged into my charging hub instead 😂 #JustTravelThings
Reposted by Mari DeGrazia
Should you pursue the leadership track or thrive as an individual contributor in cybersecurity? Join us for a panel discussion on February 13 with top security leaders as they share insights on making this career-defining choice. Register now: us06web.zoom.us/meeting/regi...
February 3, 2025 at 3:23 PM
Should you pursue the leadership track or thrive as an individual contributor in cybersecurity? Join us for a panel discussion on February 13 with top security leaders as they share insights on making this career-defining choice. Register now: us06web.zoom.us/meeting/regi...
This is really cool and runs 100% locally - a silent speech recognition tool that reads your lips in real time and types whatever you mouth. The power of local LLMs is amazing. Open source too! - github.com/amanvirparha... #AI.
February 3, 2025 at 2:47 PM
This is really cool and runs 100% locally - a silent speech recognition tool that reads your lips in real time and types whatever you mouth. The power of local LLMs is amazing. Open source too! - github.com/amanvirparha... #AI.
I'm honored to be hosting the SANS Institute Ransomware Summit in May with Ryan Chapman. 5 days left to submit a talk - we want to hear from you! www.sans.org/mlp/ransomwa...
January 25, 2025 at 4:10 PM
I'm honored to be hosting the SANS Institute Ransomware Summit in May with Ryan Chapman. 5 days left to submit a talk - we want to hear from you! www.sans.org/mlp/ransomwa...
WinSCP and Rclone are used by this TA (and others) to exfiltrate data... check out my presentation on WinSCP artifacts to help locate relevant evidence : www.youtube.com/watch?v=sCqy...
January 24, 2025 at 11:05 PM
WinSCP and Rclone are used by this TA (and others) to exfiltrate data... check out my presentation on WinSCP artifacts to help locate relevant evidence : www.youtube.com/watch?v=sCqy...
This is one of my favorite #DFIR #INFOSEC conferences to attend. They have workshops for kids that I want to attend! Kids and students are free, and just $25 to attend. Well worth the price.
CactusCon is FEBRUARY 14-15, packed with great talks, people, and sponsors.
Much thanks to our Gold Sponsor Hunters. They've got a SIEM packed with automation and AI to help cybersecurity teams deal with threats. Meet their team in the Main Hall at CC13!
#cc13
Much thanks to our Gold Sponsor Hunters. They've got a SIEM packed with automation and AI to help cybersecurity teams deal with threats. Meet their team in the Main Hall at CC13!
#cc13
January 24, 2025 at 10:12 PM
One of my favorite tools for BEC cases just had a nice update! If you are working BEC cases, make sure and check it out
www.invictus-ir.com/news/the-mic...
www.invictus-ir.com/news/the-mic...
Release: Microsoft Extractor Suite v3
www.invictus-ir.com
January 24, 2025 at 4:12 PM
One of my favorite tools for BEC cases just had a nice update! If you are working BEC cases, make sure and check it out
www.invictus-ir.com/news/the-mic...
www.invictus-ir.com/news/the-mic...
Reposted by Mari DeGrazia
Time for a decaf latte and a wrap up from last week's forensic goodies!
December 29, 2024 at 8:12 PM
Time for a decaf latte and a wrap up from last week's forensic goodies!
Reposted by Mari DeGrazia
For those looking to practice a realistic #DFIR scenario, here is a free case for you to investigate.
Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File
Link: bluecapesecurity.com/courses/elev...
Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File
Link: bluecapesecurity.com/courses/elev...
Elevate Your DFIR Skills: Deeper Insights and Practical Applications - Blue Cape Security
bluecapesecurity.com
December 28, 2024 at 4:18 PM
For those looking to practice a realistic #DFIR scenario, here is a free case for you to investigate.
Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File
Link: bluecapesecurity.com/courses/elev...
Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File
Link: bluecapesecurity.com/courses/elev...
Found my first #cruisingducks during my Christmas 🎄 cruise this year. Should I rehide it, or keep it???
December 24, 2024 at 2:57 PM
Found my first #cruisingducks during my Christmas 🎄 cruise this year. Should I rehide it, or keep it???