Markus
@mascho.bsky.social
💻 Blue Team Training @ Blue Cape Security
Pinned
Markus
@mascho.bsky.social
· Mar 19
We just released a course that embodies our core principles: learn + practice + assess > and it’s free!
DFIR Foundations and Techniques: Professional Skills and Readiness
=> For SecOps and DFIR professionals
Full course: tinyurl.com/mu77u3ab
Youtube playlist: tinyurl.com/2s3n7nfx
#dfir #secops
DFIR Foundations and Techniques: Professional Skills and Readiness
=> For SecOps and DFIR professionals
Full course: tinyurl.com/mu77u3ab
Youtube playlist: tinyurl.com/2s3n7nfx
#dfir #secops
Just dropped: Our hands-on Windows Forensics investigation scenarios are live! 🔍
-> 20% OFF with code START200
bluecapesecurity.com/practice/#FO...
Enjoy!
-> 20% OFF with code START200
bluecapesecurity.com/practice/#FO...
Enjoy!
Practice - Blue Cape Security
Enrollment now open: FOR200 Investigation Scenarios Limited Time Offer: 20% OFF FOR200 and HERO BundleCode: START200 — Ends May 23 PRACTICE Hands-On, RealisticInvestigation Scenarios Apply your skills...
bluecapesecurity.com
May 13, 2025 at 6:18 PM
Just dropped: Our hands-on Windows Forensics investigation scenarios are live! 🔍
-> 20% OFF with code START200
bluecapesecurity.com/practice/#FO...
Enjoy!
-> 20% OFF with code START200
bluecapesecurity.com/practice/#FO...
Enjoy!
We just released a course that embodies our core principles: learn + practice + assess > and it’s free!
DFIR Foundations and Techniques: Professional Skills and Readiness
=> For SecOps and DFIR professionals
Full course: tinyurl.com/mu77u3ab
Youtube playlist: tinyurl.com/2s3n7nfx
#dfir #secops
DFIR Foundations and Techniques: Professional Skills and Readiness
=> For SecOps and DFIR professionals
Full course: tinyurl.com/mu77u3ab
Youtube playlist: tinyurl.com/2s3n7nfx
#dfir #secops
March 19, 2025 at 5:42 PM
We just released a course that embodies our core principles: learn + practice + assess > and it’s free!
DFIR Foundations and Techniques: Professional Skills and Readiness
=> For SecOps and DFIR professionals
Full course: tinyurl.com/mu77u3ab
Youtube playlist: tinyurl.com/2s3n7nfx
#dfir #secops
DFIR Foundations and Techniques: Professional Skills and Readiness
=> For SecOps and DFIR professionals
Full course: tinyurl.com/mu77u3ab
Youtube playlist: tinyurl.com/2s3n7nfx
#dfir #secops
Still reminiscing about the incredible time at @wildwesthackinfest.bsky.social last week and now counting down to IntelliCon next week in Austin! If you haven’t grabbed your ticket yet, there’s still time: www.intelliguards.com/event-detail...
February 12, 2025 at 1:46 PM
Still reminiscing about the incredible time at @wildwesthackinfest.bsky.social last week and now counting down to IntelliCon next week in Austin! If you haven’t grabbed your ticket yet, there’s still time: www.intelliguards.com/event-detail...
Final modules for our 301 Enterprise DFIR course have been uploaded. What a journey after developing, analyzing and recording all the materials over many months of work!
I'm excited about the course and also looking forward to head to the WWHF conference next week. Reach out if you are there!
I'm excited about the course and also looking forward to head to the WWHF conference next week. Reach out if you are there!
January 30, 2025 at 11:07 PM
Final modules for our 301 Enterprise DFIR course have been uploaded. What a journey after developing, analyzing and recording all the materials over many months of work!
I'm excited about the course and also looking forward to head to the WWHF conference next week. Reach out if you are there!
I'm excited about the course and also looking forward to head to the WWHF conference next week. Reach out if you are there!
Proud to present our brand new training page and offering for individuals @ Blue Cape Security:
- 301 Enterprise DFIR course launched
- HERO Bundle including 101 / 201 / 301 courses
- Blue Team Master Program is public again
bluecapesecurity.com/individual-t...
HMU for questions or feedback! 💙
- 301 Enterprise DFIR course launched
- HERO Bundle including 101 / 201 / 301 courses
- Blue Team Master Program is public again
bluecapesecurity.com/individual-t...
HMU for questions or feedback! 💙
Course and Programs | Individual Training - Blue Cape Security
Practical Cybersecurity Training Built for Real-World Investigations Hands-On, Scenario-Based Training to Master Cyber Threats and Elevate Your Career training roadmap on-demand courses Our courses in...
bluecapesecurity.com
January 28, 2025 at 2:42 PM
Proud to present our brand new training page and offering for individuals @ Blue Cape Security:
- 301 Enterprise DFIR course launched
- HERO Bundle including 101 / 201 / 301 courses
- Blue Team Master Program is public again
bluecapesecurity.com/individual-t...
HMU for questions or feedback! 💙
- 301 Enterprise DFIR course launched
- HERO Bundle including 101 / 201 / 301 courses
- Blue Team Master Program is public again
bluecapesecurity.com/individual-t...
HMU for questions or feedback! 💙
We have a giveaway of our brand new course bundle over at LinkedIn for those interested: www.linkedin.com/posts/blueca...
Only 2 more days!
Only 2 more days!
Blue Cape Security on LinkedIn: #cybersecurity #bluecapesecurity #incidentresponse #dfirtraining… | 11 comments
🎉 Big Giveaway: Win our brand new HERO Bundle (101 / 201 / 301 courses)!
Here’s how to enter:
→ Follow us here on LinkedIn (@BlueCapeSecurity)
→ Like this… | 11 comments on LinkedIn
www.linkedin.com
January 23, 2025 at 2:47 PM
We have a giveaway of our brand new course bundle over at LinkedIn for those interested: www.linkedin.com/posts/blueca...
Only 2 more days!
Only 2 more days!
Lots of great things coming next week! 301 Enterprise DFIR course - Launch Party with a special guest, new course bundles and more!
Live Stream: youtube.com/live/MgG_pT1...
Live Stream: youtube.com/live/MgG_pT1...
January 22, 2025 at 3:58 AM
Lots of great things coming next week! 301 Enterprise DFIR course - Launch Party with a special guest, new course bundles and more!
Live Stream: youtube.com/live/MgG_pT1...
Live Stream: youtube.com/live/MgG_pT1...
Since enabling Apple Intelligence an uncontrollable amount of notifications keep popping up (e.g. continuously when I'm screen sharing on Zoom). It doesn't seem they've gotten much smarter navigating me to my webinars either..
January 16, 2025 at 4:31 AM
Since enabling Apple Intelligence an uncontrollable amount of notifications keep popping up (e.g. continuously when I'm screen sharing on Zoom). It doesn't seem they've gotten much smarter navigating me to my webinars either..
Reposted by Markus
🚀 Excited to announce the alpha release of NIMS - a Notion-based Incident Management System!
Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.
#InfoSec #DFIR #IncidentResponse #SecOps #Notion
Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.
#InfoSec #DFIR #IncidentResponse #SecOps #Notion
January 7, 2025 at 12:42 AM
🚀 Excited to announce the alpha release of NIMS - a Notion-based Incident Management System!
Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.
#InfoSec #DFIR #IncidentResponse #SecOps #Notion
Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.
#InfoSec #DFIR #IncidentResponse #SecOps #Notion
How do you track DFIR timelines and findings? There doesn't seem to be a one size fits all solution in the industry.
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
CrowdStrike Services Releases Free Incident Response Tracker
This blog post provides an overview of the newly released CrowdStrike Incident Response Tracker and how it is leveraged by our experts on the front lines.
www.crowdstrike.com
January 3, 2025 at 7:41 PM
How do you track DFIR timelines and findings? There doesn't seem to be a one size fits all solution in the industry.
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
The best conference in the industry is only 1 month away 🤠
I'll be teaching the 2-day Ransomware Attack Simulation and Investigation for Blue Teamers workshop with in-person and virtual seats available!
I’m looking forward to reconnecting with old friends and making new ones at this amazing event!
I'll be teaching the 2-day Ransomware Attack Simulation and Investigation for Blue Teamers workshop with in-person and virtual seats available!
I’m looking forward to reconnecting with old friends and making new ones at this amazing event!
December 31, 2024 at 7:12 PM
The best conference in the industry is only 1 month away 🤠
I'll be teaching the 2-day Ransomware Attack Simulation and Investigation for Blue Teamers workshop with in-person and virtual seats available!
I’m looking forward to reconnecting with old friends and making new ones at this amazing event!
I'll be teaching the 2-day Ransomware Attack Simulation and Investigation for Blue Teamers workshop with in-person and virtual seats available!
I’m looking forward to reconnecting with old friends and making new ones at this amazing event!
For those looking to practice a realistic #DFIR scenario, here is a free case for you to investigate.
Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File
Link: bluecapesecurity.com/courses/elev...
Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File
Link: bluecapesecurity.com/courses/elev...
Elevate Your DFIR Skills: Deeper Insights and Practical Applications - Blue Cape Security
bluecapesecurity.com
December 28, 2024 at 4:18 PM
For those looking to practice a realistic #DFIR scenario, here is a free case for you to investigate.
Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File
Link: bluecapesecurity.com/courses/elev...
Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File
Link: bluecapesecurity.com/courses/elev...
AWS: Welcome back! Your t2.xlarge EC2's have been running happily over the holidays 🥲
December 27, 2024 at 11:41 PM
AWS: Welcome back! Your t2.xlarge EC2's have been running happily over the holidays 🥲
December 22, 2024 at 3:18 AM
Looking forward to present our maturity model tomorrow live! Finally visualized the way how we do trainings for teams and individuals.
Link: bluecapesecurity.com/register
Link: bluecapesecurity.com/register
December 18, 2024 at 10:45 PM
Looking forward to present our maturity model tomorrow live! Finally visualized the way how we do trainings for teams and individuals.
Link: bluecapesecurity.com/register
Link: bluecapesecurity.com/register
Microsoft incident data sets. Haven’t had a chance to test this, but certainly looks interesting.
www.kaggle.com/datasets/Mic...
www.kaggle.com/datasets/Mic...
Microsoft Security Incident Prediction
Can you predict the next big security incident before it happens?
www.kaggle.com
December 16, 2024 at 8:36 PM
Microsoft incident data sets. Haven’t had a chance to test this, but certainly looks interesting.
www.kaggle.com/datasets/Mic...
www.kaggle.com/datasets/Mic...
Oh hey we have a webinar coming up next week!
-> Thursday, December 19th
I'll be sharing our DFIR Training Roadmap that we've been working on since the beginnings of Blue Cape Security (which is more than 2 years now) 🥹
us06web.zoom.us/webinar/regi...
-> Thursday, December 19th
I'll be sharing our DFIR Training Roadmap that we've been working on since the beginnings of Blue Cape Security (which is more than 2 years now) 🥹
us06web.zoom.us/webinar/regi...
Welcome! You are invited to join a webinar: Blue Cape Security DFIR Training Roadmap for Cybersecurity Professionals. After registering, you will receive a confirmation email about joining the webinar...
Join Markus Schober, CEO of Blue Cape Security, for a 45-minute Live webinar on December 19th at 1:00 PM ET / 10:00 AM PT. This session will introduce the Blue Cape Security DFIR Training Roadmap—a pr...
us06web.zoom.us
December 13, 2024 at 5:17 PM
Oh hey we have a webinar coming up next week!
-> Thursday, December 19th
I'll be sharing our DFIR Training Roadmap that we've been working on since the beginnings of Blue Cape Security (which is more than 2 years now) 🥹
us06web.zoom.us/webinar/regi...
-> Thursday, December 19th
I'll be sharing our DFIR Training Roadmap that we've been working on since the beginnings of Blue Cape Security (which is more than 2 years now) 🥹
us06web.zoom.us/webinar/regi...
Was just planning on releasing a new DFIR course module on log analysis, but I just uploaded:
2+ hours video
11 Splunk hands-on labs (with over 30 queries)
2 Sigma hands-on labs
Why do these things always get out of hand?
2+ hours video
11 Splunk hands-on labs (with over 30 queries)
2 Sigma hands-on labs
Why do these things always get out of hand?
December 13, 2024 at 5:05 AM
Was just planning on releasing a new DFIR course module on log analysis, but I just uploaded:
2+ hours video
11 Splunk hands-on labs (with over 30 queries)
2 Sigma hands-on labs
Why do these things always get out of hand?
2+ hours video
11 Splunk hands-on labs (with over 30 queries)
2 Sigma hands-on labs
Why do these things always get out of hand?
Currently working on a course module using Sigma detection rules. A few resources I came across and didn't know about previously were:
- Sigma rule search engine: sigmasearchengine.com
- Sigma VSC plugin: marketplace.visualstudio.com/items?itemNa...
Making Sigma rule creation much more fun :)
- Sigma rule search engine: sigmasearchengine.com
- Sigma VSC plugin: marketplace.visualstudio.com/items?itemNa...
Making Sigma rule creation much more fun :)
Sigma Search Engine
sigmasearchengine.com
December 10, 2024 at 3:16 PM
Currently working on a course module using Sigma detection rules. A few resources I came across and didn't know about previously were:
- Sigma rule search engine: sigmasearchengine.com
- Sigma VSC plugin: marketplace.visualstudio.com/items?itemNa...
Making Sigma rule creation much more fun :)
- Sigma rule search engine: sigmasearchengine.com
- Sigma VSC plugin: marketplace.visualstudio.com/items?itemNa...
Making Sigma rule creation much more fun :)
Any one have any recommendations for video cutting tools? Just for effective cutting of recorded videos for courses. Wondershare Filmora is pretty good, but always curious about what else is out there.
December 9, 2024 at 12:48 AM
Any one have any recommendations for video cutting tools? Just for effective cutting of recorded videos for courses. Wondershare Filmora is pretty good, but always curious about what else is out there.
Revolutionizing Security Operations: The Path Toward AI-Augmented SOCs open.substack.com/pub/software...
Highly recommend this post to get a grasp on how AI is transforming security operations.
Highly recommend this post to get a grasp on how AI is transforming security operations.
Revolutionizing Security Operations: The Path Toward AI-Augmented SOCs
Exploring the processes, challenges, solutions, and path toward a future of AI-Augmented Security Operations Centers (SOC)
open.substack.com
December 6, 2024 at 4:26 PM
Revolutionizing Security Operations: The Path Toward AI-Augmented SOCs open.substack.com/pub/software...
Highly recommend this post to get a grasp on how AI is transforming security operations.
Highly recommend this post to get a grasp on how AI is transforming security operations.
A curated list of Windows execution artifacts - this is just awesome work by @harrisonamj.com!
blog.1234n6.com/available-ar...
blog.1234n6.com/available-ar...
Available Artifacts - Evidence of Execution
UPDATED 2024-12-04
UPDATED 2019-01-04
This week I have been working a case where I was required to identify users on a Windows Server 2003 system who had knowledge of, or had run, a particular unau...
blog.1234n6.com
December 5, 2024 at 6:07 PM
A curated list of Windows execution artifacts - this is just awesome work by @harrisonamj.com!
blog.1234n6.com/available-ar...
blog.1234n6.com/available-ar...