Rory
@sleuthifer.bsky.social
// Digging through ya artifacts - DFIR // Running out of “It is what it is” // Dumpster Firefighter -> Preventer of Dumpster Fires @ Internal SecOps
Crack up read from the WATCHTOWR team, highly recommend for an educational giggle.
labs.watchtowr.com/more-governm...
labs.watchtowr.com/more-governm...
Backdooring Your Backdoors - Another $20 Domain, More Governments
After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process...
labs.watchtowr.com
January 9, 2025 at 8:47 AM
Crack up read from the WATCHTOWR team, highly recommend for an educational giggle.
labs.watchtowr.com/more-governm...
labs.watchtowr.com/more-governm...
Reposted by Rory
Happy New Year! 🎉🥳 The first 13Cubed episode of 2025 is here! Let's explore some groundbreaking research from CyberCX on “rewinding the NTFS USN Journal.” www.youtube.com/watch?v=GDc8... #DFIR
Be Kind, Rewind... The USN Journal
YouTube video by 13Cubed
www.youtube.com
January 6, 2025 at 12:36 PM
Happy New Year! 🎉🥳 The first 13Cubed episode of 2025 is here! Let's explore some groundbreaking research from CyberCX on “rewinding the NTFS USN Journal.” www.youtube.com/watch?v=GDc8... #DFIR
Reposted by Rory
Reposted by Rory
Reposted by Rory
How do you track DFIR timelines and findings? There doesn't seem to be a one size fits all solution in the industry.
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
CrowdStrike Services Releases Free Incident Response Tracker
This blog post provides an overview of the newly released CrowdStrike Incident Response Tracker and how it is leveraged by our experts on the front lines.
www.crowdstrike.com
January 3, 2025 at 7:41 PM
How do you track DFIR timelines and findings? There doesn't seem to be a one size fits all solution in the industry.
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...
Reposted by Rory
So, the other day I started to whisper and my wife asked why I was whispering? I told her I didn't want Mark Zuckerberg to hear us.
I laughed.
My wife laughed.
Alexa laughed.
Siri laughed.
I laughed.
My wife laughed.
Alexa laughed.
Siri laughed.
December 30, 2024 at 11:11 AM
So, the other day I started to whisper and my wife asked why I was whispering? I told her I didn't want Mark Zuckerberg to hear us.
I laughed.
My wife laughed.
Alexa laughed.
Siri laughed.
I laughed.
My wife laughed.
Alexa laughed.
Siri laughed.
Reposted by Rory
December 16, 2024 at 9:58 PM
Sir please! Some respect.
December 10, 2024 at 1:16 PM
Sir please! Some respect.
Ojai
Catching Flies, The West Green Quartet · Ojai · Song · 2024
open.spotify.com
December 9, 2024 at 11:33 AM
Reposted by Rory
That little countdown on 2FA apps stresses the shit out of me. I feel like I'm diffusing a bomb.
If it gets into the red, I just wait. I can't handle the stress.
If it gets into the red, I just wait. I can't handle the stress.
November 26, 2024 at 4:53 PM
That little countdown on 2FA apps stresses the shit out of me. I feel like I'm diffusing a bomb.
If it gets into the red, I just wait. I can't handle the stress.
If it gets into the red, I just wait. I can't handle the stress.
Reposted by Rory
I created this meme to commemorate the death of Twitter
November 20, 2024 at 1:34 AM
I created this meme to commemorate the death of Twitter
Couldn’t agree more… the old adage of if it wasn’t documented, it didn’t happen applies so much more in the fog of war and onwards
When I do incident response (real or tabletop) I always stress how important the role of Scribe is for a team to operate efficiently and effectively. The longer the response period, the more valuable a good scribe is. I saw that in action today, and a good scribe is a wonder to behold.
#DFIR
#DFIR
a man is writing in a notebook with a pen .
Alt: a man is writing in a notebook with a pen .
media.tenor.com
November 19, 2024 at 10:57 PM
Couldn’t agree more… the old adage of if it wasn’t documented, it didn’t happen applies so much more in the fog of war and onwards
Reposted by Rory
Bluesky now has over 20M people!! 🎉
We've been adding over a million users per day for the last few days. To celebrate, here are 20 fun facts about Bluesky:
We've been adding over a million users per day for the last few days. To celebrate, here are 20 fun facts about Bluesky:
November 19, 2024 at 6:51 PM
Bluesky now has over 20M people!! 🎉
We've been adding over a million users per day for the last few days. To celebrate, here are 20 fun facts about Bluesky:
We've been adding over a million users per day for the last few days. To celebrate, here are 20 fun facts about Bluesky:
Asking where I submit my timesheets, on my first day at new company… “we don’t have timesheets here mate”
a cat is laying on a blue blanket with its mouth open and yawning .
ALT: a cat is laying on a blue blanket with its mouth open and yawning .
media.tenor.com
November 19, 2024 at 2:35 AM
Asking where I submit my timesheets, on my first day at new company… “we don’t have timesheets here mate”
Buldak hot double noodles IYKYK
It would literally destroy your colon
November 13, 2024 at 6:51 PM
Buldak hot double noodles IYKYK
Reposted by Rory
November 11, 2024 at 9:10 PM
It’s good to see the infosec community getting back to quality memes and actually interesting to read content… nice
a man with a beard is making a funny face with his eyes closed and the words `` click '' written next to him .
ALT: a man with a beard is making a funny face with his eyes closed and the words `` click '' written next to him .
media.tenor.com
November 13, 2024 at 12:51 AM
It’s good to see the infosec community getting back to quality memes and actually interesting to read content… nice
