Thomas W.
@tacotuesday23.bsky.social
USAF vet, imposter syndrome fighter, Digital Forensicator, and perpetual learner
Reposted by Thomas W.
Have you ever needed a ready-to-go #DFIR triage collector in a pinch? I got you covered!
All you need to remember is triage.zip 🚀
It's a prebuilt Velociraptor collector configured to grab all the things you probably need for initial forensic analysis.
All you need to remember is triage.zip 🚀
It's a prebuilt Velociraptor collector configured to grab all the things you probably need for initial forensic analysis.
Triage.zip - Collector Package
triage.zip
March 14, 2025 at 9:31 PM
Have you ever needed a ready-to-go #DFIR triage collector in a pinch? I got you covered!
All you need to remember is triage.zip 🚀
It's a prebuilt Velociraptor collector configured to grab all the things you probably need for initial forensic analysis.
All you need to remember is triage.zip 🚀
It's a prebuilt Velociraptor collector configured to grab all the things you probably need for initial forensic analysis.
Reposted by Thomas W.
For those looking to practice a realistic #DFIR scenario, here is a free case for you to investigate.
Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File
Link: bluecapesecurity.com/courses/elev...
Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File
Link: bluecapesecurity.com/courses/elev...
Elevate Your DFIR Skills: Deeper Insights and Practical Applications - Blue Cape Security
bluecapesecurity.com
December 28, 2024 at 4:18 PM
For those looking to practice a realistic #DFIR scenario, here is a free case for you to investigate.
Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File
Link: bluecapesecurity.com/courses/elev...
Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File
Link: bluecapesecurity.com/courses/elev...
Reposted by Thomas W.
🚀 Excited to announce the alpha release of NIMS - a Notion-based Incident Management System!
Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.
#InfoSec #DFIR #IncidentResponse #SecOps #Notion
Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.
#InfoSec #DFIR #IncidentResponse #SecOps #Notion
January 7, 2025 at 12:42 AM
🚀 Excited to announce the alpha release of NIMS - a Notion-based Incident Management System!
Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.
#InfoSec #DFIR #IncidentResponse #SecOps #Notion
Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.
#InfoSec #DFIR #IncidentResponse #SecOps #Notion
Reposted by Thomas W.
I had a look at #OpenRelik last year and wrote a couple workers that might be useful:
* github.com/tomchop/open...: Scan memory images using @volatilityfoundation.org plugins. Supports Yara rules
* github.com/tomchop/open... - Run Yara rules on a directory. Supports third-party systems like #Yeti!
* github.com/tomchop/open...: Scan memory images using @volatilityfoundation.org plugins. Supports Yara rules
* github.com/tomchop/open... - Run Yara rules on a directory. Supports third-party systems like #Yeti!
January 7, 2025 at 6:07 PM
Reposted by Thomas W.
Hayabusa - A sigma-based threat hunting and fast forensics 🔎 timeline generator for Windows event logs.
It can easily be integrated with other hunting & DFIR tools such as Velociraptor & OpenRelik.
Check it out 🔥🔥:
github.com/Yamato-Secur...
#threathunting #DFIR #sigma #cybersecurity #infosec
It can easily be integrated with other hunting & DFIR tools such as Velociraptor & OpenRelik.
Check it out 🔥🔥:
github.com/Yamato-Secur...
#threathunting #DFIR #sigma #cybersecurity #infosec
GitHub - Yamato-Security/hayabusa: Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs. - Yamato-Security/hayabusa
github.com
January 12, 2025 at 11:43 PM
Hayabusa - A sigma-based threat hunting and fast forensics 🔎 timeline generator for Windows event logs.
It can easily be integrated with other hunting & DFIR tools such as Velociraptor & OpenRelik.
Check it out 🔥🔥:
github.com/Yamato-Secur...
#threathunting #DFIR #sigma #cybersecurity #infosec
It can easily be integrated with other hunting & DFIR tools such as Velociraptor & OpenRelik.
Check it out 🔥🔥:
github.com/Yamato-Secur...
#threathunting #DFIR #sigma #cybersecurity #infosec