Soon, I’ll be joining an incredible team, and I truly can’t wait to begin this next chapter of my #DFIR career!

THANK YOU ALL!

After more than a decade in academia, teaching thousands of students and professionals, I’ve decided to return to the world of consulting. I’m deeply grateful to my family for their unwavering support and to everyone who has helped me grow into the person I am today. #DFIR

Course can be found here: www.suspectbehindthekeyboard.com

I want to thank @brettshavers.bsky.social for the opportunity taking his "DF/IR Investigative Mindset" course! This is an amazing course for everyone! Whether you're a vetran or just starting your #DFIR career. I can't recommend it enough.

Brett, thank you so much 🙏🏻

these are related to the idea that there is a way to run an executable disguised as a .txt / .pdf / .lol or whatever. I just have not found the time to document it yet.

Yes, prefetch files too :)

Or these PDF/TXT executables!

For those who love executables :)

🚀 Starting August, you'll be able to test your malware analysis skills with our upcoming certification exam!

Huge thanks to "Saad AHLA" for leading the development of this challenge. Get ready, this is truly a fun one!

#malware #DFIR #CyberSecurity #ThreatHunting #BlueTeam #CCMA

C5W CERTIFIED DIGITAL FORENSICS ANALYST - LIVE TRAINING The Windows Forensics course explores the forensic artifacts one may encounter when working with the Windows operating system. This course is focused on hands-on labs that covers artifacts, which are ...

Our CCDFA Bootcamp is one of the best deals in DFIR training! The course content, labs, virtual lab access, and live sessions all included.

Only have 2 seats left for the August bootcamp!
academy.cyber5w.com/courses/c5w-...

#DFIR #DigitalForensics #CyberSecurity #BlueTeam #IncidentResponse

This is what I have so far! #DFIR #ThreatSimulation #Cybersecurity #Offsec

I will be sharing all the content, which are basically the labs, files (simple tools/scripts/etc), and few presentations for anyone who would like to use in their classroom. So keep an eye out for this.

#DFIR #Cybersecurity #Infosec #ThreatHunting #ThreatSimulation

If you have the resources, maybe through an Elastic or Splunk server and use that for your investigations/hunting/etc. That will be something for you to decide/do.

I did not want to use a SIEM (Elastic/Splunk/etc) to simulate situations when you don't have such a capability, but you will still need to do hunting/investigations with limited and/or FREE tools. So we installed Sysmon on all systems and had a Velociraptor server with agents.

Threat Simulation and Hunting From Shells to Thrones - Think Like an Adversary. Hunt as a Defender. Protect the Kingdom.

Last semester I created a course to help students start learning about Threat Simulation & Hunting. I used GOAD for the testing environement. So shoutout to @M4yFly for creating GOAD. Every lab was themed around the Game of Thrones series; students liked it.

labs.cyber5w.com/courses/218b...

Week 30 - 2025 #DFIR

thisweekin4n6.com/2025/07/27/w...

A few details about the exam:
✅ Hands-on, browser-based
✅ Covers imaging, file systems & artifacts
✅ Perfect for beginners & career switchers

academy.cyber5w.com/courses/c5w-...

#DFIR #C5W #CyberSecurity #DigitalForensics

C5W Certified Digital Forensics Foundations Exam The CDFF exam validates your understanding of digital forensics fundamentals, including evidence acquisition, file systems, FTK Imager, timestamp analysis, and reporting, ideal for beginners entering ...

We created a simple certification exam "C5W Certified Digital Forensics Foundations (CDFF)" for those who took our FREE Intro to Digital Forensics course and want to test their skills #DFIR

academy.cyber5w.com/courses/c5w-...

#DFIR #C5W #CyberSecurity #DigitalForensics

C5W CERTIFIED DIGITAL FORENSICS ANALYST - LIVE TRAINING The Windows Forensics course explores the forensic artifacts one may encounter when working with the Windows operating system. This course is focused on hands-on labs that covers artifacts, which are ...

URL to Digital Forensics bootcamp:
academy.cyber5w.com/courses/c5w-...

#DFIR #DigitalForensics #CyberSecurity #C5W

If you’re looking to get into Digital Forensics, this is probably the most affordable & complete training you’ll find. The value packed into this bootcamp goes far beyond the price, & right now, there’s a discount running! #DFIR #DigitalForensics #CyberSecurity

PLEASE SHARE with others! Thank You!

🔒 Master Windows Sandbox for secure app testing!
Learn to install, configure, and safely run suspicious apps in an isolated environment.

💻 Hands-on labs included
💰 You can take it for FREE or Pay to Support Us!

labs.cyber5w.com/courses/975e...

#CyberSecurity #DFIR #C5W #WindowsSandbox #malware

This is a great opportunity for beginners to put their skills to the test! #DFIR #Cybersecurity #Infosec #DigitalForensics

We're happy to announce that @cyber5w.bsky.social is renewing their sponsorship of #OST2 at the Bronze🥉 level in 2025!
Learn more about Cyber5W and their forensics training here: ost2.fyi/Sponsor_Cybe...

It has a remote control and can be used to change the light colors 😅

They also gave me a card with all of their kind words and signatures on it !!!

Very lucky that I had such students and I will miss them a lot! Thank you for being my students ❤️

I was asked last week to help some students in the lab, but got surprised by my Digital Forensics senior students being there for one last time and giving me this gift!

I will miss you all and I am so lucky that I got to work with you for the last 4 years! THANK YOU SO MUCH ❤️

Beacon Object Files vs Tiny EXE Files TL;DR A lot of bloat in an EXE file is just the statically linked C runtime. Link dynamically to msvcrt.dll (or ucrtbase.dll on Win 10+) plus a 40-line stub, and depending on the size of the progra…

This modexp.wordpress.com/2025/04/27/b... is an interesting post by
modexpblog ... highly recommend checking it out.

Join me at the @ Techno Security & Digital Forensics Conference! I’ll be speaking on "Utilizing ETW for Ransomware Threat Detection"

Register today at technosecurity.us/east/registr... and save 10% with code SPK25

#TechnoSecurity #DFIR #Malware #Ransomware

Great thread to read #DFIR

Arsenal Image Mounter v3.11.307 is now available with minor fixes & other improvements which include improved handling of corrupt Registry hives when launching virtual machines. See the change log for more information. arsenalrecon.com/downloads #DFIR

Excited to announce that I’ll be delivering a keynote at ICTCS’25 titled:

"Beyond Tools: DFIR in the Era of Emerging Threats"

Looking forward to connecting with researchers at #ICTCS25! #DFIR #CyberSecurity #DigitalForensics