Also, I dropped out of bsky before most of infosec twitter joined, so my feed is quite empty (or flooded by US politics...); are there any lists of cybersec nerds I'm missing?

GitHub - tomchop/volatility3-autoruns: Autoruns plugin for the Volatility3 framework Autoruns plugin for the Volatility3 framework. Contribute to tomchop/volatility3-autoruns development by creating an account on GitHub.

I rarely post here, but when I do... I just updated my Volatility autoruns plugin to be compatible with Volatility 3 (long overdue!) Here's the goodies: github.com/tomchop/vola... #dfir #forensics #cybersecurity

Using Timesketch for timeline analysis? We recently added a new feature: LLM summaries of up to 500 events in view. Example below uses Gemini Flash, but you can just as easily use a local Ollama model. Setup guide: timesketch.org/guides/user/...

That's not that many cabs.

Well well well, how the turntables...

Great stuff from @tomchop.me! Memory analysis and Yara support in #OpenRelik

#DFIR

Demo of the Volatility 3 worker extracting files and plugin output

Demo of the Yara scanner worker showing matches for a dumb DarkComet rule

I had a look at #OpenRelik last year and wrote a couple workers that might be useful:

* github.com/tomchop/open...: Scan memory images using @volatilityfoundation.org plugins. Supports Yara rules
* github.com/tomchop/open... - Run Yara rules on a directory. Supports third-party systems like #Yeti!

New #OpenRelik release. Task metrics (queue length, completion, failures etc) & new Prometheus exporter. Plus, a new task dashboard for deep dives into task performance.

📝 openrelik.org/changelog/
🔗 discord.gg/hg652gktwX

#DFIR

This is also the reason I never talk publicly about my dog, any favorite foods, or the season we were in < 3 months ago

I made this one, which tracks a bunch of infosec-related keywords (and blocks noisy accounts): bsky.app/profile/did:...

Looks like the kind of manual you could find in The Last of Us that would allow you to upgrade your rifle

Travel budgets are tight yo

Looks like shit just got real @swiftonsecurity.com

The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...

Probably the most riveting incident report I've read in a long time. I would've so much liked to be part of this investigation!

Kudos to @volexity.com for going into so much detail on this novel network attack technique.

www.volexity.com/blog/2024/11...

The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...

This incredible investigation is worth the time you’ll spend reading it #dfir

www.volexity.com/blog/2024/11...

if you have a @github.com profile, can i ask you to update it with your @bsky.app handle? 🙏

👉 it enables some very cool integrations, like auto curated feeds and starter packs for contributors and tech

“i know bsky is an echo chamber because those echo chamber posts keep coming back around and i know what an echo is”

There's probably less content than there was on twitter in 2012, but this already feels much nicer and relevant than what X is right now.

Shiiiiyet, I'm gonna try to not miss this edition! 🤞🏼🤞🏼🤞🏼

Amazing, thanks! skyfeed.app offers a (less polished, more hacky) similar interface but also allows you to create custom feeds

*cue pokémon battle song*

"plaso I choose you!!"

Thanks, this is useful! I also started a feed a long time ago with more generic infosec keywords: bsky.app/profile/did:...

Thinking of coming up with a Bluesky #DFIR Starter Pack with @the4711.org... who should we include?

I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission.

The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system().

It's RCE, not auth bypass, and gated/unreplayable.

Today, we published this Field Guide to incident response for civil society and media, which I’ve been working on for the past year or so and which I am pretty excited about internews.org/resource/fie...

Yes, for sure. Otherwise does the project even exist?? I tried briefly playing a bit with Dall-E but didn't get any satisfying results :(

We are looking forward to integrating formats such as dfiq.org, shipping tighter integrations with DFIR platform tools like timesketch.org, turbinia.plumbing, and misp-project.org!

Please feel free to use (and tell us when you do! we love hearing about people's use-cases), file lots of bugs, and feel free to contribute: guides, documentation, even cool screenshots, everything is welcome.

The changes in the codebase have been massive (remember, it's only 2 people working on this): 480 commits to the API server. 139 commits to the frontend SPA.