Extremely excited to announce I will be presenting at CypherCon in Milwaukee, WI in just a few days! Hoping to see some of you there and would be honored if you attend my talk. I will be talking through the ADAPT framework and investigation steps to use within DF/IR.
cyphercon.com/speaker/anal...
📣 This morning at 10AM CT on Blue Team Con Online - @chocolatecoat4n6.com presents a primer on the art of investigation, helping you identify and mitigate cybersecurity threats.
Join on YouTube: btcon.link/youtube
Join on Twitch: btcon.link/twitch
I know it’s not perfect, but I hope this provides the community something to work from, based on my years of IR experience. I am always open to feedback, changes or even something that might just need to be removed. If you try it out, I’d love to get your thoughts!
I’ve always felt like there was a gap to teach analysts how to investigate no matter the evidence. No scenario specific playbook, no AI, no limited workflow only intended for niche evidence and no marketing wording that is difficult to interpret when the stress is on.
After years of experience, trial & error and research, I finally put together my framework for analysts (IR , SOC, IT, if you investigated technical data this is for you).
🐙 ADAPT (Approach, Discovery, Association, Profile, Timeline)
chocolatecoat4n6.com/2026/01/23/p...
#DFIR #Cybersecurity
White text reading "HUMANS OF TALOS" on a navy background, with the Cisco Talos logo beneath and orange and purple chat boxes around the title.
Terryn Valikodath never imagined that a childhood jailbreaking iPhones and exploring criminal forensics would land him in incident response. Hear him recount the journey in our latest episode: cs.co/63324Cxnam
Put your cyber skills to the test with Talos’ 12 Days of Malware, featuring insights from Talos-driven research published throughout the year. Try to guess the threat actor or tool in as few clues as possible, and share how you did in the comments below: blog.talosintelligence.com/salt-typhoon...
Over the last year I've been sharing a framework and mindset for how to perform an investigation as an analyst during Incident Response.
I hope this serves as a great introduction to ADAPT, more to come!
chocolatecoat4n6.com/2025/11/30/l...
#DFIR #InfoSec #incidentresponse
Over the last year I've been sharing a framework and mindset for how to perform an investigation as an analyst during Incident Response.
I hope this serves as a great introduction to ADAPT, more to come!
chocolatecoat4n6.com/2025/11/30/l...
#DFIR #InfoSec #incidentresponse
Think you know Cisco Talos Incident Response? Join us over the next few weeks to bust some common myths about our services. First up...
Appreciate folks tuning in or attending my talk for Wild West Hackin' Fest, if you are interested in the slides I have them here below
github.com/chocolatecoa...
Cannot wait to present at this con, hoping to meet up with a few of y’all
A digital illustration showing a computer screen displaying flames, with orange smoke puffing out from a fire extinguisher aimed at it. Warning icons like a bug, shield, and virus surround the flames, symbolizing cybersecurity threats.
When a cybersecurity crisis strikes, Cisco Talos Incident Response transforms chaos into control. Read our latest blog for a behind-the-scenes look at what happens when you engage our team: cs.co/63324AZeIQ
After wayyyy too long. I've updated my DF/IR templates for documentation. I've added fictional examples within the docs so you can see a good reference and how it's intended.
github.com/chocolatecoa...
Would love for anyone interested to join us and hear about what we’re doing out here!
Hope you all can make my talk at @blueteamcon.com! Super excited to be able to talk all about investigation!
Finally got around to writing another post, appreciate all the views!
Why Learning Through Books is Key in Cybersecurity
📚 Types of Books
☯️ The Tao of Books
🏫 Other Sources of Information
chocolatecoat4n6.com/2025/04/09/w...
#DFIR #CyberSecurity #books #infosec
Cisco Talos’ 2024 Year in Review is available now! With visibility into more than 886 billion security events per day, the report features our key insights. Read the full report here: http://cs.co/63320FzuMG
By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.
My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.
Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...
From threat hunting, detection building, vulnerability discoveries and incident response, Cisco Talos shows up every day to try and make the internet a safer place. Watch our full overview here: http://cs.co/633280m3rs
Pro tip: set your logs to be all UTC. This will save your forensic analyst (who bills by the hour) the trouble of having to convert timestamps (and even figuring out which timestamps are in which TZ).
It also keeps them ordered correctly when forwarded to a SIEM, especially from multiple TZ's.
Check out all the great work our team puts together from real life investigations
No, I don't need a bloody copilot for this document, thank you.
Writing is, in no small part, a tool for thinking. If you outsource that element to a machine that cannot think, you shouldn't be surprised if, at the end of the process, neither you nor your reader are any the wiser.
DF/IR tools: amazing at everything, except making decisions, solving cases, and doing your job for you. brettshavers.com/brett-s-blog... #DFIR
tip from an incident responder:
take care of your mental and have a meditative habit. You can be at peace while chaos reigns.
I love yoga, I know some who enjoy painting, lock picking, metalcrafting, create something, do something.
love the world around you by loving yourself.
Prioritizing yourself will help you help others.
I always feel like that’s hard to accept during the chaos, especially in IR
Reminder for the new year and setting goals.
Underpromise, overdeliver
youtu.be/NpXGExhR3D4?...
For anyone who’s curious about my latest talk at #misecCon
youtu.be/rg-mRLEoaII?...
