Advertisement · 728 × 90

Posts by ChocolateCoat

Analysis Without Paralysis: Mastering the Art of Investigation – CypherCon

Extremely excited to announce I will be presenting at CypherCon in Milwaukee, WI in just a few days! Hoping to see some of you there and would be honored if you attend my talk. I will be talking through the ADAPT framework and investigation steps to use within DF/IR.

cyphercon.com/speaker/anal...

1 month ago 1 0 0 0
Post image

📣 This morning at 10AM CT on Blue Team Con Online - @chocolatecoat4n6.com presents a primer on the art of investigation, helping you identify and mitigate cybersecurity threats.

Join on YouTube: btcon.link/youtube
Join on Twitch: btcon.link/twitch

1 month ago 3 1 0 0

I know it’s not perfect, but I hope this provides the community something to work from, based on my years of IR experience. I am always open to feedback, changes or even something that might just need to be removed. If you try it out, I’d love to get your thoughts!

2 months ago 0 0 0 0

I’ve always felt like there was a gap to teach analysts how to investigate no matter the evidence. No scenario specific playbook, no AI, no limited workflow only intended for niche evidence and no marketing wording that is difficult to interpret when the stress is on.

2 months ago 0 0 1 0
Preview
Presenting the ADAPT framework: Investigation and Analysis without Paralysis Purpose: A way for technical investigators to systematically organize their thoughts for effective analysis while maintaining perfect notes that can easily be transitioned into a report or debrief.…

After years of experience, trial & error and research, I finally put together my framework for analysts (IR , SOC, IT, if you investigated technical data this is for you).

🐙 ADAPT (Approach, Discovery, Association, Profile, Timeline)

chocolatecoat4n6.com/2026/01/23/p...

#DFIR #Cybersecurity

2 months ago 0 0 1 0
White text reading "HUMANS OF TALOS" on a navy background, with the Cisco Talos logo beneath and orange and purple chat boxes around the title.

White text reading "HUMANS OF TALOS" on a navy background, with the Cisco Talos logo beneath and orange and purple chat boxes around the title.

Terryn Valikodath never imagined that a childhood jailbreaking iPhones and exploring criminal forensics would land him in incident response. Hear him recount the journey in our latest episode: cs.co/63324Cxnam

3 months ago 1 1 0 0
Video

Put your cyber skills to the test with Talos’ 12 Days of Malware, featuring insights from Talos-driven research published throughout the year. Try to guess the threat actor or tool in as few clues as possible, and share how you did in the comments below: blog.talosintelligence.com/salt-typhoon...

4 months ago 3 2 0 0
Preview
Learning to ADAPT | Framework for analyzing any evidence in IR I did a few talks covering “Analysis without Paralysis” over the past year, and every time I finished I immediately thought I need to get this documented. Well, today I’ve taken t…

Over the last year I've been sharing a framework and mindset for how to perform an investigation as an analyst during Incident Response.

I hope this serves as a great introduction to ADAPT, more to come!

chocolatecoat4n6.com/2025/11/30/l...

#DFIR #InfoSec #incidentresponse

4 months ago 1 2 0 0
Advertisement
Preview
Learning to ADAPT | Framework for analyzing any evidence in IR I did a few talks covering “Analysis without Paralysis” over the past year, and every time I finished I immediately thought I need to get this documented. Well, today I’ve taken t…

Over the last year I've been sharing a framework and mindset for how to perform an investigation as an analyst during Incident Response.

I hope this serves as a great introduction to ADAPT, more to come!

chocolatecoat4n6.com/2025/11/30/l...

#DFIR #InfoSec #incidentresponse

4 months ago 1 2 0 0
Post image

Think you know Cisco Talos Incident Response? Join us over the next few weeks to bust some common myths about our services. First up...

6 months ago 1 1 1 0

Appreciate folks tuning in or attending my talk for Wild West Hackin' Fest, if you are interested in the slides I have them here below

github.com/chocolatecoa...

6 months ago 0 0 0 0

Cannot wait to present at this con, hoping to meet up with a few of y’all

6 months ago 1 0 0 0
A digital illustration showing a computer screen displaying flames, with orange smoke puffing out from a fire extinguisher aimed at it. Warning icons like a bug, shield, and virus surround the flames, symbolizing cybersecurity threats.

A digital illustration showing a computer screen displaying flames, with orange smoke puffing out from a fire extinguisher aimed at it. Warning icons like a bug, shield, and virus surround the flames, symbolizing cybersecurity threats.

When a cybersecurity crisis strikes, Cisco Talos Incident Response transforms chaos into control. Read our latest blog for a behind-the-scenes look at what happens when you engage our team: cs.co/63324AZeIQ

6 months ago 3 1 0 1
Post image Post image

After wayyyy too long. I've updated my DF/IR templates for documentation. I've added fictional examples within the docs so you can see a good reference and how it's intended.

github.com/chocolatecoa...

7 months ago 1 0 0 0

Would love for anyone interested to join us and hear about what we’re doing out here!

8 months ago 1 0 0 0
Advertisement

Hope you all can make my talk at @blueteamcon.com! Super excited to be able to talk all about investigation!

8 months ago 1 1 0 0

Finally got around to writing another post, appreciate all the views!

1 year ago 0 0 0 0
Preview
Why Learning Through Books is Key in Cybersecurity If you’re diving into cybersecurity, remember: you’re always learning! Books, despite some hesitations, are key to that journey. They offer depth and context, unlike quick online conten…

Why Learning Through Books is Key in Cybersecurity

📚 Types of Books
☯️ The Tao of Books
🏫 Other Sources of Information

chocolatecoat4n6.com/2025/04/09/w...

#DFIR #CyberSecurity #books #infosec

1 year ago 2 0 0 1
Video

Cisco Talos’ 2024 Year in Review is available now! With visibility into more than 886 billion security events per day, the report features our key insights. Read the full report here: http://cs.co/63320FzuMG

1 year ago 7 4 1 1
Post image

By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections.

My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees.

Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassi...

1 year ago 36 19 1 0
Video

From threat hunting, detection building, vulnerability discoveries and incident response, Cisco Talos shows up every day to try and make the internet a safer place. Watch our full overview here: http://cs.co/633280m3rs

1 year ago 6 3 0 1

Pro tip: set your logs to be all UTC. This will save your forensic analyst (who bills by the hour) the trouble of having to convert timestamps (and even figuring out which timestamps are in which TZ).

It also keeps them ordered correctly when forwarded to a SIEM, especially from multiple TZ's.

1 year ago 80 14 4 3
Advertisement

Check out all the great work our team puts together from real life investigations

1 year ago 1 1 0 0

No, I don't need a bloody copilot for this document, thank you.

Writing is, in no small part, a tool for thinking. If you outsource that element to a machine that cannot think, you shouldn't be surprised if, at the end of the process, neither you nor your reader are any the wiser.

1 year ago 13686 1966 327 164
Preview
The Human Element of DF/IR (YOU!) The clock is racing. A global breach is unraveling on one side of the room; millions siphoned in real-time, systems crashing, and reputations crumbling by the second. On the other, the unthinkable: a ...

DF/IR tools: amazing at everything, except making decisions, solving cases, and doing your job for you. brettshavers.com/brett-s-blog... #DFIR

1 year ago 3 1 1 0

tip from an incident responder:

take care of your mental and have a meditative habit. You can be at peace while chaos reigns.

I love yoga, I know some who enjoy painting, lock picking, metalcrafting, create something, do something.

love the world around you by loving yourself.

1 year ago 1 1 1 0

Prioritizing yourself will help you help others.

I always feel like that’s hard to accept during the chaos, especially in IR

1 year ago 1 0 1 0

Reminder for the new year and setting goals.

Underpromise, overdeliver

1 year ago 1 0 0 0
Demystifying the Digital Detective: Life of a DFIR Consultant
Demystifying the Digital Detective: Life of a DFIR Consultant YouTube video by #misec

youtu.be/NpXGExhR3D4?...

1 year ago 1 0 0 0
Analysis Without Paralysis
Analysis Without Paralysis YouTube video by #misec

For anyone who’s curious about my latest talk at #misecCon

youtu.be/rg-mRLEoaII?...

1 year ago 2 1 1 0