Hunting Linux threats in sunny San Diego? 🌴🐚 I’m running #FOR577 LINUX Incident Response & Threat Hunting at #SANSSecWest 2026 in May with — hands-on labs, real-world IR, and threat hunting to level up your Linux DFIR game on the world’s favorite server OS. www.sans.org/cyber-securi...
2 more days to get the early-bird discount for one of my all-time favorite conferences, #SANS #DFIRCON in Miami in Nov. There are a bunch of hands-on workshops on Sun, 16 Nov, lots of evening events during the week #FOR577 my last in 2025. Reg here: www.sans.org/cyber-securi...
Linux touches every part of our networks. Our routers, switches, and firewalls likely run some flavor of Linux or Unix. Join me in London in July for the newly updated #SANS #FOR577 where we'll learn how to investigate attacks on Linux systems. www.sans.org/cyber-securi...
Join me in one of my favorite places for the updated FOR577. Now, with more BTRFS, more rootkits, and more Linux attacks. #FOR577 #SANSSecWest
In just over five and a half hours, there will be a new batch of #Linux incident response coin winners at #SANSLondon. After 5 days on #FOR577, they now face the capstone challenge, and the winners get the coin. #DFIR
I just posted a Handler's Diary, I've released a python script to find Linux files with the immutable bit set. #FOR577 @sansisc.bsky.social #SANSDFIR isc.sans.edu/diary/New+to...
I have a bit of sad news - the #FOR577 class scheduled for Munich in March has been cancelled.
I appreciate it is 4 months away so some people might have been planning to attend but not yet booked. If this is the case, please reach out to SANS and see if is possible to get it relisted.
It's the final countdown here at #DFIRCON Miami as #FOR577 comes to an end!
In a few minutes, the teams will present their evidence, and the best team will win the coveted lethal forensicator coin!
#dfir #cybersecurity
It's a gorgeous morning here in Miami as we get ready to start the last day of #FOR577 at #DFIRCON.
The good news is that I *think* we will be coming back here in 2025! If you have ideas for hands-on workshops or want to do awesome #infosec training, keep checking in with SANS for details.
In #FOR577 today, we are talking about issues trying to read auditd logs when you dont have access to good tools.
Although there is no one-size-fits-all solution, I've found that deploying an Elastic docker container and ingesting data really speeds things up.
www.linkedin.com/pulse/linux-...
Classroom photo taken 35 minutes before the start of class.
Class starting to fill up early, ahead of Day 3 of #FOR577, here at #DFIRCON Miami.
Today starts with the FHS and how we can threat hunt it, then moves to the magic of logs and the journal.
#Linux #infosec ##cybersecurity #dfir
It's a sunny start to day 2 of #FOR577 here at #SANSMiami! There are lots of exciting things to cover, and then tonight, I'm giving a keynote on "AI enhanced IR." (Spoiler, we can't really trust it, but it might be useful...)
It's going to be a great day!
#infosec #potatosecurity
Photo of the pool area at the Hyatt Hotel, Coral Gables, Miami.
It's a sunny start to day 2 of #FOR577 here at #SANSMiami! There are lots of exciting things to cover, and then tonight, I'm giving a keynote on "AI enhanced IR." (Spoiler, we can't really trust it, but it might be useful...)
It's going to be a great day!
#infosec #cybersecurity
Ten minutes until the start of #FOR577, the Linux IR course, here in sunny Miami!
Super excited to get into the training week after a fantastic #DFIRCon yesterday.
#infosec #cybersecurity
