Markus

Analyst I: Core Forensic Track Enrollment - Blue Cape Security Elevate your DFIR skills in our 3-part workshop series. Get hands-on with real-world scenarios from cybersecurity basics to advanced forensic analysis.

Dropped our Practical Windows Forensic Analyst cert! 🔥👀

bluecapesecurity.com/pwfa

Is this still on?

Practice - Blue Cape Security Enrollment now open: FOR200 Investigation Scenarios Limited Time Offer: 20% OFF FOR200 and HERO BundleCode: START200 — Ends May 23 PRACTICE Hands-On, RealisticInvestigation Scenarios Apply your skills...

Just dropped: Our hands-on Windows Forensics investigation scenarios are live! 🔍

-> 20% OFF with code START200

bluecapesecurity.com/practice/#FO...

Enjoy!

We just released a course that embodies our core principles: learn + practice + assess > and it’s free!

DFIR Foundations and Techniques: Professional Skills and Readiness

=> For SecOps and DFIR professionals

Full course: tinyurl.com/mu77u3ab
Youtube playlist: tinyurl.com/2s3n7nfx

#dfir #secops

Still reminiscing about the incredible time at @wildwesthackinfest.bsky.social last week and now counting down to IntelliCon next week in Austin! If you haven’t grabbed your ticket yet, there’s still time: www.intelliguards.com/event-detail...

Final modules for our 301 Enterprise DFIR course have been uploaded. What a journey after developing, analyzing and recording all the materials over many months of work!

I'm excited about the course and also looking forward to head to the WWHF conference next week. Reach out if you are there!

Course and Programs | Individual Training - Blue Cape Security Practical Cybersecurity Training Built for Real-World Investigations Hands-On, Scenario-Based Training to Master Cyber Threats and Elevate Your Career training roadmap on-demand courses Our courses in...

Proud to present our brand new training page and offering for individuals @ Blue Cape Security:

- 301 Enterprise DFIR course launched

- HERO Bundle including 101 / 201 / 301 courses

- Blue Team Master Program is public again

bluecapesecurity.com/individual-t...

HMU for questions or feedback! 💙

Blue Cape Security on LinkedIn: #cybersecurity #bluecapesecurity #incidentresponse #dfirtraining… | 11 comments 🎉 Big Giveaway: Win our brand new HERO Bundle (101 / 201 / 301 courses)! Here’s how to enter: → Follow us here on LinkedIn (@BlueCapeSecurity) → Like this… | 11 comments on LinkedIn

We have a giveaway of our brand new course bundle over at LinkedIn for those interested: www.linkedin.com/posts/blueca...

Only 2 more days!

Lots of great things coming next week! 301 Enterprise DFIR course - Launch Party with a special guest, new course bundles and more!

Live Stream: youtube.com/live/MgG_pT1...

Zoom bug: discussions.apple.com/thread/25588...

Since enabling Apple Intelligence an uncontrollable amount of notifications keep popping up (e.g. continuously when I'm screen sharing on Zoom). It doesn't seem they've gotten much smarter navigating me to my webinars either..

Logo for Notion Incident Management System (NIMS)

🚀 Excited to announce the alpha release of NIMS - a Notion-based Incident Management System!

Designed for SOC/IR teams, NIMS helps streamline incident management and collaboration using Notion's powerful database features.

#InfoSec #DFIR #IncidentResponse #SecOps #Notion

CrowdStrike Services Releases Free Incident Response Tracker This blog post provides an overview of the newly released CrowdStrike Incident Response Tracker and how it is leveraged by our experts on the front lines.

How do you track DFIR timelines and findings? There doesn't seem to be a one size fits all solution in the industry.

Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...

Sounds interesting. Just subscribed and looking forward to listen to it!

The best conference in the industry is only 1 month away 🤠

I'll be teaching the 2-day Ransomware Attack Simulation and Investigation for Blue Teamers workshop with in-person and virtual seats available!

I’m looking forward to reconnecting with old friends and making new ones at this amazing event!

Blue Cape Security on LinkedIn: Elevate Your DFIR Skills: Deeper Insights and Practical Applications |… 🔍 Perform your own DFIR investigation - Suspicious File Download Incident Our Security Operations Center (SOC) detected that the employee Alice downloaded a…

Good question - here is the more detailed description of the case: www.linkedin.com/posts/blueca...

Elevate Your DFIR Skills: Deeper Insights and Practical Applications - Blue Cape Security

For those looking to practice a realistic #DFIR scenario, here is a free case for you to investigate.

Provided artifacts:
- Disk Triage Collection
- Memory Image + pagefile.sys:
- PCAP File

Link: bluecapesecurity.com/courses/elev...

AWS: Welcome back! Your t2.xlarge EC2's have been running happily over the holidays 🥲

Practical Windows Forensics - Cheat sheet 💙

Full PDF version: github.com/bluecapesecu...

Looking forward to present our maturity model tomorrow live! Finally visualized the way how we do trainings for teams and individuals.

Link: bluecapesecurity.com/register

Microsoft incident data sets. Haven’t had a chance to test this, but certainly looks interesting.
www.kaggle.com/datasets/Mic...

Welcome! You are invited to join a webinar: Blue Cape Security DFIR Training Roadmap for Cybersecurity Professionals. After registering, you will receive a confirmation email about joining the webinar... Join Markus Schober, CEO of Blue Cape Security, for a 45-minute Live webinar on December 19th at 1:00 PM ET / 10:00 AM PT. This session will introduce the Blue Cape Security DFIR Training Roadmap—a pr...

Oh hey we have a webinar coming up next week!

-> Thursday, December 19th

I'll be sharing our DFIR Training Roadmap that we've been working on since the beginnings of Blue Cape Security (which is more than 2 years now) 🥹

us06web.zoom.us/webinar/regi...

Was just planning on releasing a new DFIR course module on log analysis, but I just uploaded:

2+ hours video
11 Splunk hands-on labs (with over 30 queries)
2 Sigma hands-on labs

Why do these things always get out of hand?

Oh and of course the converter engine: sigconverter.io

#sigmahq

Currently working on a course module using Sigma detection rules. A few resources I came across and didn't know about previously were:

- Sigma rule search engine: sigmasearchengine.com
- Sigma VSC plugin: marketplace.visualstudio.com/items?itemNa...

Making Sigma rule creation much more fun :)

Any one have any recommendations for video cutting tools? Just for effective cutting of recorded videos for courses. Wondershare Filmora is pretty good, but always curious about what else is out there.

There's much to unpack, but the key issue is big corporations dodging taxes, which leads to an unfair contribution to society. Employees cover the system, while corporations exploit tax loopholes and government resources, yet offer none or poor healthcare amongst other things in favor of profits.

Revolutionizing Security Operations: The Path Toward AI-Augmented SOCs Exploring the processes, challenges, solutions, and path toward a future of AI-Augmented Security Operations Centers (SOC)

Revolutionizing Security Operations: The Path Toward AI-Augmented SOCs open.substack.com/pub/software...

Highly recommend this post to get a grasp on how AI is transforming security operations.

Available Artifacts - Evidence of Execution UPDATED 2024-12-04 UPDATED 2019-01-04 This week I have been working a case where I was required to identify users on a Windows Server 2003 system who had knowledge of, or had run, a particular unau...

A curated list of Windows execution artifacts - this is just awesome work by @harrisonamj.com!

blog.1234n6.com/available-ar...