Rory's Avatar

Rory

@sleuthifer.bsky.social

// Digging through ya artifacts - DFIR // Running out of “It is what it is” // Dumpster Firefighter -> Preventer of Dumpster Fires @ Internal SecOps

52 Followers  |  184 Following  |  28 Posts  |  Joined: 13.11.2024  |  1.9196

Latest posts by sleuthifer.bsky.social on Bluesky

Preview
Backdooring Your Backdoors - Another $20 Domain, More Governments After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process...

Crack up read from the WATCHTOWR team, highly recommend for an educational giggle.

labs.watchtowr.com/more-governm...

09.01.2025 08:47 — 👍 0    🔁 0    💬 0    📌 0

😂

06.01.2025 20:44 — 👍 0    🔁 0    💬 0    📌 0
Be Kind, Rewind... The USN Journal
YouTube video by 13Cubed Be Kind, Rewind... The USN Journal

Happy New Year! 🎉🥳 The first 13Cubed episode of 2025 is here! Let's explore some groundbreaking research from CyberCX on “rewinding the NTFS USN Journal.” www.youtube.com/watch?v=GDc8... #DFIR

06.01.2025 12:36 — 👍 11    🔁 3    💬 0    📌 1
Post image

I made a windows #DFIR artifacts collection MindMap, it's tough to fit everything into a readable overview (might change later)

04.01.2025 23:50 — 👍 24    🔁 12    💬 1    📌 0
Post image 05.01.2025 06:39 — 👍 47    🔁 9    💬 1    📌 0

Agreed 😄 please refer to the “actually interesting to read content” part of that sentence.

04.01.2025 22:36 — 👍 0    🔁 0    💬 1    📌 0

Hey Harlan, are you using flat files for timelines or host analysis?

03.01.2025 23:22 — 👍 0    🔁 0    💬 1    📌 0
Preview
CrowdStrike Services Releases Free Incident Response Tracker This blog post provides an overview of the newly released CrowdStrike Incident Response Tracker and how it is leveraged by our experts on the front lines.

How do you track DFIR timelines and findings? There doesn't seem to be a one size fits all solution in the industry.

Most commonly used are still spreadsheets, where Crowdstrike actually released a pretty nice IR Tracker template a while ago: www.crowdstrike.com/en-us/blog/c...

03.01.2025 19:41 — 👍 6    🔁 5    💬 3    📌 0

OneNote or Microsoft Loop for triage and deeper dive host analysis 🕵️‍♂️

03.01.2025 20:59 — 👍 0    🔁 0    💬 0    📌 0

A slightly modified version of the CrowdStrike Excel Sheet. Aurora IR is an option but I prefer the excel imo

03.01.2025 20:56 — 👍 1    🔁 0    💬 1    📌 0
Post image

I jest 😂

03.01.2025 15:51 — 👍 0    🔁 0    💬 0    📌 0

Where about was this? Planning a surf trip 🌊 I’ve had penguins and seals in NZ but no dolphins… yet

30.12.2024 23:42 — 👍 2    🔁 0    💬 1    📌 0

So, the other day I started to whisper and my wife asked why I was whispering? I told her I didn't want Mark Zuckerberg to hear us.
I laughed.
My wife laughed.
Alexa laughed.
Siri laughed.

30.12.2024 11:11 — 👍 308    🔁 45    💬 7    📌 1
Preview
a soldier in a helmet sits in the snow ALT: a soldier in a helmet sits in the snow

Them Bastogne episodes hit different… I may need to join ya

30.12.2024 15:44 — 👍 1    🔁 0    💬 0    📌 0

Can’t beat a good ankle nut

29.12.2024 00:03 — 👍 1    🔁 0    💬 0    📌 0

What’s the suggested alternative in your opinion? Agreed Google sucks

28.12.2024 23:43 — 👍 0    🔁 0    💬 0    📌 0

Godspeed brave man 🙏

28.12.2024 23:39 — 👍 1    🔁 0    💬 0    📌 0
Post image

iykyk… 👀

20.12.2024 23:49 — 👍 0    🔁 0    💬 0    📌 0
Post image 20.12.2024 10:26 — 👍 199    🔁 170    💬 6    📌 10
Image of a variety of knives all labeled with a different type of material they are designed for cutting like Ham, Bread, Cheese, etc. At the bottom of the image is a light saber labeled "For people that don't use UTC for logging"

Image of a variety of knives all labeled with a different type of material they are designed for cutting like Ham, Bread, Cheese, etc. At the bottom of the image is a light saber labeled "For people that don't use UTC for logging"

#DFIR #DFIRHumor

16.12.2024 21:58 — 👍 60    🔁 7    💬 0    📌 1

Getting injected 💉

11.12.2024 22:31 — 👍 0    🔁 0    💬 0    📌 0
Preview
a cartoon character from south park is standing in front of a white board that says that 's right ALT: a cartoon character from south park is standing in front of a white board that says that 's right
10.12.2024 22:18 — 👍 2    🔁 0    💬 0    📌 0
Post image

Sir please! Some respect.

10.12.2024 13:16 — 👍 0    🔁 0    💬 0    📌 0
Preview
a man wearing a hat that says wayne reynolds sits at a table with other people ALT: a man wearing a hat that says wayne reynolds sits at a table with other people
09.12.2024 21:10 — 👍 1    🔁 0    💬 0    📌 0
Post image 09.12.2024 21:06 — 👍 1    🔁 0    💬 0    📌 0
Preview
Ojai Catching Flies, The West Green Quartet · Ojai · Song · 2024

open.spotify.com/track/25Ozqe...

Getting through ya Monday floating on a cloud listening to this 🌌

09.12.2024 11:33 — 👍 0    🔁 0    💬 0    📌 0
Post image

Pretty much 🍤

06.12.2024 18:26 — 👍 0    🔁 0    💬 0    📌 0

“Genshin Impact” has entered the chat…

27.11.2024 18:03 — 👍 1    🔁 0    💬 0    📌 0

That little countdown on 2FA apps stresses the shit out of me. I feel like I'm diffusing a bomb.

If it gets into the red, I just wait. I can't handle the stress.

26.11.2024 16:53 — 👍 1193    🔁 103    💬 90    📌 17

Tbh screw starter packs… this is the way

23.11.2024 20:34 — 👍 1    🔁 0    💬 0    📌 0

@sleuthifer is following 20 prominent accounts