toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

275
active users

#dfir

6 posts6 participants0 posts today

🚀 Kunai Sandbox is now live! 🚀

Curious about Kunai? Want to analyze Linux malware logs? Or share malware analysis to build detection rules? Kunai Sandbox has you covered! 🛡️

🔍 Check out what Kunai can do:
✅ Explore Kunai's log structure without running it locally
✅ Analyze logs generated by Linux malware
✅ Share malware analysis with others to build detection rules

🔗 See an example analysis of the perfctl #linux #malware: sandbox.kunai.rocks/analysis/5

"The remote endpoints it attempted to contact included several TryCloudflare domains as well as direct IP addresses.

The logic would rotate through the various servers until an online host was found. The malware in this case took 15 minutes to establish a successful connection to an online endpoint at hxxp://bristol-weed-martin-know[.]trycloudflare[.]com/init1234."

➡️ The above is from a recent Private Threat Brief: "Interlock-Linked Threat Actor Gains Access via Fake Teams ClickFix Lure"

➡️➡️Interested in receiving reports like this one? Contact us for a demo or pricing - thedfirreport.com/contact/

Only one week left to register for our next Cyberside Chats Live event! Join us June 11th to discuss what happens when an AI refuses to shut down—or worse, starts blackmailing users to stay online?

These aren’t science fiction scenarios. We’ll dig into two real-world incidents, including a case where OpenAI’s newest model bypassed shutdown scripts and another where Anthropic’s Claude Opus 4 generated blackmail threats in an alarming display of self-preservation.

Join us as we unpack:
▪ What “high-agency behavior” means in cutting-edge AI
▪ How API access can expose unpredictable and dangerous model actions
▪ Why these findings matter now for security teams
▪ What it all means for incident response and digital trust

Stick around for a live Q&A with LMG Security’s experts @sherridavidoff and @MDurrin. This session will challenge the way you think about AI risk!

Register today: lmgsecurity.com/event/cybersid

june25 cyberside chats live!
LMG SecurityCyberside Chats: Live! When AI Goes Rogue: Blackmail, Shutdowns, and the Rise of High-Agency Machines | LMG SecurityIn this quick, high-impact session, we’ll dive into the top three cybersecurity priorities every leader should focus on. From integrating AI into your defenses to tackling deepfake threats and tightening third-party risk management, this discussion will arm you with the insights you need to stay secure in the year ahead.

CIRCL - Virtual Summer School (VSS) 2025

From 7 July to 18 July 2025, CIRCL will host a two-week online training event featuring hands-on sessions on various tools developed and maintained by CIRCL, as well as training in digital forensics and incident response (DFIR) techniques.

#opensource #dfir #training #cybersecurity #threatintelligence

@ail_project
@misp
@vulnerability_lookup
@gcve

🔗 circl.lu/pub/vss-2025/

www.circl.luCIRCL » CIRCL - Virtual Summer School (VSS) 2025CIRCL - Virtual Summer School (VSS) 2025

New Open-Source Tool Spotlight 🚨🚨🚨

Cortex by TheHive Project is a powerful open-source engine for observable analysis and active response. Supporting integration with MISP & TheHive, it offers 39+ analyzers to streamline DFIR tasks. Built using Scala, AngularJS, and Python for scalability. #CyberSecurity #DFIR

🔗 Project link on #GitHub 👉 github.com/TheHive-Project/Cor

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

How do hackers break into your network? Find out from the pros who do it every day!

In this week’s Cyberside Chats, @tompohl, head of penetration testing at LMG Security, joins @sherridavidoff to reveal how his team gains domain admin access in over 90% of tests.

From outdated Active Directory settings to risky legacy protocols, this episode is packed with real-world insights to help you reduce your organization’s risk. We’ll share:

✅ The hidden vulnerabilities attackers love
✅ Tips to harden your infrastructure
✅ What penetration testers see that most defenders miss

🎥 Watch the full episode: youtu.be/VEeWkVBDDP8
🎧 Prefer audio? Listen to the podcast: chatcyberside.com/e/unveiling-

🎓 Cybersecurity Students — This One’s for You! 🕵️‍♀️💻

We're giving away a limited number of FREE entry passes to our CTF competition happening this Saturday, June 7, 16:30 – 20:30 UTC! 🔥

💥 A great opportunity to test your skills, learn, and compete with others in the infosec community.

👩‍🏫 Professors/Teachers: Have interested students? DM us or get in touch!
🙋‍♂️ Students: Drop a comment below for a chance to win free entry!

🔗 Register Here - dfirlabs.thedfirreport.com/ctf

dfirlabs.thedfirreport.comDFIR Labs - Capture The Flag

🚀 New Blog Post: Kunai vs io_uring (why.kunai.rocks/blog/kunai-vs-) 🚀

💡 Ever wondered how io_uring revolutionizes I/O operations in the Linux kernel? Inspired by Armo's blog post (armosec.io/blog/io_uring-rootk) about a PoC rootkit using io_uring, we explored this feature's security implications and how tools like Kunai can monitor these operations.

🔍 Key Takeaways:
🔹 io_uring boosts I/O performance by reducing system call overhead and enabling asynchronous operations
🔹 Security tools struggle to monitor io_uring due to its unique handling of operations
🔹 Kunai now provides visibility into io_uring operations, though blocking malicious activities remains challenging
🔹 Recent kernel versions have introduced auditing and security controls for io_uring, but these are still limited

📖 Read more: why.kunai.rocks/blog/kunai-vs-

why.kunai.rocks · Kunai vs io_uring | KunaiIntroduction

Remembering the forensics and accident reconstruction experts testifying in the Karen Read trial is going to run 24/7 in my head if I ever have to testify again.

"Answer the question posed"
"Do not offer additional response"
"I don't know is a full answer"
"Do not be arrogant, seriously, don't"

Mini Digital Forensic Diaries story: got sent to a university in London to investigate a case where a student, who bragged of hacker prowess openly, was suspected of introducing malware to a machine and stealing a lecturers password.

“We don’t know how, but we know they logged into the account, and sent emails - and this is the only machine the lecturer uses,” came the brief.

Imaged the machine suspected of being targeted.

While giving the lecturer their laptop back post imaging I observed, via projector, the lecturer entering in their password to the username field on the login screen.

“Whoops, I’m always doing that - at least this time it wasn’t in front of the students,” they said.

Sure enough, there was no evidence of anything untoward on the laptop, but I had a good theory as to what may have occurred.

Check out more, less mini, stories like this at infosecdiaries.com.

Infosec DiariesInfosec DiariesLearn Pen Testing, Blue Teaming and Digital Forensics

We are pleased to announce the official publication of new and updated Neolea training materials. The Neolea initiative is dedicated to providing high-quality, open-source educational resources designed to assist law enforcement agencies (and others) in enhancing their digital forensic and investigative capabilities.

🔗 misp-lea.org/news/2025/05/30/N
🔗 github.com/neolea/neolea-train

Information Sharing for Law Enforcement · Announcing Updated Neolea Training Materials for Law EnforcementAnnouncing Updated Neolea Training Materials for Law Enforcement

"Analysis of command-line activity reveals the threat actor’s use of specific PowerShell cmdlets for discovering and interacting with virtual machines. They initiated powershell.exe with the -ExecutionPolicy Bypass flag to execute sequences such as Get-VM for VM enumeration, followed by Get-VHD to identify associated virtual disk files.

The pipeline further extended to Get-DiskImage -ImagePath $_.Path and Dismount-DiskImage, suggesting a process of accessing and then unlinking VHD contents. Commands to halt virtual machine operations (Get-VM | Stop-VM) were also noted as."

Report: thedfirreport.com/2025/05/19/a

Interested in receiving private reports similar to this report? Contact us for pricing - thedfirreport.com/contact/

#cti#dfir#BlueTeam