Profile avatar
dwmetz.bsky.social
#DFIR @ Magnet Forensics Blog @ BakerStreetForensics.com Opinions are my own (who else would have them)
46 posts 142 followers 237 following
Regular Contributor
Active Commenter
Posts 28 Comments 22

MalChela Updates.. šŸ¦€ Itā€™s been a busy week. #DFIR #Rust #MalwareAnalysis bakerstreetforensics.com/2025/03/13/m...

submitted 5 days ago ā€¢ 0 comments

For fun I decided to run mStrings against an old WannaCry sample. Network IOC results were spot on! github.com/dwmetz/MalCh... #DFIR #MalwareAnalysis #Rust #MalChela

submitted 6 days ago ā€¢ 0 comments

Added a function to MalChela to check for available updates. But you have to update first before the update function works. šŸ¤£ #MalwareAnalysis #Rust #DFIR

submitted 9 days ago ā€¢ 1 comment

Iā€™ve launched a new tool as part of Malchela, mStrings. It analyzes a file using Sigma rules defined in YAML, extracts strings and uses regular expressions to evaluate threats and align to MITRE ATT&CK techniques. #DFIR #MITRE #Sigma #MalwareAnalysis #Rust bakerstreetforensics.com/2025/03/09/m...

submitted 9 days ago ā€¢ 0 comments

Introducing MalChela. A YARA and Malware Analysis utility written in Rust. #DFIR #MalwareAnalysis #YARA #Hashing

submitted 15 days ago ā€¢ 0 comments

Seeing these scrips run brings me joy. #DFIR #MalwareAnalysis #Python #YARA

submitted 17 days ago ā€¢ 0 comments

Creating custom hash sets with YARA andĀ Python I don't like to brag, he said, but you should see the size of my malware library. For a recent project, I wanted to produce a hash set for all the malware files in my repository. Included in the library are malware samples for Windows and otherā€¦

submitted 17 days ago ā€¢ 0 comments

Exploring Magnet Virtual Summit 2025 CTF Challenges, Part IIĀ (Windows) This is part II of this series; for part I see Exploring Magnet Virtual Summit 2025 CTF Challenges (iOS). If we jump into Axiom and head to the User Accounts, we can see that the SID for chick isā€¦

submitted 19 days ago ā€¢ 0 comments

Exploring Magnet Virtual Summit 2025 CTF ChallengesĀ (iOS) A couple weeks ago, I participated in the Magnet Virtual Summit 2025 CTF (Capture the Flag). While I don't think I will ever see a day where I win one of these, (speed is not my forte), I enjoyed working through a good number of theā€¦

submitted 22 days ago ā€¢ 0 comments

Overwhelming case load? A never ending queue of incidents? Need to reboot your mental health? Come join me at the Magnet Virtual Summit as I bring together two of my passions, Zen & the Art of Digital Forensics: Enhancing Insight Through Mindfulness. magnetvirtualsummit.com #DFIR #Zen

submitted 34 days ago ā€¢ 0 comments

I was in a store this afternoon and after checking out one of the young men working there said ā€œIā€™m sorry if this isnā€™t appropriate to say butā€ (as I waited with intrigue before he continued ) ā€œyou look like you make a really good Dungeon Master.ā€

submitted 36 days ago ā€¢ 1 comment

#MagnetVirtualSummit starts in one hour! Join Jad Saliba & Braden Thomas as they address the tipping point of #DFIR in their keynote address: ow.ly/o2GR50UVWJi #MVS2025

submitted 36 days ago ā€¢ 0 comments

The 2025 Magnet Virtual Summit kicks off today. Keynote is at 9am followed by a whole bunch of great content. My presentation ā€œUnlocking DFIR: Free Tools for Triage and Acquisitionā€ will be live at 1pm. Hope to see you there! #DFIR #InvestigativeEdge magnetvirtualsummit.com

submitted 36 days ago ā€¢ 0 comments

#MVS2025 kicks off Monday! Be sure to save your spot for our keynote presentations, starting at 9:30AM ET with Magnet leadership and then we'll have Kevin Mulcahy up at 9:30AM ET. Then join us for our #CTF workshop and a new #MobileUnpacked: ow.ly/pM2n50UVLME #DFIR

submitted 39 days ago ā€¢ 0 comments

bakerstreetforensics.com/2025/01/31/u... #DFIR #zen #Mindfulness #Forensics

submitted 44 days ago ā€¢ 0 comments

I spent the better part of two and a half days building this wonderful #DnD #Lego set. At close to 3800 pieces itā€™s the largest Iā€™ve done in a long time. The Beholder and the dragon are my favorites from the set. Next phaseā€¦ LIGHTING.

submitted 78 days ago ā€¢ 1 comment

Iā€™ve taken a couple of Chrisā€™s classes and theyā€™re all top-notch. Even if you donā€™t win, you get the benefit of having donated to a worthy charity so itā€™s a win-win.

submitted 89 days ago ā€¢ 0 comments

What a terrible tease. #Lego #Poe

submitted 92 days ago ā€¢ 0 comments

I recently attended a virtual lock-picking instruction seminar. While I spent several years doing social engineering and physical penetration tests, ((what seems like eons ago,)) I never got into the realm of lock-picking. I really had a fun time with it and think I may have picked up a new hobby.

submitted 93 days ago ā€¢ 2 comments

We are excited to announce that Medex, the trusted solution for authenticating media and countering manipulated content, is now part of the Magnet Forensics family! We are also pleased to share that Medex will now be known as #MagnetVerify. Learn more here: www.magnetforensics.com/blog/introdu...

submitted 99 days ago ā€¢ 0 comments

Itā€™s been chilly in the office so I brought in the electric fireplace. Someone wasted no time in taking advantage of the coziness.

submitted 102 days ago ā€¢ 0 comments

Created a new repo to publish my MITRE ATT&CK mappings for when reports don't have a section on TTPs, hopefully useful for other defenders working on detection engineering & threat hunting. github.com/BushidoUK/MI...

submitted 105 days ago ā€¢ 2 comments

In this episode of #MobileMinute we walk through how to pull the vital information that you may need off of a mobile device for your investigation. #DFIR #MobileForensics #DigitalForensics #DigitalEvidence #MagnetOne #MagnetAxiom #MagnetGraykey www.youtube.com/watch?v=tyyU...

submitted 105 days ago ā€¢ 0 comments

Today is #GivingTuesday! We're taking part by not only offering all profits from our #MagnetMerch Store to @childrescuecoalition, but by offering 10% on all orders with the code GIVE10. Start shopping at magnetmerchandise.com.

submitted 105 days ago ā€¢ 0 comments

Yesterday I got tagged about generating a "I've moved to Bluesky" banner for Twitter. Well I've built it šŸ˜‚ Just enter your handle, and we'll generate the banner for you: blueskydirectory.com/moved-to-blu... Thanks to @justinjackson.ca for original idea and @chadtimbl.in for the banner I used!

submitted 108 days ago ā€¢ 33 comments

Helpful hotlines today: 1-800-BUTTERBALL - for your Turkey 1-800-662-3263 (Ocean Spray hotline) - for your cranberry sauce 1-800-CALLFBI - for your annoying insurrectionist cousin Happy Thanksgiving.

submitted 110 days ago ā€¢ 994 comments

In my opinion, the most important characteristic for successful #DFIR practitioners is an unyielding sense of curiosity. Every examination is an opportunity to learn something new or develop existing skills further.

submitted 115 days ago ā€¢ 1 comment

Russian spiesā€”likely Russia's GRU intelligence agencyā€”used a new trick to hack a victim in Washington, DC: They remotely infected another network in a building across the street, hijacked a laptop there, then breached the target organization via its Wifi. www.wired.com/story/russia...

submitted 116 days ago ā€¢ 14 comments