Hunting Linux threats in sunny San Diego? 🌴🐚 I’m running #FOR577 LINUX Incident Response & Threat Hunting at #SANSSecWest 2026 in May with — hands-on labs, real-world IR, and threat hunting to level up your Linux DFIR game on the world’s favorite server OS. https://www.sans.org/cyber-security-training-events/security-west-2026

There are 2 more days to get the early-bird discount for one of my all-time favorite conferences, #SANS #DFIRCON in Miami in Nov. There are a bunch of hands-on workshops for in-person attendees on Sun, 16 Nov, DFIR Netwars, DFIR Bites, and networking opportunities in the evenings during the week, and I'll be sharing tools (including one I just released this week), tips, tricks, and lessons learned from my more than 40 years of Unix/Linux in #FOR577 (my last run of 2025). @sansforensics The registration link is easier to find on the FOR577 page than the DFIRCON page, sorry. https://www.sans.org/cyber-security-courses/linux-threat-hunting-incident-response

Join me in one of my favorite places for the updated FOR577. Now, with more BTRFS, more rootkits, and more Linux attacks. #FOR577 #SANSSecWest

I just posted a Handler's Diary, I've released a python script to find Linux files with the immutable bit set. #FOR577 @sans_isc #SANSDFIR https://isc.sans.edu/diary/New+tool+immutablepy/31598/

I dropped a quick little tool today after some discussion on class today of the /proc filesystem and network connections #dfir #for577 https://isc.sans.edu/diary/New%20tool%3A%20le-hex-to-ip.py/30284