Hunting Linux threats in sunny San Diego? 🌴🐚 I’m running #FOR577 LINUX Incident Response & Threat Hunting at #SANSSecWest 2026 in May with — hands-on labs, real-world IR, and threat hunting to level up your Linux DFIR game on the world’s favorite server OS. https://www.sans.org/cyber-security-training-events/security-west-2026

This came today #donorforlife

There are 2 more days to get the early-bird discount for one of my all-time favorite conferences, #SANS #DFIRCON in Miami in Nov. There are a bunch of hands-on workshops for in-person attendees on Sun, 16 Nov, DFIR Netwars, DFIR Bites, and networking opportunities in the evenings during the week, and I'll be sharing tools (including one I just released this week), tips, tricks, and lessons learned from my more than 40 years of Unix/Linux in #FOR577 (my last run of 2025). @sansforensics The registration link is easier to find on the FOR577 page than the DFIRCON page, sorry. https://www.sans.org/cyber-security-courses/linux-threat-hunting-incident-response

Join me in one of my favorite places for the updated FOR577. Now, with more BTRFS, more rootkits, and more Linux attacks. #FOR577 #SANSSecWest

I just posted a Handler's Diary, I've released a python script to find Linux files with the immutable bit set. #FOR577 @sans_isc #SANSDFIR https://isc.sans.edu/diary/New+tool+immutablepy/31598/

Looking for the newest Lethal Forensicators #SANS #FOR610 at DFIRCON

Another great class and 2 more brand new lethal forensicators! Congratulations Takuya and Ryo! #SANS #FOR610 #malware

Interested in learning #malware analysis Down Under? Join me as we bring SANS #FOR610 back to Sydney in September

Time to crown some new REM Masters in Singapore. Who will they be?