@dlilja@infosec.exchange
113 Followers
104 Following
146 Posts

I'm the Bad Guys' Blue Nightmare.
Senior Theat Analyst @ Truesec.

For my other endeavors:
🎹 Composer and Music Producer 👨🏻‍🎤
(https://mastodon.social/@paleskinnyswede)
🎙️ Podcast Host (https://enlitenpoddomit.se)
📷 Photographer (https://vero.co/paleskinnyswede)

#infosec #cybersecurity #blueteam #purpleteam #threathunting #threatanalysis #threatintel #threatintelligence #soc #csirt #truesec

ThreatHunter Chronicleshttps://threathunter-chronicles.com
LinkedInhttps://www.linkedin.com/in/dlilja/
Truesechttps://www.truesec.com/experts/david-lilja
BlueSkyhttps://bsky.app/profile/paleskinnyswede.bsky.social
Swecybhttps://swecyb.com/@dlilja
     Jun 18

New blog post coming tomorrow (Thursday). After the success and almost viral post about Atomic Red Team, it’s time to use histograms to analyse data and find repetition and silence.

Here’s the Atomic Red Team post:
https://threathunter-chronicles.medium.com/logwatchers-zenit-02-simulating-attacks-with-atomic-red-team-d9071d42eaeb

#cybersecurity #threathunting #threatdetection #loganalysis #incidentresponse #mvpbuzz #blog

Logwatcher’s Zenit #02: Simulating Attacks with Atomic Red Team

At the summit of signal and noise lies the Logwatcher’s Zenit — a quiet place for analysts who squint at timestamps and whisper to correlation engines. Bring your coffee, leave your assumptions at…

Medium
     Jun 18
BleepingComputerJun 18

Microsoft has announced that it will soon update security defaults for all Microsoft 365 tenants to block access to SharePoint, OneDrive, and Office files via legacy authentication protocols.

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-to-block-file-access-via-legacy-auth-protocols-by-default/

Microsoft 365 to block file access via legacy auth protocols by default

Microsoft has announced that it will soon update security defaults for all Microsoft 365 tenants to block access to SharePoint, OneDrive, and Office files via legacy authentication protocols.

BleepingComputer
     Jun 6

Are you annoyed that the #Windows #Sandbox always starts in a bright and light mode even if your host is set to a dark theme?

Look no further. Here’s my Dirty Bit how to fix it. Forever. Or at least until Microsoft changes things around again.

https://threathunter-chronicles.medium.com/dirty-bits-01-dark-theme-sandbox-f517f00639a6

#blog #cybersecurity #darkmode #darktheme #mvpbuzz

Dirty Bit #01: Dark Theme Sandbox - ThreatHunter Chronicles - Medium

1. Edit your .wsb file and map a folder and add a command 2. Create a .cmd file with the dark theme command 3. Done The Dirty Bits category celebrates the unsung heroes of quick hacks, undocumented…

Medium
     May 29

New post in the Logwatcher's Zenit category has been published. It's the first part about how VS Code is a great tool for Cyberthreat Analysts. We're starting with key commands to speed up the workflow.

#threathunter #threathunting #threatanalysis #cybersecurity #blog

https://threathunter-chronicles.medium.com/logwatchers-zenit-01-vs-code-for-analysts-part-1-b7ead9123ed9

Logwatcher’s Zenit #01: VS Code for Analysts, part 1

At the summit of signal and noise lies the Logwatcher’s Zenit — a quiet place for analysts who squint at timestamps and whisper to correlation engines. This category explores log analysis, data…

Medium
     May 28
Odd_JayyMay 28
Finally, I took some decent family photos
     May 28

My first post is up on my new blog, ThreatHunter Chronicles. It mainly just describes what I want to publish on the blog and what you can expect.

The first post in the Logwatcher’s Zenit category is scheduled at 10am CEST tomorrow (29th of May).

https://medium.com/@threathunter-chronicles

#cybersecurity #threathunting #blog

ThreatHunter Chronicles – Medium

Read writing from ThreatHunter Chronicles on Medium. Cybersecurity and Threat Hunting Nerd. Microsoft MVP. Sharing knowledge and ideas when it comes to data parsing and investigation. Logs don't lie.

Medium
     Feb 14

I’m staring at a scam. I didn’t fall for it, but I see others who have.

I’ve got a high pulse and I’m almost shaking. I’m pissed, but I’m also fueled and determined to take their site down and get their LinkedIn account blocked.

Does anyone here work for #linkedin ? I’d like to chat and share my research.

#security #scammers #conference #scam

     Jan 23

Great talk about cryptojacking by @ScottHelme at the NDC { Security } conference.

#ndcsecurity

     Jan 22

I’m at NDC {Security} in Oslo and will give a talk about attacks we’ve detected and mitigated in our SOC, the @truesec #MDR service. I’ll also lightly bash AI, mostly because I love using AI and I hope Skynet won’t kill me when it’s active.

There’s snow here! ❄️☃️

#ndcsecurity #lifeattruesec

     Jul 3, 2024

It finally happened. I've just become a Microsoft MVP in Security for SIEM & XDR.

I'm humbled and proud.

#MVPBuzz #MicrosoftMVP #MicrosoftSecurity