Think twice before getting verified on LinkedIn.

A big "thank you" to @thelocalstack for writing the article that I linked to in my LinkedIn post.

https://www.linkedin.com/posts/fifonetworks_think-twice-before-getting-verified-here-activity-7430392457802190850-C3zg?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAAjsiYBI0o_ashH2JWRKrR1AfF1QM-Bi54

After years of experience, trial & error and research, I finally put together my framework for analysts (IR, SOC, IT, if you investigated technical data this is for you).

🐙 ADAPT (Approach, Discovery, Association, Profile, Timeline)

 I’ve always felt like there was a gap to teach analysts how to investigate no matter the evidence. No scenario specific playbook, no AI, no limited workflow only intended for niche evidence and no marketing wording that is difficult to interpret when the stress is on. 

I know it’s not perfect, but I hope this provides the community something to work from, based on my years of IR experience. I am always open to feedback, changes or even something that might just need to be removed. If you try it out, I’d love to get your thoughts!

https://chocolatecoat4n6.com/2026/01/23/presenting-the-adapt-framework-investigation-and-analysis-without-paralysis/

#dfir #cybersecurity #infosec

I am declaring discourse bankruptcy.

I no longer want to know what’s trending. I don’t want to know who said what absolute nonsense. I have no opinion on the viral fuckery of the day.

If anyone needs me I’ll be buying an actual newspaper.

https://youtu.be/iR8885LBVqU

🚨 Incident Response
===================

Executive summary: The Windows Registry remains a primary source of forensic telemetry. The 2025 cheat sheet compiles core hives and the most commonly useful artifacts for DFIR practitioners, focusing on user activity, USB/device history and account-level data.

Technical details:
• Key hive files documented include NTUSER.DAT (user profile settings and activity), UsrClass.dat (per-user shell mappings), SAM (local account metadata and password hashes), and SYSTEM (system configuration and device history).
• Notable artifacts listed for NTUSER.DAT include UserAssist, RunMRU, OpenSaveMRU, OfficeMRU, LastVisitedMRU, RecentDocs, WordWheelQuery, TypedPaths, ShellBags, MountPoints2, and user-specific autorun entries.
• UsrClass.dat is highlighted for ShellBag and MUICache entries that help validate folder access and GUI program execution.
• SAM is noted for local account details (username, SID, creation/last logon times) and offline password hashes useful in credential recovery scenarios.
• SYSTEM is called out for ShimCache entries, Activity Moderator (BAM/DAM) artifacts, Windows Services configuration, MountedDevices, and Enum\USB\USBSTOR records (Vendor ID, Product ID, serial number, and first/last attach times).

Detection guidance (artifacts to search):
• Inspect UserAssist and RunMRU to reconstruct interactive program execution.
• Parse ShellBags and MountPoints2 for evidence of folder access and mounted media.
• Query Enum\USB\USBSTOR and MountedDevices within the SYSTEM hive for USB device timelines.

Investigation tips (from the source):
• Prioritize user vs. system hives depending on scope of inquiry.
• Correlate registry-derived timestamps with file system and event log timelines for validation.

Limitations:
• Artifact presence and completeness vary by OS version and user behaviour; not all entries prove execution — some indicate existence or access only.

🔹 registry #DFIR #windows #forensics

🔗 Source: https://www.cybertriage.com/blog/windows-registry-forensics-cheat-sheet-2025/

I prefer to post here about technology. Occasionally I'll mention something political here, but it's not typical for me. Today I wrote a long post on Facebook to explain why, a few days ago, I posted that supporting Trump is treason. As I wrote it, I was struck by the realization that I need to present the same "face" everywhere. So, for better or worse, here it is. My post on Facebook is here for you, too.

---

For the benefit of the few Republican friends I have left, here’s why I’m so strident in my opposition to what’s happening in our federal government during these recent months. I’ll start by telling you a story.

When I was in junior high and high school, we had courses in history, sociology, and government. I learned about World War II, the holocaust, and the rise of the Nazis to power in Germany. I learned about Anne Frank. I learned about dictators, and fascism, and how people could be arrested simply because of the things they said out loud.

Two things made the deepest impression on me.

1) The religious leaders were, for the most part, silent (at best) or active supporters (at worst). The major religious groups in Germany at the time were Lutheran, Reformed, and Catholic. Some of the pressure on the religious leaders came from the government, and some of it came from their own church members, many of them Nazis themselves. Religious leaders who openly opposed Hitler lost their jobs, their congregations, and, sometimes, their lives.

2) Merchants – ordinary shopkeepers – were also silent, even if they opposed Hitler. Speaking out about the evils of Hitler’s activities could lead to boycotts, or having your store burned down. You could be arrested and never seen again. Many business people preferred survival to protest.

As a teenager, I confidently told myself, “Not me!” I knew in my heart that I would have been a vocal critic of Hitler and the Nazi party. I knew that I would not be afraid. I would stand up for truth, righteousness, and the principles of my Lord and Savior, Jesus Christ.

Here’s the thing: I never, ever, thought that I would actually be put to the test.

Because, in school, I also learned about the three branches of government, our system of checks and balances, the power of the vote, freedom of speech, term limits, and the peaceful transfer of power. I was taught that gerrymandering was evil and that no ethical party would engage in such behavior today. I learned about conflicts of interest, and why leaders must not have financial interests that interfere with their impartiality when making and enforcing laws.

Today, in my lifetime, everything I learned was evil is being practiced by the current administration, and an entire political party is either endorsing it – or, like the shop owners and clergy in Nazi Germany – remaining silent.

So, here I am. I am put to the test.

Will I actively support a president of vile temper and evil intent who destroys the underpinnings of Western democracy? No. I will not.

Will I remain silent, so that I don’t lose the business of clients who may like the Republican party’s actions? No. I will not.

I will speak out, no matter the cost, no matter the consequences.

I am willing to lose the respect of friends, the love of relatives, the income from my clients. I am willing to be jobless, homeless, friendless.

I will speak out against the stench of the rot that has now corroded our democracy.

It’s time for a second story.

When I was a teenager, I worked at Shelby’s Market, a grocery store, in Buhl, Idaho. Later, it was sold to Smith’s Food King. I don’t know if that grocery store still exists, or what its name may be today, but here’s a story from when I was there in about 1971-72.

The head of the meat department was a journeyman meatcutter named Andy. I learned to cut and package quarters of beef under his tutelage. He sold three kinds of hamburger: ground beef, ground chuck, and ground round. But I faced a moral crisis. You see, all three kinds of hamburger were exactly the same. We put them on different trays, with different labels, and different prices. But the more expensive ground round was exactly the same as the less expensive ground beef.

One day, when it was time to do a run of ground beef, Andy assigned me to the labeling station. I said no. “I’ll do the grinding, I’ll do the packaging, but I won’t put the labels on, because the lie is in the label.”

I was removed from the meat department that day, and was permanently reassigned as a box boy. I expected to be fired, so I was elated that I still had a job.

This 70-year-old man still has the same values, principles, and tenacity of that 17-year-old boy.

This is why I wrote that supporting America’s current president is treason. I will face any loss of friendship or income. I will face any rejection, or hostility, or abandonment. I will not face the loss of my identity, my values, my very commitment to honesty, integrity, and compassion.

List of free, open source and privacy respecting services and alternatives to privative services. https://github.com/pluja/awesome-privacy

#opensource

If you are passionate about OSINT and have something to say about it, you can become a speaker at OSINTcon by @osintambition in November

This is a free online conference (1st OSINTcon in May - 4,000+ participants)
You can submit your application here:
https://osintconference.com/speaker-registration