@da667cant.hax.lol
Senior Security Researcher, Proofpoint Emerging Threats. I stare at pcaps all day, and use my pattern-seeking scattered hunter-gatherer brain, to write IDS signatures. I'm also a huge fuckin nerd. Obligatory My words are not fit for consumption warning.
Hey, we've gotten like, a shitload of stuff over the past day or two, so I just wanted to express my gratitude on behalf of the new first graders coming in to my wife's classroom this fall. Thanks again for helping out.
and if you're interested in my write-ups related to Suricata, rule writing and threat hunting, check out:
community.emergingthreats.net/c/tutorials-...
Look for the stuff posted by trobinson667. Tons of great advice for threat hunting, intelligence gathering, and rule writing. Cheers!
I know its not much, but I write up a bunch of blogs and how-tos related to virtual machine labs and Suricata IDS/IPs software. My books (in varying states of completeness) are over at:
leanpub.com/u/da_667
My books are always "pay what you want", even if that means not paying at all.
I'd also like to thank any of you all in advance if you elect to donate something. Trust me, I know times are tough in 2025 for anyone who isn't a billionaire, so I just want to make sure I express my appreciation.
dude this is incredibly generous and we both really appreciate it
and for those of you who aren't keen on donating to a stranger's amazon list, but still want to help your local teachers, consider donorschoose.org as an alternative to support your local schools. This may also be something that you can point your employer to as a worthy cause as well.
She serves as a first grade teacher at a title 1 school. If you're not familiar with the lingo, title 1 schools serve poor and impoverished communities. If you're kind enough to donate, I deeply appreciate it, even if you can't, thanks for taking the time to read this.
Hey y'all,
Keeping this brief. My wife is getting ready to head back to her first grade classroom. She requested that I post up her amazon list to see if anyone was willing to contribute resources to her classroom:
www.amazon.com/hz/wishlist/...
listen, if I can get an appointment with doctor catte in less than three months, i'm gonna give it some serious thought.
Yeah can confirm not a doctor. But I has all the appointments available to select from.
Dr. Catte is not a real doctor. Do not let doctor catte touch you.
complete with the double quotes around the "do not eat", because nobody said I couldn't drink it.
Sometimes my blogposts on my personal blog are a little raw, so I create a more worksafe version that I put on the emerging threats community forum, that people might feel a little more comfortable reading and sharing:
community.emergingthreats.net/t/detection-...
Enjoy your Saturday
I posted up a write-up on how to archive exploit write-ups and PoC code, and turn that data into Snort rules, and Suricata rules, the differences between the two rule engines, their syntax, and why we do things what we do when creating rules:
www.totes-legit-notmalware.site/home/detecti...
I promise I'll have the PG version that you can (probably) share with your SOC analysts, boss and other people that can't stomach shitposting and white-hot spite sometime in the next few days.
Until then, enjoy the weekend, fuck Cisco, stomp out the fascism before it takes root, and one love. later
-What the rule looks like in Suricata, including a break-down of the rule structure, keywords used, why we use them
-An identical break-down for Snort that shows how we achieve feature parity between two vastly different IDS engines.
www.totes-legit-notmalware.site/home/detecti...
happy hunting
-Where to find official documentation for both Snort and Suricata
-How to properly archive proof of concept code so that the code isn't deleted on a whim and lost forever
-The handful of vulns I wrote rules for themselves
Hey.
I wrote up a Detection Engineering Exercise that I used to help train up our newly appointed intern on the emerging threats team.
In this post, I covered:
this is why you don't capitulate to the fascists, they just demand more if you roll over.
I'll be honest, I've never used arch before. so I'm not used to it.
I've reached quite a decent age without having a clue what pickleball is.
You look at this thing and tell me it isn't a blob of semen.
Yeah for the most part, switching to debian and using librewolf instead has been nice, but every couple of days it just mysteriously has a Crash-to-Desktop moment. I suspect there's a memory leak somewhere, but I don't know. All web browsers are terminally awful and snap just made ti worse.
If you are looking for a worksafe version of some of the Suricata subjects I talk about on my blog that you can show your friends and co-workers who don't understand suffering and/or tech shitposting, go here instead:
community.emergingthreats.net/u/trobinson6...
There is a TON of other shit I've written about. I've been very active with regards to content since I started up this grav-powered website in January.
On a separate note, grav is a cursed CMS.
Most of my content is work/Suricata-related, but once in a while I'll just shoot the shit.
But yeah. Today I learned that MX Linux is a thing and will likely be the next distro I try, because fucking nobody supports fluxbox anymore, and flux is my favorite window manager.
Also consider their affiliated network of comrades over at 33x32 institute: 32x33.institute