tactical_legacy_kirbo
@da667cant.hax.lol
Senior Security Researcher, Proofpoint Emerging Threats. I stare at pcaps all day, and use my pattern-seeking scattered hunter-gatherer brain, to write IDS signatures. I'm also a huge fuckin nerd. Obligatory My words are not fit for consumption warning.
and if you're interested in my write-ups related to Suricata, rule writing and threat hunting, check out:
community.emergingthreats.net/c/tutorials-...
Look for the stuff posted by trobinson667. Tons of great advice for threat hunting, intelligence gathering, and rule writing. Cheers!
community.emergingthreats.net/c/tutorials-...
Look for the stuff posted by trobinson667. Tons of great advice for threat hunting, intelligence gathering, and rule writing. Cheers!
Tutorials, Tips & Tricks
Share your knowledge and learn something new.
community.emergingthreats.net
August 12, 2025 at 8:08 PM
and if you're interested in my write-ups related to Suricata, rule writing and threat hunting, check out:
community.emergingthreats.net/c/tutorials-...
Look for the stuff posted by trobinson667. Tons of great advice for threat hunting, intelligence gathering, and rule writing. Cheers!
community.emergingthreats.net/c/tutorials-...
Look for the stuff posted by trobinson667. Tons of great advice for threat hunting, intelligence gathering, and rule writing. Cheers!
I know its not much, but I write up a bunch of blogs and how-tos related to virtual machine labs and Suricata IDS/IPs software. My books (in varying states of completeness) are over at:
leanpub.com/u/da_667
My books are always "pay what you want", even if that means not paying at all.
leanpub.com/u/da_667
My books are always "pay what you want", even if that means not paying at all.
Tony Robinson
leanpub.com
August 12, 2025 at 8:08 PM
I know its not much, but I write up a bunch of blogs and how-tos related to virtual machine labs and Suricata IDS/IPs software. My books (in varying states of completeness) are over at:
leanpub.com/u/da_667
My books are always "pay what you want", even if that means not paying at all.
leanpub.com/u/da_667
My books are always "pay what you want", even if that means not paying at all.
I'd also like to thank any of you all in advance if you elect to donate something. Trust me, I know times are tough in 2025 for anyone who isn't a billionaire, so I just want to make sure I express my appreciation.
August 12, 2025 at 8:08 PM
I'd also like to thank any of you all in advance if you elect to donate something. Trust me, I know times are tough in 2025 for anyone who isn't a billionaire, so I just want to make sure I express my appreciation.
dude this is incredibly generous and we both really appreciate it
August 12, 2025 at 8:03 PM
dude this is incredibly generous and we both really appreciate it
and for those of you who aren't keen on donating to a stranger's amazon list, but still want to help your local teachers, consider donorschoose.org as an alternative to support your local schools. This may also be something that you can point your employer to as a worthy cause as well.
DonorsChoose: Support a classroom. Build a future.
DonorsChoose connects teachers in high-need communities with donors who want to help.
donorschoose.org
August 12, 2025 at 6:57 PM
and for those of you who aren't keen on donating to a stranger's amazon list, but still want to help your local teachers, consider donorschoose.org as an alternative to support your local schools. This may also be something that you can point your employer to as a worthy cause as well.
She serves as a first grade teacher at a title 1 school. If you're not familiar with the lingo, title 1 schools serve poor and impoverished communities. If you're kind enough to donate, I deeply appreciate it, even if you can't, thanks for taking the time to read this.
August 12, 2025 at 6:57 PM
She serves as a first grade teacher at a title 1 school. If you're not familiar with the lingo, title 1 schools serve poor and impoverished communities. If you're kind enough to donate, I deeply appreciate it, even if you can't, thanks for taking the time to read this.
Reposted by tactical_legacy_kirbo
listen, if I can get an appointment with doctor catte in less than three months, i'm gonna give it some serious thought.
August 8, 2025 at 7:58 PM
listen, if I can get an appointment with doctor catte in less than three months, i'm gonna give it some serious thought.
Reposted by tactical_legacy_kirbo
Yeah can confirm not a doctor. But I has all the appointments available to select from.
August 8, 2025 at 8:02 PM
Yeah can confirm not a doctor. But I has all the appointments available to select from.
Sometimes my blogposts on my personal blog are a little raw, so I create a more worksafe version that I put on the emerging threats community forum, that people might feel a little more comfortable reading and sharing:
community.emergingthreats.net/t/detection-...
Enjoy your Saturday
community.emergingthreats.net/t/detection-...
Enjoy your Saturday
Detection Exercise: D-Link DIR-513 (CVEs: 2025-8184, 8169, and 8168)
Detection Exercise: D-Link DIR-513 (CVEs: 2025-8184, 8169, and 8168) We’ve recently had an intern join the ET team (say hello to @kraghu). I went over how I turned a github repo with some PoC exploit ...
community.emergingthreats.net
August 3, 2025 at 12:27 AM
Sometimes my blogposts on my personal blog are a little raw, so I create a more worksafe version that I put on the emerging threats community forum, that people might feel a little more comfortable reading and sharing:
community.emergingthreats.net/t/detection-...
Enjoy your Saturday
community.emergingthreats.net/t/detection-...
Enjoy your Saturday
I promise I'll have the PG version that you can (probably) share with your SOC analysts, boss and other people that can't stomach shitposting and white-hot spite sometime in the next few days.
Until then, enjoy the weekend, fuck Cisco, stomp out the fascism before it takes root, and one love. later
Until then, enjoy the weekend, fuck Cisco, stomp out the fascism before it takes root, and one love. later
August 2, 2025 at 4:15 AM
I promise I'll have the PG version that you can (probably) share with your SOC analysts, boss and other people that can't stomach shitposting and white-hot spite sometime in the next few days.
Until then, enjoy the weekend, fuck Cisco, stomp out the fascism before it takes root, and one love. later
Until then, enjoy the weekend, fuck Cisco, stomp out the fascism before it takes root, and one love. later
-What the rule looks like in Suricata, including a break-down of the rule structure, keywords used, why we use them
-An identical break-down for Snort that shows how we achieve feature parity between two vastly different IDS engines.
www.totes-legit-notmalware.site/home/detecti...
happy hunting
-An identical break-down for Snort that shows how we achieve feature parity between two vastly different IDS engines.
www.totes-legit-notmalware.site/home/detecti...
happy hunting
Detection Exercise: D-Link DIR-513 (CVEs: 2025-8184, 8169, and 8168) | 667's shitpost box
This website is a personal blog with cybersecurity and technology themes. It also ventures into some nerd culture themes, and there is heavy use of strong lanuage. Generally, this website should be co...
www.totes-legit-notmalware.site
August 2, 2025 at 4:10 AM
-What the rule looks like in Suricata, including a break-down of the rule structure, keywords used, why we use them
-An identical break-down for Snort that shows how we achieve feature parity between two vastly different IDS engines.
www.totes-legit-notmalware.site/home/detecti...
happy hunting
-An identical break-down for Snort that shows how we achieve feature parity between two vastly different IDS engines.
www.totes-legit-notmalware.site/home/detecti...
happy hunting
-Where to find official documentation for both Snort and Suricata
-How to properly archive proof of concept code so that the code isn't deleted on a whim and lost forever
-The handful of vulns I wrote rules for themselves
-How to properly archive proof of concept code so that the code isn't deleted on a whim and lost forever
-The handful of vulns I wrote rules for themselves
August 2, 2025 at 4:10 AM
-Where to find official documentation for both Snort and Suricata
-How to properly archive proof of concept code so that the code isn't deleted on a whim and lost forever
-The handful of vulns I wrote rules for themselves
-How to properly archive proof of concept code so that the code isn't deleted on a whim and lost forever
-The handful of vulns I wrote rules for themselves
this is why you don't capitulate to the fascists, they just demand more if you roll over.
July 31, 2025 at 8:52 PM
this is why you don't capitulate to the fascists, they just demand more if you roll over.
I'll be honest, I've never used arch before. so I'm not used to it.
July 29, 2025 at 12:13 PM
I'll be honest, I've never used arch before. so I'm not used to it.