Author Archives: Unknown

I’ve been saving some things up in this draft blog post, adding new things, removing some older stuff that, after a few days, didn’t quite hit the same as when I first read them. Most who know me know that I’m not so much about just dropping a link, as… Continue reading Links→

I know what you’re thinking…”LNK files? Again? Dude, you are like a dog with a bone!”Yes. Yes, I am. But in this case, I’ll keep it short. I’ve posted a lot…a LOT…about LNK files, and there’s very likely more to come in the future.Wietze recently… Continue reading LNK Files→

Something I learned very early on as a DF/IR consultant was that you’re likely never going to run into a perfect environment as an on-call responder. In fact, the best you can hope for is an environment with the default logging, for the OS and app… Continue reading Devices→

There’s been a lot of chatter over the use of AI in various fields, and because it’s my professional focus, I’m most interested in how it’s used in cybersecurity. Now, that doesn’t mean that I’m not aware of how it’s used…or more appropriately, misus… Continue reading Views on AI & the Anthropic Report→

One of the fascinating aspects of Windows systems, from a DF/IR perspective, for me has been the clipboard. Notice I said, “one of”, rather than “the”…that’s because there are a lot of fascinating aspects of Windows systems when it comes to DF/IR wor… Continue reading What’s on your clipboard?→

Sometimes I’ll get questions via different routes…webinars or podcasts, via social media, DM, or even email. Getting questions is good, because it keeps me aware that I’m in somewhat of a bubble, given the work I do and the environment in which I do … Continue reading Questions I’ve Been Asked→

This started out as a bit of an end-of-the-year grab bag of posts, but I don’t like simply linking to things, dropping links with no explanation as to why; instead, I’d rather share the why behind what I found interesting about the post or ar… Continue reading Grab Bag→

I ran across a LinkedIn post the other day that  mentioned using Windows Defender Support Logs (actually, I think the post referred to them as “diagnostic” logs). These logs are found in the following folder:C:\ProgramData\Microsoft\Windows Defend… Continue reading Windows Defender Support Logs→

I received a question recently, one I receive every now and again, asking if there are any updates to an open source tool I created a while back, called “RegRipper”. This time, the question came in this way:Is there any update on reg tool?After a … Continue reading Question on Open Source Tools→

I’m not a fan of many podcasts. I do like a conversational style, and there are some podcasts that I listen to, albeit not on a regular basis, and not for technical content. They’re mostly about either “easter eggs” in Marvel or DC movies, or the … Continue reading Perspectives on Cybersecurity→