Skip to content

WindowsTechs.com

Collaborate Disseminate

Menu

Primary menu

  • Home

Author Archives: Unknown

Events Ripper Updates

Posted on May 26, 2023 by Unknown

I updated an Events Ripper plugin recently, and added two new ones…I tend to do this when I see something new to that I don’t have to remember to run a command, check a box on a checklist, or take some other step. If I have to do any of these, I’m no… Continue reading Events Ripper Updates→

Posted in Uncategorized

Composite Objects and Constellations

Posted on May 17, 2023 by Unknown

Okay, to start off, if you haven’t seen Joe Slowik’s RSA 2022 presentation, you should stop now and go watch it. Joe does a great job of explaining and demonstrating why IOCs are truly composite objects, that there’s much more to an IP address than jus… Continue reading Composite Objects and Constellations→

Posted in Uncategorized

The Windows Registry

Posted on May 16, 2023 by Unknown

When it comes to analyzing and understanding the Windows Registry, where do we go, as an industry, to get the information we need?Why does this even matter?Well, an understanding of the Registry can provide insight into the target (admin, malicious ins… Continue reading The Windows Registry→

Posted in Uncategorized

Events Ripper Updates

Posted on May 5, 2023 by Unknown

As you may know, I’m a pretty big proponent for documenting things that we “see” or find during investigations, and then baking those things back into the parsing and decoration process, as a means of automating and retaining corporate knowledge. This … Continue reading Events Ripper Updates→

Posted in Uncategorized

Program Execution

Posted on April 28, 2023 by Unknown

By now, I hope you’ve had a chance to read and consider the posts I’ve written discussing the need for  validation of findings (third one here). Part of the reason for this series was a pervasive over-reliance on single artifacts as a source of fi… Continue reading Program Execution→

Posted in Uncategorized

New Events Ripper Plugins

Posted on April 25, 2023 by Unknown

I recently released four new Events Ripper plugins, mssql.pl, scm7000.pl, scm7024.pl and apppopup26.pl. The mssql.pl plugin primarily looks for MS SQL failed login events in the Application Event Log. I’d engaged in a response where we were a… Continue reading New Events Ripper Plugins→

Posted in Uncategorized

On Validation, pt III

Posted on April 25, 2023 by Unknown

From the first two articles (here, and here) on this topic arises the obvious question…so what? Not validating findings has worked well for many, to the point that the lack of validation is not recognized. After all, who notices that findings were no… Continue reading On Validation, pt III→

Posted in Uncategorized

On Validation, pt II

Posted on April 17, 2023 by Unknown

My first post on this topic didn’t result in a great deal of engagement, but that’s okay. I wrote the first post with part II already loaded in the chamber, and I’m going to continue with this topic because, IMHO, it’s immensely important. I’ve se… Continue reading On Validation, pt II→

Posted in Uncategorized

Deriving Value From Open Reporting

Posted on April 7, 2023 by Unknown

There’s a good bit of open reporting available online these days, including (but not limited to) the annual reports that tend to be published around this time of year. All of this open reporting amounts to a veritable treasure trove of information, eit… Continue reading Deriving Value From Open Reporting→

Posted in Uncategorized

Unraveling Rorschach

Posted on April 5, 2023 by Unknown

Checkpoint recently shared a write-up on some newly-discovered ransomware dubbed, “Rorschach”. The write-up was pretty interesting, and had a good bit of content to unravel, so I thought I’d share the thoughts that had developed while I read and re-rea… Continue reading Unraveling Rorschach→

Posted in Uncategorized

Post navigation

← Older posts
Newer posts →

Primary Sidebar Widget Area

Infocon Status

Internet Storm Center Infocon Status

Recent Posts

  • F5 Patches Multiple NGINX, BIG-IP Vulnerabilities July 16, 2026
  • China’s Top Cybersecurity Firms Hit by Mounting Military Procurement Bans July 16, 2026
  • OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol July 16, 2026
  • Transponder Mania July 16, 2026
  • Old UEFI Shims Expose Systems to Secure Boot Bypass July 16, 2026

Tag Cloud

Agriculture Alzheimer's Disease Art Audio Automation Bluetooth Building and Construction Campervan Camping Cancer Coronavirus (COVID-19) Cycling Dementia Diabetes DNA Electric Vehicles Food Home House Huawei Indiegogo MIT Mobility Moon New Atlas Audio NVIDIA Off-grid Off-road Pedal-assisted Photography Physics Radio Repair RV Samsung Satellite Sony SpaceX spoofing sustainable design The Immune System Tiny Footprint Training Water Zoom

Archives

  • Facebook
  • Twitter
  • Linkedin
  • Email
Copyright © 2026 WindowsTechs.com. All Rights Reserved.
Theme: Catch Box by Catch Themes
Scroll Up