Unknown – Page 10 – WindowsTechs.com

On Validation, pt III

Posted on April 25, 2023 by Unknown

From the first two articles (here, and here) on this topic arises the obvious question…so what? Not validating findings has worked well for many, to the point that the lack of validation is not recognized. After all, who notices that findings were no… Continue reading On Validation, pt III→

On Validation, pt II

Posted on April 17, 2023 by Unknown

My first post on this topic didn’t result in a great deal of engagement, but that’s okay. I wrote the first post with part II already loaded in the chamber, and I’m going to continue with this topic because, IMHO, it’s immensely important. I’ve se… Continue reading On Validation, pt II→

Deriving Value From Open Reporting

Posted on April 7, 2023 by Unknown

There’s a good bit of open reporting available online these days, including (but not limited to) the annual reports that tend to be published around this time of year. All of this open reporting amounts to a veritable treasure trove of information, eit… Continue reading Deriving Value From Open Reporting→

Unraveling Rorschach

Posted on April 5, 2023 by Unknown

Checkpoint recently shared a write-up on some newly-discovered ransomware dubbed, “Rorschach”. The write-up was pretty interesting, and had a good bit of content to unravel, so I thought I’d share the thoughts that had developed while I read and re-rea… Continue reading Unraveling Rorschach→

On Validation

Posted on April 4, 2023 by Unknown

I’ve struggled with the concept of “validation” for some time; not the concept in general, but as it applies specifically to SOC and DFIR analysis. I’ve got a background that includes technical troubleshooting, so “validation” of findings, or the idea … Continue reading On Validation→

Password Hash Leakage

Posted on March 25, 2023 by Unknown

If you’ve been in the security community for even a brief time, or you’ve taking training associated with a certification in this field, you’ve likely encountered the concept of password hashes. The “Reader’s Digest” version of password hashes are that… Continue reading Password Hash Leakage→

The "Why" Behind Tactics

Posted on March 25, 2023 by Unknown

Very often we’ll see mention in open reporting of a threat actor’s tactics, be they “new” or just what’s being observed, and while we may consider how our technology stack might be used to detect these tactics, or maybe how we’d respond to an incident … Continue reading The "Why" Behind Tactics→

Threat Actors Changing Tactics

Posted on March 16, 2023 by Unknown

I’ve been reading a bit lately on social media about how cyber security is “hard” and it’s “expensive”, and about how threat actors becoming “increasingly sophisticated”. The thing is, going back more than 20 yrs, in fact going back to 1997, when … Continue reading Threat Actors Changing Tactics→

On Using Tools

Posted on March 12, 2023 by Unknown

I’ve written about using tools before in this blog, but there are times when something comes up that provokes a desire to revisit a topic, to repeat it, or to evolve and develop the thoughts around it. This is one of those posts. When I first rele… Continue reading On Using Tools→

Devices

Posted on February 26, 2023 by Unknown

This interview regarding one of the victims of the University of Idaho killings having a Bluetooth speaker in her room brings up a very important aspect of digital forensic analysis; that technology that we know little about is very pervasive in our li… Continue reading Devices→