Unknown – Page 11 – WindowsTechs.com

Why Write?

Posted on February 25, 2023 by Unknown

I shared yet another post on writing recently; I say “yet another” because I’ve published blog posts on the topic of “writing” several times. But something I haven’t really discussed is why should we write, nor what we should write about?In his book, C… Continue reading Why Write?→

WEVTX Event IDs

Posted on February 21, 2023 by Unknown

Now and again, we see online content that moves the community forward, a step or several steps. One such article appeared on Medium recently, titled Forensic Traces of Exploiting NTDS. This article begins developing the artifact constellations, and wal… Continue reading WEVTX Event IDs→

Training and CTFs

Posted on February 14, 2023 by Unknown

The military has a couple of adages…one, “you fight like you train”, and another being, “the more you sweat in peace, the less you bleed in war.” The idea behind these adages is that progressive, realistic training prepares you for the job at hand, w… Continue reading Training and CTFs→

Why Lists?

Posted on February 7, 2023 by Unknown

So much of what we see in cybersecurity, in SOC, DFIR, red teaming/ethical hacking/pen testing, seems to be predicated on lists. Lists of tools, lists of books, lists of sites with courses, lists of free courses, etc. CD-based distros are the same way,… Continue reading Why Lists?→

Validating Tools

Posted on February 5, 2023 by Unknown

Many times, in the course of our work as analysts (SOC, DFIR, etc.), we run tools…and that’s it. But do we often stop to think about why we’re running that tool, as opposed to some other tool? Is it because that’s the tool everyone we know uses, and … Continue reading Validating Tools→

Soft Skills: Writing

Posted on January 31, 2023 by Unknown

Writing. Like math in middle school, this is one of those subjects that we pushed back on, telling ourselves, “I’ll never have to use this…”, and then quite shockingly finding that it’s amazing how much writing we actually do. However, are we do… Continue reading Soft Skills: Writing→

Updates, Compilation

Posted on January 27, 2023 by Unknown

Thoughts on Detection EngineeringI read something online recently that suggested that the role of detection engineering is to reduce the false positive (FPs) alerts sent to the SOC. In part, I fully agree with this; however, “cyber security” is a team … Continue reading Updates, Compilation→

Wi-Fi Geolocation, Then and Now

Posted on January 16, 2023 by Unknown

I’ve always been fascinated by the information maintained in the Windows Registry. But in order to understand this, to really get a view into this, you have to know a little bit about my background. The first computer I remember actually using was a Ti… Continue reading Wi-Fi Geolocation, Then and Now→

Persistence and LOLBins

Posted on December 31, 2022 by Unknown

Grzegorz/@0gtweet tweeted something recently that I thought was fascinating, suggesting that a Registry modification might be considered an LOLBin. What he shared was pretty interesting, so I tried it out.First, the Registry modification:reg add “HKLM\… Continue reading Persistence and LOLBins→

Keeping Grounded

Posted on December 31, 2022 by Unknown

As 2022 comes to a close, I reflect back over the past year, and the previous years that have gone before. I know we find it fascinating to hear “experts” make predictions for the future, but I tend to believe that there’s more value in reflecting on a… Continue reading Keeping Grounded→