Collaborate Disseminate
Imposter Syndrome. This is something many of us have experienced to one degree or another, at various times. Many have experienced, some have overcome it, others may not be able to and wonder why.HealthLine tells us, “Imposter feelings represent a… Continue reading Imposter Syndrome
Over the years, every now and then I’ve taken a look around to try to see where RegRipper is used. I noticed early on that it’s included in several security-oriented Linux distros. So, I took the opportunity to compile some of the links I’d found, and … Continue reading Distros and RegRipper
Part I of this series kicked things off for us, and honestly I have no idea how long this series will be…I’m just writing the posts without a specific plan or outline for the series. In this case, I opted to take an organic approach, and wanted … Continue reading On Writing DFIR Books, pt II
On the heels of my first post with this subject, I thought I’d continue adding tips as they came to mind…I’ve been engaged with EDR frameworks for some time now. I first became aware of Carbon Black before it was “version 1.0”, and before “carbonblac… Continue reading Tips for DFIR Analysts, pt II
During my time in the industry, I’ve authored 9 books under three imprints, and co-authored a tenth.There, I said it. The first step in addressing a problem is admitting you have one. ;-)Seriously, though, this is simply to say that I have some experie… Continue reading On Writing DFIR Books, pt I
There’s been a lot of discussion on social media around how to “break into” the cybersecurity field, not only for folks just starting out but also for those looking for a career change. This is not unusual, given what we’ve seen in the public news medi… Continue reading Building a Career in CyberSecurity
Over the years as a DFIR analyst…first doing digital forensics analysis, and then incorporating that analysis as a component of IR activity…there have been some stunningly simple truths that I’ve learned, truths that I thought I’d share. Many of th… Continue reading Tips for DFIR Analysts
Okay, I think that we can all admit that ransomware has consumed the news cycle of late, thanks to high visibility attacks such as Colonial Pipeline and JBS. Interestingly enough, there wasn’t this sort of reaction the second time the City of Baltimore… Continue reading What We Know About The Ransomware Economy
I was reading this Splunk blog post recently, and I have to say up front, I was disappointed by the fact that the promise of the title (i.e., “Detecting Cl0p Ransomware”) was not delivered on by the remaining content of the post. Very early on in the b… Continue reading Thoughts on Assessing Threat Actor Intent & Sophistication
As most regular readers of this blog can tell you, I’m a bit of a fan of LNK files…a LNK-o-phile, if you will. I’m not only fascinated by the richness of the structure, but as I began writing a parser for LNK files, I began too see some interes… Continue reading Toolmarks: LNK Files in the news again