Collaborate Disseminate
One of Shakespeare’s lines from Hamlet I remember from high school is, “…there are more things on heaven and earth, Horatio, than are dreamt of in your philosophy.” And that’s one of the great things about the #DFIR industry…there’s always somethin… Continue reading Testing, and taking DFIR a step further
One of Shakespeare’s lines from Hamlet I remember from high school is, “…there are more things on heaven and earth, Horatio, than are dreamt of in your philosophy.” And that’s one of the great things about the #DFIR industry…there’s always somethin… Continue reading Testing, and taking DFIR a step further
TL;DR: People keep questioning SIEM value, but cloud SIEM makes SIEM so much better. SIEM is now capable of delivering a lot of security value with far less effort from security teams.
The SIEM market is a US$5B market with a two-digit annual growth r… Continue reading The Bright Future of Cloud SIEM
In my previous post, I presented some of the basic design elements for a structured approach to describing artifact constellations, and leveraging them to further DFIR analysis. As much of this is new, I’m sure that this all sounds like a lot of … Continue reading On #DFIR Analysis, pt III – Benefits of a Structured Model
I’ve been putting some serious thought into the topic of a new #DFIR model, and in an effort to extend and expand upon my previous post a bit, I wanted to take the opportunity to document and share some of my latest thoughts.I’ve d… Continue reading On #DFIR Analysis, pt II – Describing Artifact Constellations
I ran across SharpWebServer via Twitter recently…the first line of the readme.md file states, “A Red Team oriented simple HTTP & WebDAV server written in C# with functionality to capture Net-NTLM hashes.” I thought this was fascinating beca… Continue reading LNK Files, Again
I wanted to take the opportunity to discuss DFIR analysis; when discussing #DFIR analysis, we have to ask the question, “what _is_ “analysis”?”In most cases, what we call analysis is really just parsing some data source (or sources) and either viewing … Continue reading On #DFIR Analysis
On the heels of my previous post on this subject, I ran across this little gem from Microsoft regarding the print spooler EOP exploitation. I like articles like this because they illustrate threat actor activities outside the “norm”, or what we us… Continue reading Extracting Toolmarks from Open Source Reporting, pt II
The topic on SOC automation is really a fun one to think about, and even after putting my thoughts into words with my last post, I’ve still kept thinking about it. Some additional considerations came to my mind.
The simplistic question of “Will machin… Continue reading Some additional words on those SOC robots
The debate around SOC automation has been a fun one to follow. Allie Mellen wrote a short but on the spot piece about it, reaffirming what seems to be the commonsense opinion on this topic today: Automation is good, but to augment human capacity, not … Continue reading The Robots Are Coming!