Finding Evil in 30 Minutes or Less Part 2 – Amcache, Shimcache and the Srum DB
In Part 1 of this series, we looked at collecting volatile data from a machine and analyzing running…
Infosec Training
coming soon
Incident Response
Incident Response
Finding Evil in 30 Minutes or Less Part 3 – Windows Registry
In parts 1 and 2 of this series we examined the artifacts from live system by looking at the process…
Incident Response
Finding Evil in 30 Minutes or Less Part 4 – Windows Event Logs and the WMI Database
One of the other methods attackers are using to establish persistence is through Windows Management …
Incident Response
Finding Evil in 30 Minutes or Less Part 1 – Processes and Network Connections
When you are doing an IR it is crucial that you find answer fast. You often have the client asking f…
Consulting
Your first onsite IR
The first time I responded to a breach solo was just a few months after starting my career as a DFIR…
Consulting
Just what is a Scoping Call?
One of the major differences between working corporate security vs consulting is the interaction wit…
Uncategorized
Some Background
I’ve been working in IT since 1999. I started out on Windows 3.1 machines running Token Ring n…
Follow along the journey
Follow me on social and never miss a post from this blog. Only original content and minimalist views, shared daily on social.