Linux Binary Poisoning Detection
In this post guys from Sandfly Security describe the process of detection poisoned Linux binaries. You will learn about the …
Malicious PowerShell in the Registry: Persistence
Mari DeGrazia continues her series of blogs about detecting and analysis of malicious PowerShell scripts. This time you̵…
RDP Logs and Incident Response
Koen Van Impe has posted a nice overview of RDP and its logs, that will be quite useful both for incident responders and for…
DFIR Summit & Training 2018
SANS Institute has published the presentations from DFIR Summit & Training 2018. You can find all of them here. …
Detecting script-based attacks on Linux
In this post John Booth describes how to detect encoded or obfuscated command-lines used by attackers on Linus hosts. As you…
The Endgame Guide To Threat Hunting: Practitioner’s Edition
Threat hunting is the process of actively looking for signs of malicious activity within enterprise networks without prior k…
Simple Linux Forensics
Craig Rowland from Sandfly Security goes over simple tactics and techniques you can use to assess a Linux host for signs of …
2018 Volatility Analysis Contest
Volatility Foundation has announced another contest – Volatility Analysis Contest. All you need is to choose a sophist…
Automating Incident Response and Forensics
Come and learn the latest and greatest tricks for automating your incident response and forensics in the cloud. This session…
Windows Process Genealogy
As an incident responder, one of the things you need to be able to quickly do when looking at a list of processes, is immedi…
