Diffy: A Triage Tool for Cloud-Centric Incident Response
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix’s Security Intelligence and Respon…
Office365 Log Analysis Framework
After yesterday’s webcast Matt Bromiley released his Office365 Log Analysis Framework or OLAF to the public. You can l…
Detecting Malicious PowerShell Commands using Deep Neural Networks
Microsoft’s PowerShell is a command-line shell and scripting language that is installed by default on Windows machines…
Security Event Logging and Monitoring Techniques for Incident Response in Hadoop
This presentation will share some of the techniques and lessons learned in real-world Hadoop implementation at Johns Hopkins…
LiMEaide: Dump Linux Memory Remotely
LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later a…
Magnet User Summit CTF: Misc
We are continuing our write-up. The second part will walk you through the solution of the second set of CTF problems –…
Magnet User Summit CTF: Anti-Forensics
Yesterday Troy Schnack and Kevin Pagano suggested on Twitter that it would be good to write how I solved Magnet User Summit …
Using the Office 365 Activities API to Investigate Business Email Compromises
Business email compromises (BECs) are a big problem across a multitude of industries. Just last week, the FBI participated i…
RDP Event Log Forensics
As a continuation of the “Introduction to Windows Forensics” series, this episode takes a comprehensive look at …
Dear Blue Team: Proactive Steps to Supercharge your IR
In an age where data breaches and malware infections are quickly becoming the norm, we must prepare for Digital Forensics an…
