RDP Event Log Forensics
As a continuation of the “Introduction to Windows Forensics” series, this episode takes a comprehensive look at …
Dear Blue Team: Proactive Steps to Supercharge your IR
In an age where data breaches and malware infections are quickly becoming the norm, we must prepare for Digital Forensics an…
Linux Binary Poisoning Detection
In this post guys from Sandfly Security describe the process of detection poisoned Linux binaries. You will learn about the …
Malicious PowerShell in the Registry: Persistence
Mari DeGrazia continues her series of blogs about detecting and analysis of malicious PowerShell scripts. This time you̵…
RDP Logs and Incident Response
Koen Van Impe has posted a nice overview of RDP and its logs, that will be quite useful both for incident responders and for…
Detecting script-based attacks on Linux
In this post John Booth describes how to detect encoded or obfuscated command-lines used by attackers on Linus hosts. As you…
The Endgame Guide To Threat Hunting: Practitioner’s Edition
Threat hunting is the process of actively looking for signs of malicious activity within enterprise networks without prior k…
Simple Linux Forensics
Craig Rowland from Sandfly Security goes over simple tactics and techniques you can use to assess a Linux host for signs of …
2018 Volatility Analysis Contest
Volatility Foundation has announced another contest – Volatility Analysis Contest. All you need is to choose a sophist…
Automating Incident Response and Forensics
Come and learn the latest and greatest tricks for automating your incident response and forensics in the cloud. This session…
