Defcon DFIR CTF 2018 Open to the Public
David Cowen has posted Defcon DFIR CTF 2018 images and questions at his blog. It’s time to download them and have a go…
Business Email Compromise; Office 365 Making Sense of All the Noise
Office 365, or O365, has made online applications easier for businesses of all sizes. Its also created a significant attack …
Deobfuscating Emotetâs PowerShell Payload
Lasq has posted a step-by-step guide on how to deobfuscate Emotet’s PowerShell payload. Also he shared a Python script…
Investigating Data Hiding and Covert Communication
The book will focus on incident response methods and techniques when faced with the unprecedented challenge that data hiding…
POSH-Triage
Mike Cary has written a PowerShell script that automates the use of Eric Zimmerman’s cmd line tools (https://ericzimme…
Diffy: A Triage Tool for Cloud-Centric Incident Response
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix’s Security Intelligence and Respon…
Office365 Log Analysis Framework
After yesterday’s webcast Matt Bromiley released his Office365 Log Analysis Framework or OLAF to the public. You can l…
Detecting Malicious PowerShell Commands using Deep Neural Networks
Microsoft’s PowerShell is a command-line shell and scripting language that is installed by default on Windows machines…
Security Event Logging and Monitoring Techniques for Incident Response in Hadoop
This presentation will share some of the techniques and lessons learned in real-world Hadoop implementation at Johns Hopkins…
LiMEaide: Dump Linux Memory Remotely
LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later a…
