Detecting PowerShell Empire Shenanigans with Sysinternals
In this post Ben Bornholm writes about how to detect PowerShell Empire using the tools from the Sysinternals suite. …
Cobalt Strike Remote Threads Detection
Olaf Hartong has writted a blog post in which he shows how to use “Create Remote Thread” events to detect process injection …
Dear Blue Team: Forensic Advice to Non-Forensic Professionals to Supercharge Organization DFIR
In an age where data breaches and malware infections are quickly becoming the norm, we must prepare for Digital Forensics an…
Dear Blue Team: Proactive Steps to Supercharge your IR
In an age where data breaches and malware infections are quickly becoming the norm, we must prepare for Digital Forensics an…
Creating custom YARA rules
Didier Stevens has posted about how to use IOCs (Indicators Of Compromise) to create your own custom YARA rules. In the post…
The Power of Logging in Incident Response
In this post Brad Garnett writes about the importance of logging in incident response. Brad mentions such important digital …
PCAP File Extraction
Mark Robinson has published a post on how to carve data out of PCAPs. Step-by-step guides will show you how to do it with Wi…
