Anatomy of an Attack: CARBANAK
Jack Wesley Riley has published a white paper with an overview of tools and techniques used by CARBANAK. According to the pa…
Unofficial Guide to Mimikatz & Command Reference
Mimikatz is a common tool used by APT in modern cyber attacks to harvest admin’s and user’s login credentials. I…
Hands-on Incident Response and Digital Forensics
Incident response and digital forensics require a balancing act to get right, but both are essential when an information sec…
Incident Response in the Cloud
Moving from on-premises deployments to the cloud can offer incredible benefits to many organizations, including a plethora o…
Hunt Evil: Your Practical Guide to Threat Hunting
This eBook will guide you through how to assess and improve your threat hunting capabilities, how to prioritize what to hunt…
Open-Source DFIR Made Easy: The Setup
A common challenge in the digital forensics and incident response (DFIR) community has been creating a DFIR toolkit that is …
Memory Acquisition and Virtual Secure Mode
Jason Hale has published a post about the impact of VBS on memory acqusition. With Windows 10 and Server 2016, Microsoft add…
An Academic’s View to Incident Response
Here is a talk by Martin Schmiedecker from SHA2017 on incident response: SHA2017 is a non profit outdoor Hacker camp/confere…
An Introduction to VolUtility
Basil Alawi S.Taher has posted a nice overview of how to start using VolUtility – a web frontend for Volatility f…
Windows IR made easier and faster – Find the head of the snake using AutoRuns, Large Registry Keys, Logs, IP/WhoIs and Netflow
Windows systems are still king of the desktop and server operating systems, thus the #1 target of hackers, malware, ransomwa…
