Review Mandiant’s Incident Response Conference (MIRCon) Day 1

Other Review Mandiant’s Incident Response Conference (MIRCon) Day 1

I have the good fortune this week of being able to atte…

Must Have Free Resources for Malware Analysis

Other Must Have Free Resources for Malware Analysis

Cybercriminals are constantly innovating, developing ne…

Other Month of PowerShell Profile Hack for Easy Base64 Encoding and Decoding

As PowerShell power user James Honeycutt points out, Po…

Month of PowerShell – Working with the Event Log, Part 3 – Accessing Message Elements

Other Month of PowerShell – Working with the Event Log, Part 3 – Accessing Message Elements

In part 1, we looked at PowerShell get winevent to…

USB Historian 2024 Forensic Analysis Toolkit: In-Depth Evaluation

Forensic tool assessment USB Historian 2024 Forensic Analysis Toolkit: In-Depth Evaluation

I. Core Architecture & Technical Innovations Advanc…

FTK Imager 2024 Professional Review: The Ultimate Forensic Imaging Solution

Forensic tool assessment FTK Imager 2024 Professional Review: The Ultimate Forensic Imaging Solution

I. Architectural Innovations & Core Capabilities Ne…

Month of PowerShell – Working with the Event Log, Part 2 Threat Hunting with PowerShell Event Logs

Other Month of PowerShell – Working with the Event Log, Part 2 Threat Hunting with PowerShell Event Logs

In part 1, we looked at the PowerShell command to work …

Investigating WMI Attacks

Other Investigating WMI Attacks

WMI as an attack vector is not new. It has been used to…

FOR509 Course Update – Introducing Google Workspace, the Multi-Cloud Intrusion Challenge, and more

Other FOR509 Course Update – Introducing Google Workspace, the Multi-Cloud Intrusion Challenge, and more

We are excited to announce that the SANS Institute FOR5…

Follina MSDT Zero-Day Q&A

Other Follina MSDT Zero-Day Q&A

A fascinating Word document was uploaded to a file scan…