Bringing Back 100 Days of LCRestarting the 100DaysofLC series with a new lab and detection opportunities :)Jan 1Jan 1
Precedence to Remember: FBI Operation Removed Web Shells from Exchange Servers (Part 2)This post is Part 2 of a two-part series examining the April 2021 FBI operation to remove malicious web shells from hundreds of systems.Apr 15, 2021Apr 15, 2021
A Precedence to Remember: FBI Operation Removed Web Shells from Exchange Servers (Part 1)On April 13, 2021, we learned of what I believe will be monumental event for cybersecurity in the United States.Apr 15, 2021Apr 15, 2021
What Happens Before Hello?Identifying BlueKeep scanning and exploitation via RDP protocol analysisMay 29, 2019May 29, 2019
pollen version 1.1 — Codename Tsim Sha TsuiNew release of pollen, including command-line and color features!May 26, 2019May 26, 2019
pollen — A command-line tool for interacting with TheHiveI’d like to introduce pollen, an incident response-focused, command-line tool for interacting with TheHive.May 16, 2019May 16, 2019
TheHive Scripting: Task ImportsLooking to import tasks into TheHive using the Python API? Here we go!Mar 15, 2019Mar 15, 2019
Morning Read: UNC Health Care Informs 1,300 Prenatal Patients of Possible Data BreachWelcome to the Morning Read, a daily post where I recommend and discuss a white paper, blog post, chapter of a book, or some sort of text I…Mar 22, 2017Mar 22, 2017
The Ken Johnson DFIR ScholarshipFor today’s post, I’d like to bring attention to the newly-announced Ken Johnson DFIR Scholarship. Created in partnership between SANS and…Mar 22, 2017Mar 22, 2017
