Sign in

This post is Part 2 of a two-part series examining the April 2021 FBI operation to remove malicious web shells from hundreds of systems per a court order.

Figure 0. Notes on notes

On April 13, 2021, we learned what I believe will be a monumental event for cybersecurity in the United States. The U.S…

This post is Part 1 of a two-part series examining the April 2021 FBI operation to remove malicious web shells from hundreds of systems per a court order.

Figure 0. Notes on notes

On April 13, 2021, we learned what I believe will be a monumental event for cybersecurity in the United States. The U.S…

This post has been co-authored with Aaron Soto

During the past week or so, some folks in the infosec community have been wrapped around the looming threat of weaponized #BlueKeep vulnerability. BlueKeep reportedly allows for unauthenticated remote code execution (RCE) via Microsoft’s Remote Desktop Protocol (RDP).

I just released pollen version 1.1, codename Tsim Sha Tsui. I’m sure some of you know where in the world that is, which may gave you an idea where this code was written :)

This newer version has much cleaner code and I think significantly better analyst options as well…

I’ve been using TheHive on and off for a couple years now, and absolutely LOVE this tool. If you haven’t heard of TheHive yet, I suggest heading to their main page and checking it out. …

Morning fellow forensicators!

While I could and should (and will?) put up an entire post just about TheHive itself, I’m skipping right to some scripting that I recently had to put together. But, to give a proper, albeit brief shoutout:

If you have not heard of TheHive yet, I’m going…

Well, hello there blog. Been a while :)

KAPE + SFTP Output

If you’ve been watching the DFIR space over the past month or so, you’ve undoubtedly witnessed the release of a true game-changing tool in KAPE released by the (of course), Mr. @EricRZimmerman. …

Welcome to the Morning Read, a daily post where I recommend and discuss a white paper, blog post, chapter of a book, or some sort of text I find useful for DFIR analysts.

Today’s Morning Read has been making the rounds of various data breach sites, and is from a…

For today’s post, I’d like to bring attention to the newly-announced Ken Johnson DFIR Scholarship. Created in partnership between SANS and KPMG LLP, the scholarship is to honor the memory of Ken Johnson. Ken was a fantastic father, husband, friend, and forensic investigator who left our community too early. …

Welcome to the Morning Read, a daily post where I recommend and discuss a white paper, blog post, chapter of a book, or some sort of text I find useful for DFIR analysts.

Today’s Morning Read has been cited in a few news outlets, but focuses on a bug disclosure…

Matt B

Be selective with your battles.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store