Matt BBringing Back 100 Days of LCRestarting the 100DaysofLC series with a new lab and detection opportunities :)·2 min read·Jan 1, 2024----
Matt BPrecedence to Remember: FBI Operation Removed Web Shells from Exchange Servers (Part 2)This post is Part 2 of a two-part series examining the April 2021 FBI operation to remove malicious web shells from hundreds of systems.·6 min read·Apr 15, 2021----
Matt BA Precedence to Remember: FBI Operation Removed Web Shells from Exchange Servers (Part 1)On April 13, 2021, we learned of what I believe will be monumental event for cybersecurity in the United States.·7 min read·Apr 15, 2021----
Matt BWhat Happens Before Hello?Identifying BlueKeep scanning and exploitation via RDP protocol analysis8 min read·May 29, 2019----
Matt Bpollen version 1.1 — Codename Tsim Sha TsuiNew release of pollen, including command-line and color features!2 min read·May 26, 2019----
Matt Bpollen — A command-line tool for interacting with TheHiveI’d like to introduce pollen, an incident response-focused, command-line tool for interacting with TheHive.4 min read·May 16, 2019----
Matt BTheHive Scripting: Task ImportsLooking to import tasks into TheHive using the Python API? Here we go!3 min read·Mar 15, 2019----
Matt BMorning Read: UNC Health Care Informs 1,300 Prenatal Patients of Possible Data BreachWelcome to the Morning Read, a daily post where I recommend and discuss a white paper, blog post, chapter of a book, or some sort of text I…3 min read·Mar 22, 2017----
Matt BThe Ken Johnson DFIR ScholarshipFor today’s post, I’d like to bring attention to the newly-announced Ken Johnson DFIR Scholarship. Created in partnership between SANS and…1 min read·Mar 22, 2017----