TCP control bits are part of the TCP header and are used to manage the connection between two devices. These control bits are single-bit flags that indicate various aspects of the TCP connection and are important for understanding and analyzing network traffic...
The time it takes from an initial escalation to the initial discovery of compromise is a key metric. Teams strive to do this as quickly as possible, but there are a number of challenges. You do not know what you're going to be handed, but you're pretty much guaranteed It's going to be a unique set of circumstances that require some type of customized or mostly customized response. So how do you accomplish this? Most analyst rely on a set of tried and true various techniques that can be used at scale. This week I'm going to cover a few of them, each being a critical technique you should be familiar with for forensic investigations...
Windows Scheduled Tasks are often used by attackers to establish persistence. As an analyst, you want to be aware of the different windows event codes that record these details. These artifacts come up in just about every windows compromise assessment, consider them core triage skills. There are several events, all of which I will go over in this episode. I will break them down from a DFIR point of view and give you the triage methodology...
This week I talk about career moves for the DFIR professional. The skill set is valuable, but it must be combined with the right additional technical skills to maximize future job opportunities. Of course, there is one skill set that stands out above the rest...