This week I cover threat modeling from a DFIR point-of-view. It provides a standard framework to classify and rate the severity of vulnerabilities discovered during investigations.
This week is the fourth part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record blocked network activity.
This week is the third part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record network port-binding.
This week is the second part of the Network-Fast-Triage mini-series. In this installation I cover triage techniques for Windows event logs that record network connections.
This week I interview Haseeb Awan, CEO of EFANI, about the rise of SIM swapping attacks. Haseeb explains the attack, how attackers carry it out, and provides some mitigation strategies.
This week I talk utilizing the ExploitDB for DFIR investigations. Searchsploit is a command line search tool for Exploit-DB that allows you the power to perform detailed off-line searches through your locally checked-out copy of the repository. This capability is particularly useful for security assessments on segregated or air-gapped networks without Internet access.