Blue teams operate in chaos: unpredictable incident volumes, inconsistent data quality, and fragmented visibility across systems. The challenge isn’t just alert fatigue—it’s reconciling data from disparate log sources fast enough to respond effectively. We rarely know how many incidents will…
One of the ways the blueteam can leverage AI and LLM’s is using them as a soundboard, mentor and breach coach. AI then fits in place like a senior team member that is always available that can respond to narrow…
When a DFIR investigation starts you never know how big it will be. Some cases might give you a hint (if law enforcement have let you know about a compromise, or if EDR alerts tell you about a compromise on…
Today is the day! I’m announcing the release of my guide: “Mastering Sysmon: Deploying, Configuring, and Fine-Tuning”, a free mini eBook designed specifically for digital forensics and incident response professionals. This guide provides a practical, step-by-step approach to: Deploying and…
If you’ve ever attempted to run log2timeline on your local machine, you might be familiar with the error messages which happen at the worst time (when you need to use the tool for an investigation!). Issues such as file permission…
After recently earning the SANS 608 GIAC Enterprise Incident Response (GEIR) certification, I didn’t want to get complacent. The real world and real incidents won’t stop. Although the SANS FOR608 course provided a structured lab, I wanted to get better…
Title: Post-SANS 608: Troubleshooting Log2timeline on Ubuntu After recently earning the SANS 608 GIAC Enterprise Incident Response (GEIR) certification, I didn’t want to get complacent. The real world and real incidents won’t stop. Although the SANS FOR608 course provided a…
After breaking my SANS Linux SIFT environment today while doing a Forensic CTF from pico CTF, (not their fault, it was mine by trying to upgrade sleuth kit) I decided to rebuild. I use the SIFT VM for a lot…
APT40 has been on the radar for many years, causing significant disturbances within the cybersecurity community. Believed to be a Chinese state-sponsored group, they’ve been active since at least 2009, likely operating under the Ministry of State Security (MSS). Their…
Phishing attacks are a classic in the cybersecurity world, but they are far from outdated. Despite advancements in technology and user awareness, phishing remains one of the most prevalent and successful attack vectors. In this post, we’ll explore why phishing…