Detailed
Compact
Art
Reverse
February 11, 2020
This week I talk about a fast triage methodology to detect persistence on Windows systems
February 4, 2020
This week I talk about tools available on the SIFT workstation... that you may not know or even there!
January 28, 2020
This week I talk breakdown certutil exploitation; what it is and methods to detect malicious usage
January 21, 2020
This week I talk about using layered drivers as an artifact to identify persistence
January 14, 2020
This week I talk about SOF ELK, a freely available pre-built virtual appliance for DFIR work
January 7, 2020
This week I start the year with my traditional "back-to-basics" episode, focusing on self-improvement themes and goals to consider
December 31, 2019
This week I talk about dealing with Base64 evidence.
December 24, 2019
This week I talk about identifying REGSVC \ REGASM abuse
December 17, 2019
This week I talk about different types of audit log clearing and detection strategies
December 10, 2019
This week I talk about using Hashdeep for forensic triage
December 3, 2019
This week I talk about LMD, an openly available tool to increase Linux security posture.
November 26, 2019
This week I talk about network forensic methodology.
November 19, 2019
This week I talk about autoLLR, a script to automate evidence collection on live Linux systems as well as artifact post processing.
November 15, 2019
This week I talk about the Windows Background Activity Monitor, an artifact that may be used to find evidence of execution.
November 5, 2019
This week I talk about some issues surrounding powershell when used as a digital forensic collection tool.
October 29, 2019
This week I talk about LOKI, a tool designed to help analyst scan for APT IOCs.
October 22, 2019
This week I talk about KAPE, a freely available forensic evidence collection and triage tool.
October 15, 2019
This week I talk about the common Linux file systems and what to expect when dealing with different hosts. 
October 9, 2019
This week I go over how to create a boot disk using the native capability of Ubuntu. You'll never have to rely on third-party tools again!
October 1, 2019
This week I breakdown container attack vectors for Cloud Incident Response.
October 1, 2019
This week I breakdown the SUDOERS file for forensic triage.
October 1, 2019
This week I talk about Powershell through the lens of the Service Control Manager.
October 1, 2019
This week I talk about NVMe, a data storage technology, from a forensic point of view.
September 30, 2019
This week I cover how to approach Linux binaries during investigations.
August 27, 2019
This week I continue the series about the DFIR changes on the horizon with cloud technology and focus on AWS EC2 forensics.
August 20, 2019
This week I talk about using WMI to create processes remotely.
August 13, 2019
This week I talk about Density Scout, an open source tool for malware triage.
August 6, 2019
This week I cover a resource you can use to develop windows remote execution triage methodology and threat hunting.
July 30, 2019
This week I talk about the Windows credential guard process.
July 23, 2019
This week I talk about OWASP's Number 10 vulnerability category from their top 10 list, insufficient logging and monitoring.
July 16, 2019
This week I talk about the most frequently seen attacker recon commands.
July 9, 2019
This week I talk about a popular Windows utility attackers often exploit.
July 2, 2019
This week I talk about incident response in container deployments.
June 25, 2019
This week I talk about OWASP's Number 9 vulnerability category from their top 10 list, components with known vulnerabilities.
June 18, 2019
This week I talk about the challenges of working with VMEM files for memory forensics.
June 11, 2019
This week I talk about the DFIR changes on the horizon with cloud technology.
June 4, 2019
This week I talk about Intel's emerging technology called Optane end it anticipated affects on DFIR investigations.
May 28, 2019
This week I talk about OWASP's Number 8 vulnerability category from their top 10 list, insecure deserialization.
May 21, 2019
This week I talk about the crypto attack landscape.
May 14, 2019
DFIR are professionals often worry if advances in artificial intelligence and automation are going to put them out of work. This week I address the issue and give my projection, based on expert sources, of what the future of forensics will look like.
May 7, 2019
I recently passed my certified ethical hacker certification test. This week I thought I would talk about why I chose the certification.
April 30, 2019
This week I talk about OWASP's Number 7 vulnerability category from their top 10 list, cross site scripting.
April 23, 2019
This week I talk about SVCHOST. This Windows core process is one of the most targeted artifacts that comes up again and again during investigations.
April 16, 2019
This week I go over how to approach windows core processes from the standpoint of fast triage methodology. Since these processes are found on all window systems it makes sense to develop and investigative approach that focuses on quickly reviewing each process for anomalies.
April 9, 2019
This week I talk about the investigative value of creating a mobile compromise assessment strategy.
April 2, 2019
This week I share my thoughts on DFIR job interviews. How to prepare. Things to consider. Pitfalls to avoid.
March 26, 2019
This week I talk about OWASP's Number 6 vulnerability category from their top 10 list, Security Misconfiguration. I explore the issue from a DFIR point of view.
March 19, 2019
This week I talk about all the fun you can have ethically hacking with SET
March 12, 2019
Serpico makes report writing suck less! Check it out.
March 5, 2019
This week I talk more about Linux triage methods.
February 26, 2019
This week I talk about OWASP's Number 5 vulnerability category from their top 10 list, Broken Access Control. I explore the issue from a DFIR point of view.
February 19, 2019
This week I discuss some techniques for comparing files and folders for DFIR investigations.
February 12, 2019
This week I share my thoughts on assessing DFIR career path progression.
February 5, 2019
This week I talk about the forensic value of YARA.
January 29, 2019
This week I talk about OWASP's Number 4 vulnerability category from their top 10 list, XXE attacks. I explore the issue from a DFIR point of view.
January 22, 2019
This week I talk about the Google Hacking Database.
January 15, 2019
This week I talk about CEWL, a freely available tool for crawling websites to produce unique wordlists (think password attacks!)
January 8, 2019
This week I talk about my new Github page and the autoweb script.
January 3, 2019
This week I talk about Applocker Bypass from a DFIR point of view.
December 27, 2018
This week I talk about OWASP's Number 3 vulnerability category from their top 10 list, sensitive data exposure. I explore the issue from a DFIR point of view.
December 18, 2018
This week I talk about tips for building a threat hunting program.
December 11, 2018
This week I break down webshells for threat hunting and incident response triage.
December 4, 2018
This week I talk about contacting Mimikatz through windows event log.
November 27, 2018
This week I talk about PDF analysis tools to check for malicious indictors in PDFs.
November 20, 2018
This week I talk about OWASP and why you should be paying attention.
November 13, 2018
Tips from the DFIR Trenches
November 6, 2018
This week I breakdown CRON for the uninitiated.
October 30, 2018
This week I talk about investigation strategies for logon events.
October 23, 2018
This week I talk about PCAP hunting strategies.
October 16, 2018
This week I interview Craig Rowland of Sandfly Security about crypto-mining attacks on Linux systems. Learn more about Sandfly at https://www.sandflysecurity.com
October 9, 2018
This week I talk about OWASP and why you should be paying attention.
October 2, 2018
This week I talk about the attack methodology known as Fast Flux.
September 25, 2018
This week I talk about details about what to look at in Scheduled Task records for forensic triage.
September 18, 2018
This week I talk about details about what to look at in Scheduled Task records for forensic triage.
September 11, 2018
This week I talk OfficeMalScanner, a malware scanner for Microsoft document
September 4, 2018
This week I talk Ultimate windows security
August 28, 2018
This week I talk about methodologies to investigate root cause during incident response investigations.
August 21, 2018
This week I talk about PIDS in their uses and computer forensic investigations.
August 14, 2018
This week I talk about scoping network connections as part of incident response triage
August 7, 2018
This week I talk more excel fu tips
July 31, 2018
This week I talk the difference between common text processing utilities used in forensic analysis
July 24, 2018
This week I talk about DNS and forensics
July 17, 2018
This week I talk about the value of Grep as a forensic skillset
July 10, 2018
This week I talk about distributed password cracking with Hashtopolis for Hashcat
July 3, 2018
This week I talk about the security changes coming with iOS 11.4
June 26, 2018
This week I talk about IP address and domain triage for computer forensic investigations.
June 19, 2018
This week I talk about ATT&CK for Enterprise
June 12, 2018
This week I talk about getting started in scripting
June 5, 2018
This week I talk about Rita, a free Threat Hunting Tool from Black Hills Information Security
May 29, 2018
This week I review mft2csv
May 22, 2018
This week I talk about Linux triage using the /.bash_history artifact
May 15, 2018
This week I review two tools for extracting and parsing USNJRNL evidence.
May 8, 2018
This week I talk about a clever way to leverage Volatility to triage malware on a target system
May 1, 2018
This week I talk about 6 different prefetch tools that are FREE!
April 24, 2018
This week I talk about keeping up with attack intelligence.
April 17, 2018
This week I do a tool review of CYLR and CDQR - perhaps the easiest way to build an awesome timeline
April 10, 2018
This week I talk how common ports plays into network forensics.
April 3, 2018
This week I go over some Network Forensic artifacts and what they offer to an investigation.
March 27, 2018
This week I review two freely available forensic tools from Foxton Forensics
March 20, 2018
This week I talk about OLEDump, a malware analysis tool for investigating suspicious macros in MS Office documents
Loading earlier episodes...
    15
    15
      0:00:00 / 0:00:00