Alex John – Medium

Alex John

Pinned

Published in
Detect FYI

Adrift in the Cloud: A Forensic Dive into Container Drift

In this discussion, I’ll be diving into container drift detection, specifically, analyzing container drift from a forensics perspective

Dec 2, 2024

Adrift in the Cloud: A Forensic Dive into Container Drift

Dec 2, 2024

Pinned

Published in
Detect FYI

Detecting and responding to ESXi compromise with Splunk

A lack of AV/EDR on platforms such as these shouldn’t limit a defender’s ability to detect & respond to threats on virtualization…

May 2, 2023

Detecting and responding to ESXi compromise with Splunk

May 2, 2023

Pinned

How I managed to get 92% on the GIAC GREM CyberLive exam!

“It may seem difficult at first, but everything is difficult at first.” — Miyamoto Musashi

Mar 12, 2023

How I managed to get 92% on the GIAC GREM CyberLive exam!

Mar 12, 2023

Published in
Detect FYI

Detecting and Responding to Spring4Shell with Splunk

It’s that time of the week again when you are just about ready to sit back with a nice glass of Longmorn 16 & long no more. But then, some…

Apr 1, 2022

Detecting and Responding to Spring4Shell with Splunk

Apr 1, 2022

HermeticWiper — Hermetica Digital Ltd. your friendly neighbourhood wipe r part 1

TL;DR: Blue teamers can detect this by looking for sysmon new file creation event for a file ending with .sys in System32. You can also…

Feb 26, 2022

HermeticWiper — Hermetica Digital Ltd. your friendly neighbourhood wipe r part 1

Feb 26, 2022

Automating Intelligence-Driven Threat Hunting without a SOAR

I’ve always been a proponent of XREFing organizational context with cyber threat intelligence to produce actionable insights, i.e…

Feb 6, 2022

A sample rule https://www.anomali.com/images/uploads/blog/rules-engine-enhancements2.png

Feb 6, 2022

How to prepare for the eCIR exam

So, if you are here, you are either planning to purchase the IHRP course or just about ready to attempt the exam. Before my exam, I had…

Oct 23, 2020

How to prepare for the eCIR exam

Oct 23, 2020

Alex John

Alex John

Cyber firefighter, recovering automation junkie, aviation enthusiast & aspiring coffee sommelier. #DFIR #IncidentResponse #DetectionEngineering

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams