PinnedPublished inDetect FYIAdrift in the Cloud: A Forensic Dive into Container DriftIn this discussion, I’ll be diving into container drift detection, specifically, analyzing container drift from a forensics perspectiveDec 2Dec 2
PinnedPublished inDetect FYIDetecting and responding to ESXi compromise with SplunkA lack of AV/EDR on platforms such as these shouldn’t limit a defender’s ability to detect & respond to threats on virtualization…May 2, 2023May 2, 2023
PinnedHow I managed to get 92% on the GIAC GREM CyberLive exam!“It may seem difficult at first, but everything is difficult at first.” — Miyamoto MusashiMar 12, 20232Mar 12, 20232
Published inDetect FYIDetecting and Responding to Spring4Shell with SplunkIt’s that time of the week again when you are just about ready to sit back with a nice glass of Longmorn 16 & long no more. But then, some…Apr 1, 2022Apr 1, 2022
HermeticWiper — Hermetica Digital Ltd. your friendly neighbourhood wipe r part 1TL;DR: Blue teamers can detect this by looking for sysmon new file creation event for a file ending with .sys in System32. You can also…Feb 26, 2022Feb 26, 2022
Automating Intelligence-Driven Threat Hunting without a SOARI’ve always been a proponent of XREFing organizational context with cyber threat intelligence to produce actionable insights, i.e…Feb 6, 2022Feb 6, 2022
How to prepare for the eCIR examSo, if you are here, you are either planning to purchase the IHRP course or just about ready to attempt the exam. Before my exam, I had…Oct 23, 2020Oct 23, 2020