Who Left the Backdoor Open? Using Startupinfo for the Win

February 18, 2021
In the endless quest to research additional Windows system forensic artifacts to use during an Incident Response investigation, I stumbled across something I thought was cool. This definitely wasn’t a new artifact, it was just a specific native Windows XML file that I wasn’t aware of. I noticed this file was not commonly used from...

SMS Phish – An Incident Walkthrough

September 3, 2020
Opener The goal of this blog post is to provide an approach to analyzing a text-based phish link. I will primarily focus on the initial steps to properly view the phish site from a non-mobile browser, provide OPSEC setup and browsing analysis recommendations, and conclude with defense measures to protect against such attacks. Analysis Background...

Adventures in Phishing Email Analysis

June 18, 2020
Opening Phishing attacks are a daily threat to all organizations and unfortunately, they are one of the hardest threats to protect against. No matter how many defensive layers an organization has put in place following best practice defense-in-depth design, it only takes one (1) user to click on that malicious link or open that weaponized...

Breaking Into InfoSec – A Beginners Guide (Part 2)

April 23, 2020
Opening In part one of this blog post series, we covered some personal backstory of my journey into InfoSec, went over putting a plan together for your next InfoSec mission, recommended some InfoSec immersion ideas, and provided some guidance around seeking out a mentor. If you haven’t had a chance to read the first part...

Breaking Into InfoSec – A Beginners Guide (Part 1)

April 21, 2020
Opening In this blog post, I will cover strategies that worked for me while transitioning out of the Air Force (over 20 years ago) having ZERO formalized IT training and ZERO on-the-job-training (OJT) in the field. Although this was a long time ago 🙂 and my path led to an IT position, the preparation and...

Threat Hunting – Outbound RDP Surprises

March 10, 2020
Opener Through threat hunting, an organization can break away from a reactive approach to identifying incidents and evolve into a proactive operation that actively looks for incidents. The high-level threat hunting pipeline consists of taking a hypothesis built around threats specific to the organization, lab testing and validating the hypothesis, implementing security operation detection, testing...
  • Browse by Category

  • Clear Form