Date Author Title
2023-08-26Xavier MertensmacOS: Who?s Behind This Network Connection?
2023-05-26Xavier MertensUsing DFIR Techniques To Recover From Infrastructure Outages
2023-01-26Tom WebbLive Linux IR with UAC
2022-09-19Russ McReeChainsaw: Hunt, search, and extract event log records
2022-06-10Russ McReeEPSScall: An Exploit Prediction Scoring System App
2022-06-02Johannes UllrichQuick Answers in Incident Response: RECmd.exe
2021-12-28Russ McReeLotL Classifier tests for shells, exfil, and miners
2021-12-06Xavier MertensThe Importance of Out-of-Band Networks
2021-03-02Russ McReeAdversary Simulation with Sim
2021-01-19Russ McReeGordon for fast cyber reputation checks
2020-10-23Russ McReeSooty: SOC Analyst's All-in-One Tool
2020-08-12Russ McReeTo the Brim at the Gates of Mordor Pt. 1
2020-06-30Russ McReeISC Snapshot: SpectX IP Hitcount Query
2020-04-21Russ McReeSpectX: Log Parser for DFIR
2020-01-21Russ McReeDeepBlueCLI: Powershell Threat Hunting
2019-10-06Russ McReevisNetwork for Network Data
2019-06-04Russ McReeISC snapshot: r-cyber with rud.is
2019-04-05Russ McReeBeagle: Graph transforms for DFIR data & logs
2018-12-19Xavier MertensUsing OSSEC Active-Response as a DFIR Framework
2018-11-11Pasquale StirparoCommunity contribution: joining forces or multiply solutions?
2018-11-04Pasquale StirparoBeyond good ol' LaunchAgent - part 1
2018-08-26Didier Stevens"When was this machine infected?"
2018-06-16Russ McReeAnomaly Detection & Threat Hunting with Anomalize
2017-12-14Russ McReeDetection Lab: Visibility & Introspection for Defenders
2017-09-28Xavier MertensThe easy way to analyze huge amounts of PCAP data
2017-07-09Russ McReeAdversary hunting with SOF-ELK
2016-11-20Pasquale StirparoHow many “Epoch” times? Epocalypse.py timestamp converter
2016-10-31Russ McReeSEC505 DFIR capture script: snapshot.ps1
2015-08-17Russ McReeTool Tip: Kansa Stafford released, PowerShell for DFIR