Date Author Title

BLUE TEAM

2023-07-01Russ McReeSandfly Security
2023-05-09Russ McReeExploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2022-09-19Russ McReeChainsaw: Hunt, search, and extract event log records
2022-06-10Russ McReeEPSScall: An Exploit Prediction Scoring System App
2021-12-28Russ McReeLotL Classifier tests for shells, exfil, and miners
2021-03-02Russ McReeAdversary Simulation with Sim
2021-01-19Russ McReeGordon for fast cyber reputation checks
2020-08-12Russ McReeTo the Brim at the Gates of Mordor Pt. 1
2020-04-21Russ McReeSpectX: Log Parser for DFIR
2020-01-21Russ McReeDeepBlueCLI: Powershell Threat Hunting
2019-10-06Russ McReevisNetwork for Network Data
2019-08-21Russ McReeKAPE: Kroll Artifact Parser and Extractor
2019-04-05Russ McReeBeagle: Graph transforms for DFIR data & logs
2019-02-05Rob VandenBrinkMitigations against Mimikatz Style Attacks
2018-10-17Russ McReeRedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-06-16Russ McReeAnomaly Detection & Threat Hunting with Anomalize

BLUE

2025-02-14/a>Xavier MertensFake BSOD Delivered by Malicious Python Script
2023-07-01/a>Russ McReeSandfly Security
2023-05-09/a>Russ McReeExploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2023-02-07/a>Yee Ching TokA Survey of Bluetooth Vulnerabilities Trends (2023 Edition)
2022-09-19/a>Russ McReeChainsaw: Hunt, search, and extract event log records
2022-07-05/a>Jan KoprivaEternalBlue 5 years after WannaCry and NotPetya
2022-06-10/a>Russ McReeEPSScall: An Exploit Prediction Scoring System App
2021-12-28/a>Russ McReeLotL Classifier tests for shells, exfil, and miners
2021-11-01/a>Yee Ching TokRevisiting BrakTooth: Two Months Later
2021-08-31/a>Yee Ching TokBrakTooth: Impacts, Implications and Next Steps
2021-03-06/a>Xavier MertensSpotting the Red Team on VirusTotal!
2021-03-02/a>Russ McReeAdversary Simulation with Sim
2021-01-19/a>Russ McReeGordon for fast cyber reputation checks
2020-11-16/a>Jan KoprivaHeartbleed, BlueKeep and other vulnerabilities that didn't disappear just because we don't talk about them anymore
2020-10-23/a>Russ McReeSooty: SOC Analyst's All-in-One Tool
2020-08-12/a>Russ McReeTo the Brim at the Gates of Mordor Pt. 1
2020-06-30/a>Russ McReeISC Snapshot: SpectX IP Hitcount Query
2020-04-21/a>Russ McReeSpectX: Log Parser for DFIR
2020-02-27/a>Xavier MertensOffensive Tools Are For Blue Teams Too
2020-01-21/a>Russ McReeDeepBlueCLI: Powershell Threat Hunting
2019-11-10/a>Jan KoprivaDid the recent malicious BlueKeep campaign have any positive impact when it comes to patching?
2019-11-08/a>Xavier MertensMicrosoft Apps Diverted from Their Main Use
2019-11-05/a>Rick WannerBluekeep exploitation causing Bluekeep vulnerability scan to fail
2019-10-06/a>Russ McReevisNetwork for Network Data
2019-08-21/a>Russ McReeKAPE: Kroll Artifact Parser and Extractor
2019-08-05/a>Rick WannerScanning for Bluekeep vulnerable RDP instances
2019-05-22/a>Johannes UllrichAn Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
2019-04-05/a>Russ McReeBeagle: Graph transforms for DFIR data & logs
2019-02-05/a>Rob VandenBrinkMitigations against Mimikatz Style Attacks
2018-10-17/a>Russ McReeRedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-06-16/a>Russ McReeAnomaly Detection & Threat Hunting with Anomalize
2017-07-01/a>Rick WannerUsing nmap to scan for MS17-010 (CVE-2017-0143 EternalBlue)
2010-02-11/a>Johannes UllrichMS10-015 may cause Windows XP to blue screen

TEAM

2024-12-18/a>Jesse La Grew[Guest Diary] A Deep Dive into TeamTNT and Spinning YARN
2024-11-07/a>Xavier MertensSteam Account Checker Poisoned with Infostealer
2023-07-01/a>Russ McReeSandfly Security
2023-05-09/a>Russ McReeExploratory Data Analysis with CISSM Cyber Attacks Database - Part 2
2022-09-23/a>Xavier MertensKids Like Cookies, Malware Too!
2022-09-19/a>Russ McReeChainsaw: Hunt, search, and extract event log records
2022-06-10/a>Russ McReeEPSScall: An Exploit Prediction Scoring System App
2021-12-28/a>Russ McReeLotL Classifier tests for shells, exfil, and miners
2021-03-06/a>Xavier MertensSpotting the Red Team on VirusTotal!
2021-03-02/a>Russ McReeAdversary Simulation with Sim
2021-01-19/a>Russ McReeGordon for fast cyber reputation checks
2020-10-23/a>Russ McReeSooty: SOC Analyst's All-in-One Tool
2020-08-12/a>Russ McReeTo the Brim at the Gates of Mordor Pt. 1
2020-06-30/a>Russ McReeISC Snapshot: SpectX IP Hitcount Query
2020-04-21/a>Russ McReeSpectX: Log Parser for DFIR
2020-02-27/a>Xavier MertensOffensive Tools Are For Blue Teams Too
2020-01-21/a>Russ McReeDeepBlueCLI: Powershell Threat Hunting
2019-11-29/a>Russ McReeISC Snapshot: Search with SauronEye
2019-11-08/a>Xavier MertensMicrosoft Apps Diverted from Their Main Use
2019-10-06/a>Russ McReevisNetwork for Network Data
2019-08-21/a>Russ McReeKAPE: Kroll Artifact Parser and Extractor
2019-07-16/a>Russ McReeCommando VM: The Complete Mandiant Offensive VM
2019-04-05/a>Russ McReeBeagle: Graph transforms for DFIR data & logs
2019-02-05/a>Rob VandenBrinkMitigations against Mimikatz Style Attacks
2018-10-17/a>Russ McReeRedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence
2018-06-16/a>Russ McReeAnomaly Detection & Threat Hunting with Anomalize
2012-04-23/a>Russ McReeEmergency Operations Centers & Security Incident Management: A Correlation
2011-03-25/a>Kevin ListonAPT Tabletop Exercise
2010-01-22/a>Mari NicholsPass-down for a Successful Incident Response
2010-01-14/a>Bojan ZdrnjaDRG (Dragon Research Group) Distro available for general release
2009-03-22/a>Mari NicholsDealing with Security Challenges