Blog

DFIR Breakdown: Impacket Remote Execution Activity – atexec

Start Reading

DFIR Next Steps: What To Do After You Find a Suspicious Use Of curl.exe

Start Reading

DFIR Next Steps: What To Do After You Find a Suspicious Use Of certutil.exe

Start Reading

DFIR Breakdown: Using Certutil To Download Attack Tools

Start Reading

Access More! BitLocker, new File Explorer, and Export All Files (3.11 release)

Start Reading

Limitations of ImpHash for DFIR

Limitations of ImpHash for DFIR

Start Reading

Intro to ImpHash for DFIR: “Fuzzy” Malware Matching

Start Reading

DFIR Artifacts for a Trojan Defense and Remote Access

Start Reading

DFIR Breakdown: Kerberoasting

Start Reading

Collecting Linux DFIR Artifacts with UAC

Start Reading

How To DFIR Investigate with Cyber Triage and CrowdStrike Real Time Response

Start Reading

Adaptive vs Static File Collections for DFIR

Start Reading