InTenable TechBlogbyDavid WellsLet’s Reverse Engineer DiscordHow we reverse engineered Discord’s call protocol and found it being MITM-ed by Discord.Jan 12, 20205Jan 12, 20205
Green Thrive Plants ServiceHow to take care of the Tulsi plant in the summers?Tulsi plant (Holy Basil) is one of the common plants which is available in almost all homes in India. People worship this plant. This plant…Apr 8, 2022Apr 8, 2022
InFMI Cyber Security Consulting ServicesbyDigit OktaviantoLog Analysis for Digital Forensic Investigationa. Introduction to Log AnalysisFeb 26, 20201Feb 26, 20201
InKatie’s Five CentsbyKatie NickelsA Cyber Threat Intelligence Self-Study Plan: Part 1There are many ways to learn. While some people prefer to have a live instructor in a course, others are great at doing self-study. I…Feb 23, 202117Feb 23, 202117
InSecurityBytesbyPeteBlue Team fundamentals Part Two: Windows Processes.In part one I touched on logging and the importance of working with what you have already got, rather than trying to reinvent the wheel…Mar 14, 20173Mar 14, 20173
Craig H. RowlandUsing Linux Process Environment Variables for Live ForensicsIn this post and video we’re going to explore the Linux /proc directory further by digging into a live process and the environment…May 5, 2019May 5, 2019
InInfoSec Write-upsbyDavid SchiffMemory Analysis For Beginners With Volatility - Coreflood Trojan: Part 1Welcome to my series on memory analysis with Volatility. To start off the series I want to make sure we’re all sorted out with our…Oct 2, 2020Oct 2, 2020
InInfoSec Write-upsbyDavid SchiffMemory Analysis For Beginners With Volatility — Coreflood Trojan: Part 2Hello everyone, welcome back to my memory analysis series. If you didn’t read the first part of the series — go back and read it here:Oct 17, 20203Oct 17, 20203
InPurple TeambyDavid SchiffMemory Analysis For Beginners With Volatility — Coreflood Trojan: Part 3Welcome back. In order to continue our forensic investigation of the Coreflood Trojan we need a little recap from part 2.May 23, 2021May 23, 2021
Daniel FWannacry Malware AnalysisWelcome to my first blog post where I will do basic malware analysis to wannacry ransom, I will show you the common technique of finding…Oct 2, 2021Oct 2, 2021
Nothing Cyber [NC]Blue Team: System Live Analysis [Part 1]- A Proactive Hunt!Let’s Connect | LinkedInDec 4, 2020Dec 4, 2020
Vikas SinghCreate a Super Timeline with TACTICAL/IREC Triage ImageLearn how to create a unified time-line of events to investigate an incident.Sep 19, 2021Sep 19, 2021
Lynnsey Graham NovakNetwork Forensic Investigation: Identifying Malware in Network TrafficBy Matthew Grant, Lynnsey Graham Novak & James Kennedy For OTU INFR 4690, Winter 2021Apr 9, 2021Apr 9, 2021
Omri RefaeliThe IR Mindset (Part 2: Practical Approach)In the first part, I went through the first half of an investigation, which is about the mindset facing an incident. This is a crucial…Sep 28, 2021Sep 28, 2021
Omri RefaeliThe IR Mindset (Part 1)A Way of Thinking Stepping Into the Incident Response World And Practical Investigation Guidelines To Tackle Security IncidentsMay 24, 2021May 24, 2021
Matt BA Journey into NTFS: Part 7For today’s post, I’m going to focus on the file $MFTMirr. This is going to be a relatively short post as this file is not the most complex…Feb 1, 2017Feb 1, 2017
Matt BA Journey into NTFS: Part 6For today’s post, I’m finally going to get to the head honcho of NTFS files: the MFT. This is without a doubt the most important NTFS…Jan 30, 2017Jan 30, 2017
Matt BA Journey into NTFS: Part 5In yesterday’s post, I spent some time discussing common NTFS attributes. Experienced DFIR analysts may have noticed that I left out three…Jan 30, 2017Jan 30, 2017
![Nothing Cyber [NC]](https://miro.medium.com/v2/resize:fill:40:40/1*doB4EEMqeBvfEautz41IPQ.jpeg){kind=small}
![Blue Team: System Live Analysis [Part 1]- A Proactive Hunt!](https://miro.medium.com/v2/resize:fill:160:106/1*1DpErjGCBG0JlbwA_S8rPg.png)
![Blue Team: System Live Analysis [Part 1]- A Proactive Hunt!](https://miro.medium.com/v2/resize:fill:320:214/1*1DpErjGCBG0JlbwA_S8rPg.png)
