Posts

pbcopy and pbpaste

Master macOS clipboard manipulation from terminal with pbcopy and pbpaste for productivity workflows.

Imposter Syndrome in DFIR

Confronts impostor syndrome in DFIR with real experiences and actionable advice for overcoming self-doubt.

Google Rapid Response GRR interface for remote live forensics

Incident Response Hunting Tools

Key open source tools that enable proactive threat hunting including osquery, ELK, and Moloch.

Incident Response is Dead… Long Live Incident Response

Talk to anyone in the DFIR Illuminati and one of the topics that always comes up is Hunting.

F3EAD cycle diagram showing Find Fix Finish Exploit Analyze Disseminate

Intelligence Concepts — F3EAD

F3EAD methodology: combining military operations with intelligence cycles for effective incident response.

Maltego graph visualization interface showing entity relationships

Maltego Transforms for the Lazy

Step-by-step guide to building custom Maltego transforms with Python examples and automation tips.

APT is a Who not a What… And Why it doesn’t Matter

A small number of topics get intelligence driven incident responders incredibly frustrated. Using intelligence to mean smart (I’ll share more about that later this week).

OODA Loop diagram showing Observe Orient Decide Act cycle

Intelligence Concepts - OODA

Understanding the OODA Loop for faster incident response and security decision-making cycles.

Dark silhouette of a hooded hacker at a computer

The Perils of (Mis)Attribution

The challenges of cybersecurity attribution: incomplete data, easy spoofing, and avoiding bias in threat analysis.

Learning Git and GitHub

Practical guide to mastering Git and GitHub with curated learning resources and workflow tips from a security expert.