Network-Defense

iPad and Chromebook as lightweight travel device alternatives

Travel OpSec

Essential operational security practices for international travel including device hardening and threat awareness.

Introduction to DFIR

Comprehensive guide to starting a career in Digital Forensics and Incident Response with practical resources.

FIRST 2015

FIRST 2015 Berlin conference preview with talk recommendations on threat intelligence and incident response.

SANS Incident Response Process cycle diagram showing six phases

Intelligence Concepts - The SANS Incident Response Process

Deep dive into the SANS Incident Response Process for structured DFIR operations and lifecycle management.

Imposter Syndrome in DFIR

Confronts impostor syndrome in DFIR with real experiences and actionable advice for overcoming self-doubt.

Google Rapid Response GRR interface for remote live forensics

Incident Response Hunting Tools

Key open source tools that enable proactive threat hunting including osquery, ELK, and Moloch.

Incident Response is Dead… Long Live Incident Response

Talk to anyone in the DFIR Illuminati and one of the topics that always comes up is Hunting.

APT is a Who not a What… And Why it doesn’t Matter

A small number of topics get intelligence driven incident responders incredibly frustrated. Using intelligence to mean smart (I’ll share more about that later this week).

Dark silhouette of a hooded hacker at a computer

The Perils of (Mis)Attribution

The challenges of cybersecurity attribution: incomplete data, easy spoofing, and avoiding bias in threat analysis.

Mark Imbriaco example of effective incident post mortem communication

Crisis Communication for Incident Response

One part of intrusion response that rarely gets enough attention in DFIR circles is the communications victim companies make to their own customers.