- ChatGPT wrote this blog post
- Microsoft 365 Security: Kernel Level Access with Live Response
- Microsoft 365 Security: Running Arbitrary Commands via the API
- Microsoft 365 Security: Using the API for Live Response
- Microsoft 365 Security: Building a quick API wrapper
- Microsoft 365 Security: Multifactor API Access
- BotTricker
- Decoding AutoIT XOR Encryption Obfuscation
- Cybersecurity Zero to Hero with CyberChef
- Analysis of Fiesta EK
- Hacking BRBBot
- Setting up ELK on my MacBook (Part 2)
- Setting up ELK on my MacBook (Part 2)
- Setting up ELK on my MacBook (Part 1)
- Dealing with users gone bad…
- Twas the Grep before Christmas
- UnXORing a RAT
- Review Of Mastering Python Forensics
- What happens when Windows Defender Quarantines Stuff...
- Parsing Chrome Artifacts with Python! Part 3
- Parsing Chrome Artifacts with Python! Part 2
- Parsing Chrome Artifacts with Python! Part 1
- Adventure in Parsing the WebCacheV01.dat
- Use Python to Encrypt Memory Files
- My analysis of Dridex malware (Part Two)
- My analysis of Dridex malware (Part One)
- These Aren't Yo Momma's WMIC Commands
- 34 File Entries on a Brand New $MFT
- Evidence of USB Transfer Cable
- Useless Trivia about Windows Process IDs
- Mass Undelete from the Recycle Bin
- A Few SysmonMaps for Referrence
- The magic trick I discovered in the Windows 10 boot process...
- How to Use Sysmon 2.0 (Part 2)
- How to Use Sysmon 2.0 (Part 1)
- Stupid VBS tricks I discovered...
- Misadventures in Parsing the WebCacheV01.dat (Part 3)
- Misadventures in Parsing the WebCacheV01.dat (Part 2)
- Misadventures in Parsing the WebCacheV01.dat (Part 1)
- Use Python zlib to recover Zip Files
- Zip Seeking Missile
- Zip File Presentation from RaDFIRe
- Get Internet headers from MailItem in PowerShell
- Reading e-mail with Powershell
- Sysmon Continues
- LFO with Powershell
- Live Process Mapping with WMI
- GitHub?!
- More SysmonMaps and ProcessMapper!
- SysMon!
- Sharpening The ACKs?
