INCIDENT RESPONSE TEAM |
| 2012-04-23 | Russ McRee | Emergency Operations Centers & Security Incident Management: A Correlation |
| 2011-03-25 | Kevin Liston | APT Tabletop Exercise |
| 2010-01-22 | Mari Nichols | Pass-down for a Successful Incident Response |
INCIDENT |
| 2023-10-03/a> | Tom Webb | Are Local LLMs Useful in Incident Response? |
| 2023-05-24/a> | Tom Webb | IR Case/Alert Management |
| 2023-01-26/a> | Tom Webb | Live Linux IR with UAC |
| 2022-06-02/a> | Johannes Ullrich | Quick Answers in Incident Response: RECmd.exe |
| 2021-12-06/a> | Xavier Mertens | The Importance of Out-of-Band Networks |
| 2020-09-17/a> | Xavier Mertens | Suspicious Endpoint Containment with OSSEC |
| 2019-08-25/a> | Guy Bruneau | Are there any Advantages of Buying Cyber Security Insurance? |
| 2017-12-05/a> | Tom Webb | IR using the Hive Project. |
| 2017-09-17/a> | Guy Bruneau | rockNSM as a Incident Response Package |
| 2017-06-17/a> | Guy Bruneau | Mapping Use Cases to Logs. Which Logs are the Most Important to Collect? |
| 2016-08-24/a> | Tom Webb | Stay on Track During IR |
| 2015-12-04/a> | Tom Webb | Automating Phishing Analysis using BRO |
| 2015-04-27/a> | Richard Porter | When Prevention Fails, Incident Response Begins |
| 2015-03-07/a> | Guy Bruneau | Should it be Mandatory to have an Independent Security Audit after a Breach? |
| 2014-12-24/a> | Rick Wanner | Incident Response at Sony |
| 2014-09-12/a> | Chris Mohan | Are credential dumps worth reviewing? |
| 2014-08-16/a> | Lenny Zeltser | Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability |
| 2014-08-10/a> | Basil Alawi S.Taher | Incident Response with Triage-ir |
| 2014-04-04/a> | Rob VandenBrink | Dealing with Disaster - A Short Malware Incident Response |
| 2014-03-22/a> | Guy Bruneau | How the Compromise of a User Account Lead to a Spam Incident |
| 2014-01-23/a> | Chris Mohan | Learning from the breaches that happens to others Part 2 |
| 2014-01-22/a> | Chris Mohan | Learning from the breaches that happens to others |
| 2013-05-08/a> | Chris Mohan | Syria drops from Internet 7th May 2013 |
| 2013-03-02/a> | Scott Fendley | Evernote Security Issue |
| 2012-12-13/a> | Johannes Ullrich | What if Tomorrow Was the Day? |
| 2012-11-16/a> | Manuel Humberto Santander Pelaez | Information Security Incidents are now a concern for colombian government |
| 2012-04-23/a> | Russ McRee | Emergency Operations Centers & Security Incident Management: A Correlation |
| 2011-10-29/a> | Richard Porter | The Sub Critical Control? Evidence Collection |
| 2011-10-28/a> | Russ McRee | Critical Control 19: Data Recovery Capability |
| 2011-10-27/a> | Mark Baggett | Critical Control 18: Incident Response Capabilities |
| 2011-09-13/a> | Swa Frantzen | GlobalSign back in operation |
| 2011-07-25/a> | Chris Mohan | Monday morning incident handler practice |
| 2011-07-09/a> | Chris Mohan | Safer Windows Incident Response |
| 2011-06-03/a> | Guy Bruneau | SonyPictures Site Compromised |
| 2011-04-25/a> | Rob VandenBrink | Sony PlayStation Network Outage - Day 5 |
| 2011-03-25/a> | Kevin Liston | APT Tabletop Exercise |
| 2011-03-22/a> | Chris Mohan | Read only USB stick trick |
| 2010-10-18/a> | Manuel Humberto Santander Pelaez | Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis |
| 2010-09-04/a> | Kevin Liston | Investigating Malicious Website Reports |
| 2010-08-04/a> | Tom Liston | Incident Reporting - Liston's "How-To" Guide |
| 2010-03-21/a> | Chris Carboni | Responding To The Unexpected |
| 2010-01-22/a> | Mari Nichols | Pass-down for a Successful Incident Response |
| 2009-06-11/a> | Rick Wanner | MIR-ROR Motile Incident Response - Respond Objectively Remediate |
| 2009-05-01/a> | Adrien de Beaupre | Incident Management |
| 2009-04-16/a> | Adrien de Beaupre | Incident Response vs. Incident Handling |
| 2008-10-29/a> | Deborah Hale | Day 29 - Should I Switch Software Vendors? |
RESPONSE |
| 2023-10-03/a> | Tom Webb | Are Local LLMs Useful in Incident Response? |
| 2023-01-26/a> | Tom Webb | Live Linux IR with UAC |
| 2022-06-02/a> | Johannes Ullrich | Quick Answers in Incident Response: RECmd.exe |
| 2021-12-06/a> | Xavier Mertens | The Importance of Out-of-Band Networks |
| 2020-09-17/a> | Xavier Mertens | Suspicious Endpoint Containment with OSSEC |
| 2020-02-16/a> | Guy Bruneau | SOAR or not to SOAR? |
| 2019-08-25/a> | Guy Bruneau | Are there any Advantages of Buying Cyber Security Insurance? |
| 2018-12-19/a> | Xavier Mertens | Using OSSEC Active-Response as a DFIR Framework |
| 2017-12-05/a> | Tom Webb | IR using the Hive Project. |
| 2017-09-17/a> | Guy Bruneau | rockNSM as a Incident Response Package |
| 2017-06-17/a> | Guy Bruneau | Mapping Use Cases to Logs. Which Logs are the Most Important to Collect? |
| 2016-08-24/a> | Tom Webb | Stay on Track During IR |
| 2016-02-11/a> | Tom Webb | Tomcat IR with XOR.DDoS |
| 2015-03-07/a> | Guy Bruneau | Should it be Mandatory to have an Independent Security Audit after a Breach? |
| 2014-12-24/a> | Rick Wanner | Incident Response at Sony |
| 2014-12-01/a> | Guy Bruneau | Do you have a Data Breach Response Plan? |
| 2014-04-04/a> | Rob VandenBrink | Dealing with Disaster - A Short Malware Incident Response |
| 2014-01-23/a> | Chris Mohan | Learning from the breaches that happens to others Part 2 |
| 2014-01-22/a> | Chris Mohan | Learning from the breaches that happens to others |
| 2013-10-05/a> | Richard Porter | Adobe Breach Notification, Notifications? |
| 2013-03-18/a> | Kevin Shortt | Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4 |
| 2013-03-02/a> | Scott Fendley | Evernote Security Issue |
| 2012-11-16/a> | Manuel Humberto Santander Pelaez | Information Security Incidents are now a concern for colombian government |
| 2012-04-23/a> | Russ McRee | Emergency Operations Centers & Security Incident Management: A Correlation |
| 2011-10-28/a> | Russ McRee | Critical Control 19: Data Recovery Capability |
| 2011-10-27/a> | Mark Baggett | Critical Control 18: Incident Response Capabilities |
| 2011-07-25/a> | Chris Mohan | Monday morning incident handler practice |
| 2011-07-09/a> | Chris Mohan | Safer Windows Incident Response |
| 2011-04-25/a> | Rob VandenBrink | Sony PlayStation Network Outage - Day 5 |
| 2011-03-25/a> | Kevin Liston | APT Tabletop Exercise |
| 2010-10-18/a> | Manuel Humberto Santander Pelaez | Cyber Security Awareness Month - Day 18 - What you should tell your boss when there's a crisis |
| 2010-09-04/a> | Kevin Liston | Investigating Malicious Website Reports |
| 2010-03-25/a> | Kevin Liston | Responding to "Copyright Lawsuit filed against you" |
| 2010-03-21/a> | Chris Carboni | Responding To The Unexpected |
| 2010-01-22/a> | Mari Nichols | Pass-down for a Successful Incident Response |
| 2009-06-11/a> | Rick Wanner | MIR-ROR Motile Incident Response - Respond Objectively Remediate |
| 2009-05-01/a> | Adrien de Beaupre | Incident Management |
| 2009-04-16/a> | Adrien de Beaupre | Incident Response vs. Incident Handling |
TEAM |
| 2024-12-18/a> | Jesse La Grew | [Guest Diary] A Deep Dive into TeamTNT and Spinning YARN |
| 2024-11-07/a> | Xavier Mertens | Steam Account Checker Poisoned with Infostealer |
| 2023-07-01/a> | Russ McRee | Sandfly Security |
| 2023-05-09/a> | Russ McRee | Exploratory Data Analysis with CISSM Cyber Attacks Database - Part 2 |
| 2022-09-23/a> | Xavier Mertens | Kids Like Cookies, Malware Too! |
| 2022-09-19/a> | Russ McRee | Chainsaw: Hunt, search, and extract event log records |
| 2022-06-10/a> | Russ McRee | EPSScall: An Exploit Prediction Scoring System App |
| 2021-12-28/a> | Russ McRee | LotL Classifier tests for shells, exfil, and miners |
| 2021-03-06/a> | Xavier Mertens | Spotting the Red Team on VirusTotal! |
| 2021-03-02/a> | Russ McRee | Adversary Simulation with Sim |
| 2021-01-19/a> | Russ McRee | Gordon for fast cyber reputation checks |
| 2020-10-23/a> | Russ McRee | Sooty: SOC Analyst's All-in-One Tool |
| 2020-08-12/a> | Russ McRee | To the Brim at the Gates of Mordor Pt. 1 |
| 2020-06-30/a> | Russ McRee | ISC Snapshot: SpectX IP Hitcount Query |
| 2020-04-21/a> | Russ McRee | SpectX: Log Parser for DFIR |
| 2020-02-27/a> | Xavier Mertens | Offensive Tools Are For Blue Teams Too |
| 2020-01-21/a> | Russ McRee | DeepBlueCLI: Powershell Threat Hunting |
| 2019-11-29/a> | Russ McRee | ISC Snapshot: Search with SauronEye |
| 2019-11-08/a> | Xavier Mertens | Microsoft Apps Diverted from Their Main Use |
| 2019-10-06/a> | Russ McRee | visNetwork for Network Data |
| 2019-08-21/a> | Russ McRee | KAPE: Kroll Artifact Parser and Extractor |
| 2019-07-16/a> | Russ McRee | Commando VM: The Complete Mandiant Offensive VM |
| 2019-04-05/a> | Russ McRee | Beagle: Graph transforms for DFIR data & logs |
| 2019-02-05/a> | Rob VandenBrink | Mitigations against Mimikatz Style Attacks |
| 2018-10-17/a> | Russ McRee | RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence |
| 2018-06-16/a> | Russ McRee | Anomaly Detection & Threat Hunting with Anomalize |
| 2012-04-23/a> | Russ McRee | Emergency Operations Centers & Security Incident Management: A Correlation |
| 2011-03-25/a> | Kevin Liston | APT Tabletop Exercise |
| 2010-01-22/a> | Mari Nichols | Pass-down for a Successful Incident Response |
| 2010-01-14/a> | Bojan Zdrnja | DRG (Dragon Research Group) Distro available for general release |
| 2009-03-22/a> | Mari Nichols | Dealing with Security Challenges |
