Tech Talk Tuesday
How To Use FTK Imager To Take Disk And Memory Images For Free
Unlock the power of digital forensics with FTK Imager! In this week’s #TechTalkTuesday, we’ll show…
IR Plan, Policy & Procedures Part 3: How To Write a Cybersecurity Incident Response Procedures
Over the past two #TechTalkTuesday we talked through how to build an incident response plan…
IR Plan, Policy & Procedures Part 2: How To Write a Cybersecurity Incident Response Policy
Last #TechTalkTuesday we discussed how to build an incident response plan. This week, we pivot…
IR Plan, Policy & Procedures Part 1: How To Write a Cybersecurity Incident Response Plan
An incident response plan is vital when an attack does impact an organization. In this…
Breaking Into Industrial Cybersecurity: What It Is, How To Get Into The Field, And Common Mistakes
Aaron Crow went from being OT tech support within a power generation facility to being…
How To Use Process Hacker to Explore Malicious Service and Network Activity During DFIR/Threat Hunts
In this week’s #techtalktuesday we continue last week’s series on the free, dynamic analysis tool…
How To Use Process Hacker to Find Intrusions During Incident Response and Threat Hunting Engagements
Process Hacker is a free and powerful tool for identifying the behaviors associated with an…
How To Use User Agents to Save The World (And Improve Cyber Threat Hunting and Detection)
User agents are a core part of the HTTP specification and can baseline user activity…
How To Use Window’s Advanced Network Connection Audit Logging to Detect and Hunt for Cyber Attackers
In this edition of #TechTalkTuesday we explore Window’s advanced audit logging for network connections and…
How To Detect Malicious Network Share Usage With The Windows Event Logs When Threat Hunting
How To Detect Malicious Network Share Usage With The Windows Event Logs When Threat Hunting…
How To Threat Hunt for Malicious Account Usage Using the Windows Event Logs
The Windows event logs are a powerful funnel point for identifying hackers that leverage Windows…
How To Defend Yourself From Cybersecurity Threats When You Can’t Immediately Patch
Vulnerabilities are unavoidable. And while patches serve as permanent fixes for vulnerabilities, it’s not always…
How to Build a Raspberry Pi Based WiFi Pentesting and Cybersecurity Assessment Kit for Under $100
This week’s #TechTalkTuesday continues the WiFi penetration testing thread from last week and explores how…
How to Threat Hunt For Wireless Network Compromise
Wireless networks are a key part of many corporate and home networks. In this edition…
How to Respond to Cybersecurity Incidents: Exploring the NIST and SANS Incident Response Models
NIST’s Incident Handling Model and SANS’ PICERL Incident Response Model outline best practices when responding…
How to Discover Windows Run Key Persistence When Threat Hunting
Registry run key persistence is a popular technique used by APT37, Dragonfly, APT41 and many…
How to Use PowerShell Event Logs When Threat Hunting or Detecting Cybersecurity Threats
Windows’ PowerShell event logs provide insight into script execution throughout the life of a malicious…
How to Write Yara Binary Pattern Matching Rules to Enhance Threat Hunting and Cybersecurity Ops
Last week we explored the basics of Yara and how to write string rules. This…
How to Find Malware with Yara: Expanding The Detection of Your Threat Hunting Efforts
Yara adds the ability for cybersecurity analysts to quickly and accurately find malware samples during…
How Hackers Hijack Applications Using Malicious DLLs: And How To Improve Cyber Defenses Against It
DLL load order hijacking allows hackers to hijack applications and compromise critical systems. This week’s…
How to Write Sysmon Rules: Getting Fancy(Bear) With Sysmon to Find APT Level Cyber Security Threats
Last week we explored how to get started with Sysmon to strengthen your cybersecurity defenses….
How to get started with Microsoft Sysinternals’ Sysmon advanced event logging
Microsoft Sysinternals’ Sysmon tool is a free tool that provides amazing enhancement of system activity…
Going from IOCs to Behaviors: Threat Hunting for the Actor Behind CYBERCOM’s Recent Ukraine Report
CYBERCOM recently released a report with indicators of compromise (IOCs) from compromised Ukrainian networks. While…
How to Threat Hunt for APT33/APT38/Lazarus/Dragonfly’s Malicious Scheduled Tasks
APT33/APT38/Lazarus/Dragonfly and many other hacking groups have used scheduled tasks for both persistence and privilege…
One Windows Event Log ID To Rule Them All: Why You Should Hunt With Event 4624
Windows event logs provide a fundamental source for host-based threat hunting. In this edition of…
Threat Hunting with Pyshark: Using Open Source Python Libraries to Automate Threat Hunting
Wireshark is an incredibly powerful tool for threat hunting with network data. In this edition…
Threat Hunting Is A Team Sport: How To Build and Lead Effective Threat Hunting Teams
One of the most critical parts of an effective threat hunting program involves building and…
Threat Hunting Beyond Your Boundary With Open Source Tools: Automating With Python and Shodan
While not commonly considered a threat-hunting tool, Shodan can help discover malicious trust relationships between…
Why We Switched from Reactive to Proactive Threat Hunting (And Why It Led to Finding More Threats)
Threat hunting can be reactive (looking for known, knowns) and proactive (unknowns), and the effectiveness…
How To Improve Threat Hunting Success With The “Right” Intel Using 3 Basic Questions
Good threat intelligence can make or break a threat-hunting engagement. In this edition of #TechTalkTuesday,…
Behavioral vs Indicator-Based Threat Hunting (And Why You Should Be Doing Both To Be Successful)
Behavioral-based and indicator-based threat-hunting approaches both have their places when looking for both external and…
Why MFA Won’t Protect You From Hackers (And What You Can Do About It)
Multi-factor authentication (MFA) and two-factor authentication (2FA) provide powerful protection during session authentication. Unfortunately, like…
It’s All Just A (Pipe)Dream: Using Free Tools to Threat Hunt for Nation-State Control System Hackers
Want to know how to use free, open-source tools to hunt for the recently discovered…
Threat Hunting for Nation-State (DPRK’s Lazarus) OS X Hacker Malware
From 2018 to 2021, a North Korean hacking group known as Lazarus successfully deployed malware…
Writing Suricata Rules: Understanding The Basic Rule Format
Suricata is a powerful IDS/IPS for threat hunting and digital forensics/incident response. In this edition…
Open Source Cyber Threat Hunting with Zeek: Getting Started
Open source tools provide fantastic value for cyber threat hunting. In today’s #TechTalkTuesday, we explore…
What is Threat Hunting? The What and Why of An Essential Prevention and Detection Activity
What is Threat Hunting? In this week’s edition of #TechTalkTuesday, we explore the definition of…
Threat Hunting for APT34/APT39/Generic Reconnaissance (T1595.001) and Discovery (T1046) Behaviors
Let’s talk network recon (ATT&CK ID T1695.001) and discovery (ATT&CK ID T1046)! This week we…
10 Free and Effective Ways to Harden Cyber Defenses Immediately (Response to White House Advisory)
On March 21, 2022, the White House issued a statement advising private companies to “harden…
Hunt Like They Fight: How The DoD’s Joint Targeting Cycle Can Help Improve Your Threat Hunts
The US military uses a process called the Joint Targeting Cycle to select and act…
Building a Hacking Lab on a Budget: From Free to $XXX,XXX
Let’s talk hacking labs! This week’s #techtalktuesday explores three different stages and price points of…
Going from Nation State Malware Sample to MITRE ATT&CK Techniques in Under 5 Minutes
This edition of #TechTalkTuesday shows how to quickly go from a malware sample in a…
Hunting for APT28/Hafnium NTDS.dit Domain Controller Credential Harvesting [MITRE ATT&CK T1003.003]
NTDS credential dumping [MITRE ATT&CK T1003.003] provides APT28, Hafnium, and several other attackers access to…
Going From Threat Intel to Threat Hunt: Threat Hunting for Nation State Actors
As defenders, we hold the advantage against attackers when we work together. In today’s special…
Using MITRE ATT&CK for Enterprise and ATT&CK for ICS in Industrial Environments (ft Ron Fabela)
MITRE’s ATT&CK for Enterprise matrix and ATT&CK for ICS matrix provide two valuable reference models…
Threat Hunting for No-Key-Theft-Required Attacks in Trusted Binaries [MITRE ATT&CK T1553.002]
Digitally signed executables provide one layer of trust to prevent attacks that leverage unauthorized or…
Put Down Your Dukes: Hunting For Hacking Group APT 29/APT 37/APT 40’s Covert Data Exfiltration
What do APT 29, APT 37, and APT 40 have in common? They all have…