Incident Response

A collection of 4 posts

Tool Release: CB Bot

Tool Release: CB Bot

Today, I release CB Bot! CB Bot is a threat hunting and incident response web application framework to use with Carbon Black (CB) Defense. Not only will you be able to run commands

Full Story

AWS, IAM Your Father (Part II - Defensive)

AWS, IAM Your Father (Part II - Defensive)

In Part I of this series, we talked a bit about AWS fundamentals and how to leverage exposed EC2 instances and AWS metadata to do whatever you want (of course, given proper permissions

Full Story

Do You Even Bitmap Cache, Bro?

Do You Even Bitmap Cache, Bro?

It's been a while since I last wrote a blog post. I've been busy building cool stuff and hunting for evil, so now I'm back to writing blog posts. For a while, I have had folks ask me about RDP Bitmap Cache, so I decided to write one about it.

Full Story

"Tracing" Malicious Downloads

"Tracing" Malicious Downloads

In this blog post, I will be covering a very interesting artifact found in the Windows registry, which indicates whenever an executable (i.e. legitimate and illegitimate) attempted to establish a network connection to download files for the first time.

Full Story

Recent Posts

Tool Release: CB Bot

Today, I release CB Bot! CB Bot is a threat hunting and incident response web

AWS, IAM Your Father (Part II - Defensive)

In Part I of this series, we talked a bit about AWS fundamentals and how

AWS, IAM Your Father (Part I - Offensive)

The more I hear about Amazon Web Services (AWS), the more I feel we need