One thing that I've been exploring lately is automating the large number of amazing open source security tools out in the world. One tool that has caught my interest is the Loki APT scanner created by BSK Consulting, a cool scanner that combines filenames, IP addresses, domains, hashes, Yara rules, Regin file system checks, process anomaly checks, SWF...

I recently joined a new company (hooray) and have had the opportunity thus far to start thinking more heavily about a few topics that are, I suppose, newer to me. Most of this focus has been on Google Apps for Business, but generally speaking, we've been thinking about many different challenges that are posed by large enterprises adopting cloud solutions....

Well it's certainly been a while since I made a post! I last blogged in February about Malware analysis and you can find that post here. http://www.redblue.team/2016/02/a-soft-introduction-to-malware-analysis.html. My thanks go to Dave and Abdul for keeping content coming while I was slacking. It's hard to believe the year is almost over. It was a...

A few years ago during an interview at Mandiant I was asked to create a presentation based on the NIST Computer SecurityIncident Handling Guide, a good primer on incident handling that I would recommend every NetSec  professional to read. Although the presentation is light in description, the basic outline remains. If the content interests you I would...

One challenge to performing a proper incident investigation is dealing with missing event logs. Part of a healthy SOC posture is ensuring that you have the proper audit logging settings to ensure that you log what is needed tomorrow. Windows has a very well defined audit policy, but when I was trying to find an audit policy for the Linux audit system...

With the increased adoption of IaaS cloud services such as Amazon Web Services (AWS) and Microsoft Azure, there is also a greater need for security controls in the cloud. Firewall and IPS vendors such as Palo Alto, Checkpoint and Fortinet have made available virtual instances of their products ready to run in these cloud environments. These tools can...