Now that I’ve shown you investigations from Panther  — I think you can clearly see what Dropzone AI is actually doing behind the scenes. No matter which security tool generates the alert: Dropzone picks it up instantly Investigates it faster than any human Asks all the important questions automatically Pulls evidence from everywhere Checks historical behaviour Compares with analyst verdicts Correlates with MITRE framework And finally gives you a clear conclusion All of this h

In the previous article, I explained the Dropzone AI dashboard and overall features. Now, let’s get into the real action — how Dropzone actually investigates an alert , using Panther  as the example. Let’s begin. How Alerts Flow From Panther → Dropzone Let’s say you’ve integrated: Panther data source Panther alert source This means: Every alert Panther generates will be picked up automatically by Dropzone. No manual work. No need to forward anything. Dropzone grabs the alert

Your SOC, but finally without the headache. In the previous article, I talked about how AI is changing SOC operations forever — especially tools like Dropzone AI  that automate full investigations. If you ask me which tools I enjoy working with the most, I will always say CrowdStrike , SentinelOne , and Forensic tools . But recently, one tool has impressed me so much that I genuinely feel like every SOC team should see it at least once. And that tool is Dropzone AI . This Ar

Let’s be honest for a second. I’ve been in forensics and incident response long enough to see the cybersecurity world change fast — but nothing is shaking things up more than AI inside SOCs . And no matter how many people say “ AI won’t take jobs, it will only assist us, ”  the reality I’m seeing in the field is completely different. I’m on calls with security teams, MSSPs, product vendors… and the pattern is the same everywhere: 🔥 Tasks that used to require 20–30 analysts a

Hey everyone! Welcome back to another post in my SentinelOne series  — if you haven’t checked out the earlier ones, I recommend scrolling back and giving them a read. https://www.cyberengage.org/courses-1/mastering-sentinelone%3A-a-comprehensive-guide-to-deep-visibility%2C-threat-hunting%2C-and-advanced-querying%22 Today, I’m here to share something different  — a real-world workaround  that helped me fix an interesting SSO problem with SentinelOne. --------------------------

Before diving in, I’d like to highlight a comprehensive series I’ve created on Data Carving—feel free to check it out via the link below. https://www.cyberengage.org/courses-1/data-carving%3A-advanced-techniques-in-digital-forensics --------------------------------------------------------------------------------------------------------- If you’ve been in digital forensics long enough, you’ve probably heard about Bulk Extractor  — the legendary tool  that can scan through mass

Everyone who does digital forensics has seen wipers. Funny part is attackers and careless admins both sometimes want files gone . Tools that overwrite/delete files — “wipers” — are common and can hide evidence. SDelete (a Sysinternals tool signed by Microsoft) is famous because it can slip past some whitelisting and looks “legit” on a system. But SDelete is only the tip of the iceberg — there are other tools and each leaves its own marks. Knowing those marks helps you figur

If you’ve been following me for a while, you already know how much I love Sublime . It’s one of those tools that just keeps getting better — feature after feature, update after update — all with one goal: making email security effortless . And today, they’ve released something that’s honestly a game changer . The Hidden Threat: Malicious Calendar Invites We’ve all seen those sketchy calendar invites — you know, the ones that magically appear on your calendar even though you

Welcome back, folks! If you’ve been following this series, I’ve already covered how attackers move laterally using things like named pipes, scheduled tasks, services, and registry modifications and more .Now it’s time to unpack some classic but still dangerous  remote execution tricks — and how to actually hunt them down using Windows logs. ------------------------------------------------------------------------------------------------------------- PowerShell Remoting & WMIC

Hey — today we’re unpacking lateral movement. Think of it like this : an attacker already got a foothold in your network and now wants to move sideways to more valuable systems. In this article I’ll try tp show you the common ways they do that, what Windows logs to watch for, and practical detective steps you can take right now. ------------------------------------------------------------------------------------------------------------- Why this matters Once an attacker can

If you’ve worked in cybersecurity for a while, you know one truth: PowerShell is both a friend and a foe . Administrators love it because it makes automation simple. Attackers love it because it makes exploitation simple. From credential theft to data exfiltration, lateral movement, and even memory-only malware — PowerShell can do it all. So, the real question is not whether  PowerShell is being used, but how  and by whom . That’s where PowerShell logging  comes into play — y

If you’ve worked in cybersecurity or digital forensics for even a short while, you’ve probably realized that Windows event logs are like the system’s memory  — they remember almost everything that happens. From user logins and process creations to application crashes and errors, these logs quietly record the life story of a system. But what happens when someone — say, an attacker — tries to erase those memories ? Or when malware crashes in the middle of doing something shady

Okay, let’s get one thing straight — Windows logging is not centralized by default. Each system—your laptop, your DC, your file server—logs its own stuff. That means if you’re doing forensics or threat hunting, you’ve got to know exactly which system has what evidence . If you pull the wrong logs, you might completely miss the attacker’s authentication trail. ------------------------------------------------------------------------------------------------------------- 1. Clien

When investigating intrusion attempts or suspicious login activity in Windows environments, one of the most overlooked sources of truth lies in the authentication failure logs  — specifically, Kerberos Event ID 4771  and NTLM Event ID 4776 . These tiny events, often lost in the noise of massive log volumes, can tell a deep story: Was someone trying to guess passwords? Was an attacker using a stolen hash? Or was it just a misconfigured system clock? Kerberos Pre-Authentication

I know, I know — Log Analysis  doesn’t sound like the most exciting topic these days . Everyone in cybersecurity has gone through it at some point, and if you’ve sat in an interview, you’ve probably been asked about it too. There are already tons of articles and videos on this topic out there. But here’s the thing — log analysis isn’t about knowing event IDs by heart . It’s about correlating different events together to tell a story . That’s the part most people miss. And tha

Hey everyone Let’s talk about one of the most underrated but dangerous  parts of automation and DevOps: secrets management . You might not realize it, but every single system you build — whether it’s an app, CI/CD pipeline, or cloud deployment — has secrets . These are things like API tokens, SSH keys, database passwords, and service credentials that your automation tools, containers, and scripts need to function. -------------------------------------------------------------

When we talk about secure coding , we usually think about the code we  write — avoiding insecure functions, preventing injections, or...

If you’ve ever worked on secure coding or DevSecOps pipelines, you’ve probably come across the term SAST  — Static Application Security...

Configuration code and application code both need to be treated with the same rigor as any other software. Bugs in configuration can be...

When a developer pushes code, it kicks off the Commit phase  of the DevOps pipeline. This is where the magic of automation happens:...