top of page
Please access this website using a laptop / desktop or tablet for the best experience
Sublime Security – The EDR of Email We Needed!
Hey folks! You know there are certain tools you just can’t ignore anymore — not because of hype, but because they actually deliver . One...
-
Aug 7, 20253 min read
Carbon Black (P6:Settings): A Practical Guide/An Practical Training
In this guide, we'll cover the last section of the Carbon Black Cloud console : the Settings tab. This area is crucial for managing...
-
Aug 6, 20253 min read
Carbon Black (P5:Inventory): A Practical Guide/An Practical Training
The Feature Inventory in Carbon Black Cloud is an essential tool that helps administrators and security professionals manage and...
-
Aug 5, 20254 min read
Carbon Black (P4:Enforce): A Practical Guide/An Practical Training
When managing Carbon Black, the Enforce tab plays a pivotal role . It houses the tools for creating and managing policies , which...
-
Aug 4, 20254 min read
Carbon Black (P3:Investigate): A Practical Guide/An Practical Training
The Investigate feature in Carbon Black is a powerful tool that allows you to perform deep searches, analyze details, and hunt for...
-
Aug 1, 20253 min read
Carbon Black (P2:Dashboard/Alerts): A Practical Guide/An Practical Training
Carbon Black EDR (Endpoint Detection and Response) is a powerful tool, but its interface can be a little overwhelming for new users. ...
-
Jul 31, 20256 min read
Rethinking Incident Response – From PICERL to DAIR (Expanded Edition)
---------------------------------------------------------------------------------------------------------- Clarification Note: I've...
-
Jul 30, 20258 min read
Carbon Black (P1:Overview): A Practical Guide/An Practical Training
Welcome to this guide on using Carbon Black as an Endpoint Detection and Response (EDR) tool . Carbon Black has long been recognized for...
-
Jul 28, 20253 min read
Querying Like a Pro in Arkime: Getting the Most Out of Arkime Viewer: Beyond the Basics
If you’ve started using Arkime (formerly Moloch), you already know it's a powerful tool for digging deep into packet captures and...
-
Jul 25, 20255 min read
Why Arkime is a Game-Changer for Network Forensics (and Why It's Not Just Another Wireshark)
Let’s be honest — dealing with network traffic at scale isn’t exactly a walk in the park. Sure, command-line tools are powerful,...
-
Jul 23, 20254 min read
SharePoint and OneDrive Logs in M365: The Goldmine You’re Overlooking (with a Hidden Twist)
If you’ve been around the M365 security space long enough, you’ve heard the term Business Email Compromise (BEC) more times than you can...
-
Jul 21, 20253 min read
Who’s Using a Proxy or VPN in Your M365 Environment — and Why It Matters
While working with SOC teams in Microsoft environments, I’ve observed that during impossible travel investigations, analysts often have...
-
Jul 21, 20253 min read
Petra Security: Reporting, Threat Hunting, Investigation tip and Final Thoughts
In the final part of this Petra Security overview, let’s dive into one of my favorite tabs: Reporting — and then explore how you can...
-
Jul 17, 20255 min read
Petra Security's "Incidents" Tab — A Game-Changer for M365 Breach Investigations
------------------------------------------------------------------------------------------------------------- If there’s one tab in Petra...
-
Jul 16, 20253 min read
Petra Security: The UI, the Logs, and Why I Genuinely Prefer It Over Microsoft Sentinel
Let me start with a personal opinion: I really like Petra Security’s user interface. No offense to Microsoft Sentinel, but Petra’s UI...
-
Jul 15, 20255 min read
Petra Security: The ML-Powered Identity Sentinel You Wish Microsoft Built
------------------------------------------------------------------------------------------------------------ A few days ago, I left my...
-
Jul 14, 20253 min read
The Importance of Memory Acquisition in Modern Digital Forensics
Memory acquisition has emerged as a transformative development in the field of digital forensics. While it has been in practice for over...
-
Jul 11, 20254 min read
Jump List Changes in Windows 10 & 11: What You Need to Know
Jump Lists have undergone significant changes in Windows 10 and 11 , just like LNK shell items . These changes have expanded the range of...
-
Jul 5, 20253 min read
Forensic Differences Between Windows 10 and Windows 11
Note to My Readers: I apologize for not being very active on the website or posting new articles over the past few weeks. I've been...
-
Jun 28, 20253 min read
Digging into Google Analytics & HubSpot Cookies for Forensics
You know how Google knows what you were thinking before you even typed it? That’s not magic—it’s analytics . Google Analytics and...
-
Jun 20, 20254 min read
bottom of page