Sections
Latest Lab Notes
12 FEB 2024 | INCIDENT RESPONSE
A practical walkthrough for handling phishing incidents, from initial report to lessons learned. Includes PowerShell snippets for investigation.
Current Project
C:\SECURITY\PROJECTS> dir /b
03/02/2024 09:15 <DIR> powershell-ir-toolkit
Building a collection of IR scripts for common investigation tasks.
Currently: Memory forensics automation scripts
Status: In Progress
03/02/2024 09:15 <DIR> powershell-ir-toolkit
Building a collection of IR scripts for common investigation tasks.
Currently: Memory forensics automation scripts
Status: In Progress
Working on consolidating my incident response scripts into a reusable toolkit. Will share here when ready.
Tool Spotlight
Sysmon
Endpoint
Free
Essential
If you're not running Sysmon on your endpoints, you're flying blind. It provides detailed logging of process creations, network connections, file changes, and more - the kind of visibility that makes incident response actually possible.
PS C:\> sysmon -accepteula -i -n
System Monitor v15.0 - System activity monitor
Copyright (C) 2014-2023 Mark Russinovich and Thomas Garnier
Sysmon installed and started.
System Monitor v15.0 - System activity monitor
Copyright (C) 2014-2023 Mark Russinovich and Thomas Garnier
Sysmon installed and started.
Credentials
- Microsoft 365 Certified: Security Administrator Associate
- CompTIA Security+
- Years of on-the-job learning (the real certification)
Certifications are nice, but nothing beats hands-on experience responding to real incidents.