toolsmith #132 - The HELK vs APTSimulator - Part 2

toolsmith #132 – The HELK vs APTSimulator – Part 2

Continuing where we left off in The HELK vs APTSimulator - Part 1, I will focus our attention on additional, useful HELK features to aid you in your threat hunting practice. HELK offers Apache Spark, GraphFrames, and Jupyter Notebooks as part of its lab offering. These capabilities scale well beyond ... Read More
toolsmith #131 - The HELK vs APTSimulator - Part 1

toolsmith #131 – The HELK vs APTSimulator – Part 1

Ladies and gentlemen, for our main attraction, I give you...The HELK vs APTSimulator, in a Death Battle! The late, great Randy "Macho Man" Savage said many things in his day, in his own special way, but "Expect the unexpected in the kingdom of madness!" could be our toolsmith theme this ... Read More
toolsmith #130 - OSINT with Buscador

toolsmith #130 – OSINT with Buscador

First off, Happy New Year! I hope you have a productive and successful 2018. I thought I'd kick off the new year with another exploration of OSINT. In addition to my work as an information security leader and practitioner at Microsoft, I am privileged to serve in Washington's military as ... Read More
toolsmith #129 - DFIR Redefined: Deeper Functionality for Investigators with R - Part 2

toolsmith #129 – DFIR Redefined: Deeper Functionality for Investigators with R – Part 2

You can have data without information, but you cannot have information without data. ~Daniel Keys MoranHere we resume our discussion of DFIR Redefined: Deeper Functionality for Investigators with R as begun in Part 1.First, now that my presentation season has wrapped up, I've posted the related material on the Github ... Read More

McRee added to ISSA’s Honor Roll for Lifetime Achievement

/ / ISSA, toolsmith
HolisticInfoSec's Russ McRee was pleased to be added to ISSA International's Honor Roll this month, a lifetime achievement award recognizing an individual's sustained contributions to the information security community, the advancement of the association and enhancement of the professionalism of the membership.According to the press release:"Russ McRee has a strong ... Read More
toolsmith #128 - DFIR Redefined: Deeper Functionality for Investigators with R - Part 1

toolsmith #128 – DFIR Redefined: Deeper Functionality for Investigators with R – Part 1

“To competently perform rectifying security service, two critical incident response elements are necessary: information and organization.” ~ Robert E. DavisI've been presenting DFIR Redefined: Deeper Functionality for Investigators with R across the country at various conference venues and thought it would helpful to provide details for readers.The basic premise?Incident responders ... Read More
Toolsmith Tidbit: Windows Auditing with WINspect

Toolsmith Tidbit: Windows Auditing with WINspect

WINSpect recently hit the toolsmith radar screen via Twitter, and the author, Amine Mehdaoui, just posted an update a couple of days ago, so no time like the present to give you a walk-through. WINSpect is a Powershell-based Windows Security Auditing Toolbox. According to Amine's GitHub README, WINSpect "is part ... Read More
DEF CON 18 - David Kennedy "ReL1K" & Josh Kelley - Powershell...omfg

Toolsmith Release Advisory: Magic Unicorn v2.8

/ / Magic Unicorn, powershell
David Kennedy and the TrustedSec crew have released Magic Unicorn v2.8.Magic Unicorn is "a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory, based on Matthew Graeber's PowerShell attacks and the PowerShell bypass technique presented by Dave and Josh Kelly at Defcon 18.Version 2.8:shortens length ... Read More
Datasploit: Quick guide to installation and Use

Toolsmith #127: OSINT with Datasploit

I was reading an interesting Motherboard article, Legal Hacking Tools Can Be Useful for Journalists, Too, that includes reference to one of my all time OSINT favorites, Maltego. Joseph Cox's article also mentions Datasploit, a 2016 favorite for fellow tools aficionado, Toolswatch.org, see 2016 Top Security Tools as Voted by ... Read More
Toolsmith #126: Adversary hunting with SOF-ELK

Toolsmith #126: Adversary hunting with SOF-ELK

As we celebrate Independence Day, I'm reminded that we honor what was, of course, an armed conflict. Today's realities, when we think about conflict, are quite different than the days of lining troops up across the field from each other, loading muskets, and flinging balls of lead into the fray.We ... Read More
Loading...