Syndicated Blog

HolisticInfoSec™
Russ McRee’s HolisticInfoSec™ includes articles and research, as well as feedback and an occasional rant. HolisticInfoSec™ promotes standards, simplicity, tooling and efficiency in achieving holistic information security.
Introduction To Anomalize | Business Science Software

toolsmith #133 – Anomaly Detection & Threat Hunting with Anomalize

When, in October and November's toolsmith posts, I redefined DFIR under the premise of Deeper Functionality for Investigators in R, I discovered a "tip of the iceberg" scenario. To that end, I'd ...
toolsmith #132 - The HELK vs APTSimulator - Part 2

toolsmith #132 – The HELK vs APTSimulator – Part 2

Continuing where we left off in The HELK vs APTSimulator - Part 1, I will focus our attention on additional, useful HELK features to aid you in your threat hunting practice. HELK ...
toolsmith #131 - The HELK vs APTSimulator - Part 1

toolsmith #131 – The HELK vs APTSimulator – Part 1

Ladies and gentlemen, for our main attraction, I give you...The HELK vs APTSimulator, in a Death Battle! The late, great Randy "Macho Man" Savage said many things in his day, in his ...
toolsmith #130 - OSINT with Buscador

toolsmith #130 – OSINT with Buscador

First off, Happy New Year! I hope you have a productive and successful 2018. I thought I'd kick off the new year with another exploration of OSINT. In addition to my work ...
toolsmith #129 - DFIR Redefined: Deeper Functionality for Investigators with R - Part 2

toolsmith #129 – DFIR Redefined: Deeper Functionality for Investigators with R – Part 2

You can have data without information, but you cannot have information without data. ~Daniel Keys MoranHere we resume our discussion of DFIR Redefined: Deeper Functionality for Investigators with R as begun in ...
toolsmith #128 - DFIR Redefined: Deeper Functionality for Investigators with R - Part 1

toolsmith #128 – DFIR Redefined: Deeper Functionality for Investigators with R – Part 1

“To competently perform rectifying security service, two critical incident response elements are necessary: information and organization.” ~ Robert E. DavisI've been presenting DFIR Redefined: Deeper Functionality for Investigators with R across the country ...
Toolsmith Tidbit: Windows Auditing with WINspect

Toolsmith Tidbit: Windows Auditing with WINspect

WINSpect recently hit the toolsmith radar screen via Twitter, and the author, Amine Mehdaoui, just posted an update a couple of days ago, so no time like the present to give you ...
Datasploit: Quick guide to installation and Use

Toolsmith #127: OSINT with Datasploit

I was reading an interesting Motherboard article, Legal Hacking Tools Can Be Useful for Journalists, Too, that includes reference to one of my all time OSINT favorites, Maltego. Joseph Cox's article also mentions ...
Toolsmith #126: Adversary hunting with SOF-ELK

Toolsmith #126: Adversary hunting with SOF-ELK

As we celebrate Independence Day, I'm reminded that we honor what was, of course, an armed conflict. Today's realities, when we think about conflict, are quite different than the days of lining ...
Toolsmith #125: ZAPR - OWASP ZAP API R Interface

Toolsmith #125: ZAPR – OWASP ZAP API R Interface

It is my sincere hope that when I say OWASP Zed Attack Proxy (ZAP), you say "Hell, yeah!" rather than "What's that?". This publication has been a longtime supporter, and so many ...