HolisticInfoSec™
Russ McRee’s HolisticInfoSec™ includes articles and research, as well as feedback and an occasional rant.
HolisticInfoSec™ promotes standards, simplicity, tooling and efficiency in achieving holistic information security.
toolsmith #133 – Anomaly Detection & Threat Hunting with Anomalize
When, in October and November's toolsmith posts, I redefined DFIR under the premise of Deeper Functionality for Investigators in R, I discovered a "tip of the iceberg" scenario. To that end, I'd ...
toolsmith #132 – The HELK vs APTSimulator – Part 2
Russ McRee | | adversary emulation, APTSimulator, Detection, DFIR, elasticsearch, GraphFrame, hadoop, HELK, Jupyter Notebooks, Mimikatz, powershell, PowerSploit, Spark
Continuing where we left off in The HELK vs APTSimulator - Part 1, I will focus our attention on additional, useful HELK features to aid you in your threat hunting practice. HELK ...
toolsmith #131 – The HELK vs APTSimulator – Part 1
Russ McRee | | adversary emulation, APTSimulator, Detection, DFIR, HELK, Mimikatz, powershell, PowerSploit
Ladies and gentlemen, for our main attraction, I give you...The HELK vs APTSimulator, in a Death Battle! The late, great Randy "Macho Man" Savage said many things in his day, in his ...
toolsmith #130 – OSINT with Buscador
Russ McRee | | Creepy, Datasploit, David Wescott, ExifTool, Foca, Instalooter, IntelTechniques, Knock, Maltego, Metagoofil, Michael Bazzell, OSINT, recon-ng, SpiderFoot, Tinfoleak
First off, Happy New Year! I hope you have a productive and successful 2018. I thought I'd kick off the new year with another exploration of OSINT. In addition to my work ...
toolsmith #129 – DFIR Redefined: Deeper Functionality for Investigators with R – Part 2
You can have data without information, but you cannot have information without data. ~Daniel Keys MoranHere we resume our discussion of DFIR Redefined: Deeper Functionality for Investigators with R as begun in ...
toolsmith #128 – DFIR Redefined: Deeper Functionality for Investigators with R – Part 1
“To competently perform rectifying security service, two critical incident response elements are necessary: information and organization.” ~ Robert E. DavisI've been presenting DFIR Redefined: Deeper Functionality for Investigators with R across the country ...
Toolsmith Tidbit: Windows Auditing with WINspect
WINSpect recently hit the toolsmith radar screen via Twitter, and the author, Amine Mehdaoui, just posted an update a couple of days ago, so no time like the present to give you ...
Toolsmith #127: OSINT with Datasploit
I was reading an interesting Motherboard article, Legal Hacking Tools Can Be Useful for Journalists, Too, that includes reference to one of my all time OSINT favorites, Maltego. Joseph Cox's article also mentions ...
Toolsmith #126: Adversary hunting with SOF-ELK
Russ McRee | | DFIR, ELK, forensics, hunt, kibana, Log Analysis, logging, logstash, Malware Analysis, NFAT, sheepdog, SOF-ELK
As we celebrate Independence Day, I'm reminded that we honor what was, of course, an armed conflict. Today's realities, when we think about conflict, are quite different than the days of lining ...
Toolsmith #125: ZAPR – OWASP ZAP API R Interface
It is my sincere hope that when I say OWASP Zed Attack Proxy (ZAP), you say "Hell, yeah!" rather than "What's that?". This publication has been a longtime supporter, and so many ...