Triage Archives

FlowCarp Identifies Protocols

Erik Hjelmvik | May 4, 2026 | FlowCarp, Mirai, pcap-broker, Protocol Identification, tcpdump, Triage

I am thrilled to announce the release of a brand new tool called FlowCarp! FlowCarp is a simple command line tool that performs a very complicated task. It identifies the application layer ...

NETRESEC Network Security Blog

charlotte, AI, security, crowdstrike, agentic ai, GenAI, NHIs, human, cybersecurity, GenAI, artificial intelligence, cyber risks, threats, cybersecurity

CrowdStrike Charlotte AI Detection Triage Aims to Boost SOC Efficiency

Nathan Eddy | February 20, 2025 | Agentic AI, AI, CrowdStrike, SOC, Triage

CrowdStrike launched Charlotte AI Detection Triage, a platform based on agentic AI, which automates detection triage — the aim is to reduce workloads for security operations centers (SOCs) ...

Security Boulevard

EvilExtractor Network Forensics

Erik Hjelmvik | April 26, 2023 | 1-Password-Cookies, 193.42.33.232, 2-Credentials, 3-Files, 89.116.53.55, ANY.RUN, EvilExtractor, FTP, KK2023.zip, NetworkMiner, sandbox, tria.ge, Triage

I analyzed a PCAP file from a sandbox execution of the Evil Extractor stealer malware earlier today. This stealer collects credentials and files of interest from the victim's computer and exfiltrates them ...

NETRESEC Network Security Blog

Hunting injected processes by the modules they keep

davehull | August 5, 2020 | analysis, digital investigations, Incident Detection, Incident Response, IR, Kansa, Kansa collector command line arguments, Kansa collectors, Triage, Windows

A relatively recent post showed how Metasploit's Meterpreter module made some noise on endpoints when the migrate command was used to move the agent code into a legitimate process, spoolsv.exe in our ...

trustedsignal -- blog

Analyzing an Instance of Meterpreter’s Shellcode

davehull | July 25, 2020 | analysis, DFIR, Digital Forensics, digital investigations, forensics, Incident Response, IR, Malware, Triage

In my previous post on detecting and investigating Meterpreter's Migrate functionality, I went down a rabbit hole on the initial PowerShell attack spawned by and Excel macro. In that payload was a ...

trustedsignal -- blog

The DFIR Hierarchy of Needs & Critical Security Controls

Russ McRee | December 31, 2016 | asset inventory, Detection, DFIR, hunt, telemetry, threats, Triage

As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, consider Matt Swann's Incident Response Hierarchy of Needs. Likely, at some point in ...

HolisticInfoSec™

Triage

FlowCarp Identifies Protocols

CrowdStrike Charlotte AI Detection Triage Aims to Boost SOC Efficiency

EvilExtractor Network Forensics

Hunting injected processes by the modules they keep

Analyzing an Instance of Meterpreter’s Shellcode

The DFIR Hierarchy of Needs & Critical Security Controls

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On