Blog

3.13 Adds MemProcFS and Extends the S3 and Recorded Future Sandbox Integrations

December 18, 2024

Start Reading

3.12 Adds Data Exfiltration Detection, USB Devices, and Easier Validation

October 1, 2024

Start Reading

DFIR Breakdown: Impacket Remote Execution Activity – Smbexec

September 20, 2024

Start Reading

DFIR Next Steps: What To Do After You Find A Suspicious Use Of Remote Monitoring & Management Tools

September 9, 2024

Start Reading

DFIR Breakdown: Impacket Remote Execution Activity – atexec

August 29, 2024

Start Reading

DFIR Next Steps: What To Do After You Find a Suspicious Use Of curl.exe

August 19, 2024

Start Reading

DFIR Next Steps: What To Do After You Find a Suspicious Use Of certutil.exe

August 7, 2024

Start Reading

DFIR Breakdown: Using Certutil To Download Attack Tools

July 24, 2024

Start Reading

Access More! BitLocker, new File Explorer, and Export All Files (3.11 release)

June 24, 2024

Start Reading

Limitations of ImpHash for DFIR

Limitations of ImpHash for DFIR

June 20, 2024

Start Reading

Intro to ImpHash for DFIR: “Fuzzy” Malware Matching

June 10, 2024

Start Reading

DFIR Artifacts for a Trojan Defense and Remote Access

June 4, 2024

Start Reading