Eric’s Substack
Subscribe
Sign in
Home
Notes
Tools & Resources
General Technology
Archive
Leaderboard
About
New
Top
Discussion
VMware Memory Analysis with MemProcFS
A lab guide for analyzing an infected memory image of a running VMware system with MemProcFS.
May 27
•
Eric Capuano
5
Share this post
VMware Memory Analysis with MemProcFS
blog.ecapuano.com
Copy link
Facebook
Email
Notes
Other
April 2023
Capturing & Parsing Forensic Triage Acquisitions for Investigation Timelining
This guide will walk you though capturing and processing triage acquisitions into forensic timelines, step-by-step, with a VM containing all needed…
Apr 12
•
Eric Capuano
9
Share this post
Capturing & Parsing Forensic Triage Acquisitions for Investigation Timelining
blog.ecapuano.com
Copy link
Facebook
Email
Notes
Other
2
March 2023
Find Threats in Event Logs with Hayabusa
A powerful technique for finding threats in Windows event logs.
Mar 21
•
Eric Capuano
7
Share this post
Find Threats in Event Logs with Hayabusa
blog.ecapuano.com
Copy link
Facebook
Email
Notes
Other
6
A "Thank You" to Paid Subscribers
I sincerely want to thank those of you that are supporting this blog. Here are some resources just for you.
Mar 20
•
Eric Capuano
5
Share this post
A "Thank You" to Paid Subscribers
blog.ecapuano.com
Copy link
Facebook
Email
Notes
Other
1
So you want to be a SOC Analyst? Part 4
Now that we've detected attacks, let's learn to actively block an attack.
Mar 20
•
Eric Capuano
14
Share this post
So you want to be a SOC Analyst? Part 4
blog.ecapuano.com
Copy link
Facebook
Email
Notes
Other
6
Mounting E01 Forensic Images in Linux
So you want to mount an E01 forensic image? This guide will help.
Mar 10
•
Eric Capuano
1
Share this post
Mounting E01 Forensic Images in Linux
blog.ecapuano.com
Copy link
Facebook
Email
Notes
Other
1
Live Incident Response with Velociraptor
A video walk-through of incident handling using the open source Velociraptor agent
Mar 3
•
Eric Capuano
1
Share this post
Live Incident Response with Velociraptor
blog.ecapuano.com
Copy link
Facebook
Email
Notes
Other
February 2023
So you want to be a SOC Analyst? Part 3
Emulating an adversary for crafting detections
Feb 24
•
Eric Capuano
19
Share this post
So you want to be a SOC Analyst? Part 3
blog.ecapuano.com
Copy link
Facebook
Email
Notes
Other
8
So you want to be a SOC Analyst? Part 2
Put on your adversary hat, it's time to make (and observe) some noise
Feb 24
•
Eric Capuano
16
Share this post
So you want to be a SOC Analyst? Part 2
blog.ecapuano.com
Copy link
Facebook
Email
Notes
Other
73
So you want to be a SOC Analyst? Part 1
Set up a small virtualization environment (2 small VMs)
Feb 24
•
Eric Capuano
37
Share this post
So you want to be a SOC Analyst? Part 1
blog.ecapuano.com
Copy link
Facebook
Email
Notes
Other
51
So you want to be a SOC Analyst? Intro
A blog series for someone wanting to get a start as a SOC Analyst
Feb 22
•
Eric Capuano
90
Share this post
So you want to be a SOC Analyst? Intro
blog.ecapuano.com
Copy link
Facebook
Email
Notes
Other
15
PowerShell Artifact - ConsoleHost_History.txt
A great way to understand adversary PowerShell activity on a system.
Feb 16
•
Eric Capuano
3
Share this post
PowerShell Artifact - ConsoleHost_History.txt
blog.ecapuano.com
Copy link
Facebook
Email
Notes
Other
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts
