Eric’s Substack
Subscribe
Sign in
Home
Notes
Tools & Resources
General Technology
Archive
Leaderboard
About
Latest
Top
Discussions
Atomic & Stateful Detection Rules
Harnessing the Power of Precision and Context in Detection Engineering
Oct 14
•
Eric Capuano
11
Share this post
Eric’s Substack
Atomic & Stateful Detection Rules
Copy link
Facebook
Email
Notes
More
1
April 2024
Prefetch Analysis Lab
Analyze evidence of execution artifacts from a data breach investigation.
Apr 29
•
Eric Capuano
22
Share this post
Eric’s Substack
Prefetch Analysis Lab
Copy link
Facebook
Email
Notes
More
2
November 2023
So you want to be a SOC Analyst? 2.0
A revamp of the original SYWTBSA blog series, condensed and self-contained in a cloud-hosted lab VM. No local VM required!
Nov 3, 2023
•
Eric Capuano
19
Share this post
Eric’s Substack
So you want to be a SOC Analyst? 2.0
Copy link
Facebook
Email
Notes
More
1
October 2023
So you want to be a SOC Analyst? Part 6
Let's get a little more advanced with our detection rules by leveraging automated YARA scanning.
Oct 30, 2023
•
Eric Capuano
9
Share this post
Eric’s Substack
So you want to be a SOC Analyst? Part 6
Copy link
Facebook
Email
Notes
More
20
So you want to be a SOC Analyst? Part 5
So now you can write detections, which means you will soon learn about false positives; let's practice tuning those.
Oct 29, 2023
•
Eric Capuano
11
Share this post
Eric’s Substack
So you want to be a SOC Analyst? Part 5
Copy link
Facebook
Email
Notes
More
4
Threat Hunting with Velociraptor - Long Tail Analysis Lab
Leverage "rarity" in Velociraptor hunts to identify outliers with a hands-on lab using data generated from 10 systems, one of which is compromised.
Oct 28, 2023
•
Eric Capuano
9
Share this post
Eric’s Substack
Threat Hunting with Velociraptor - Long Tail Analysis Lab
Copy link
Facebook
Email
Notes
More
May 2023
VMware Memory Analysis with MemProcFS
A lab guide for analyzing an infected memory image of a running VMware system with MemProcFS.
May 27, 2023
•
Eric Capuano
7
Share this post
Eric’s Substack
VMware Memory Analysis with MemProcFS
Copy link
Facebook
Email
Notes
More
April 2023
Capturing & Parsing Forensic Triage Acquisitions for Investigation Timelining
This guide will walk you though capturing and processing triage acquisitions into forensic timelines, step-by-step, with a VM containing all needed…
Apr 12, 2023
•
Eric Capuano
11
Share this post
Eric’s Substack
Capturing & Parsing Forensic Triage Acquisitions for Investigation Timelining
Copy link
Facebook
Email
Notes
More
8
March 2023
Find Threats in Event Logs with Hayabusa
A powerful technique for finding threats in Windows event logs.
Mar 21, 2023
•
Eric Capuano
11
Share this post
Eric’s Substack
Find Threats in Event Logs with Hayabusa
Copy link
Facebook
Email
Notes
More
6
A "Thank You" to Paid Subscribers
I sincerely want to thank those of you that are supporting this blog. Here are some resources just for you.
Mar 20, 2023
•
Eric Capuano
10
Share this post
Eric’s Substack
A "Thank You" to Paid Subscribers
Copy link
Facebook
Email
Notes
More
3
So you want to be a SOC Analyst? Part 4
Now that we've detected attacks, let's learn to actively block an attack.
Mar 20, 2023
•
Eric Capuano
22
Share this post
Eric’s Substack
So you want to be a SOC Analyst? Part 4
Copy link
Facebook
Email
Notes
More
20
Mounting E01 Forensic Images in Linux
So you want to mount an E01 forensic image? This guide will help.
Mar 10, 2023
•
Eric Capuano
2
Share this post
Eric’s Substack
Mounting E01 Forensic Images in Linux
Copy link
Facebook
Email
Notes
More
1
Share
Copy link
Facebook
Email
Notes
More
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts
