2018-10-19 -  After a year in cyber security I was given the opportunity to take another SANS training course – FOR500: Windows Forensic Analysis. It was an informative and enjoyable class that culminated in another GIAC certification exam, which I passed this morning. Having completed SEC401: Security Essentials and SEC504: Hacker Tools,...

2018-09-22 -  This week I was at SANS London learning about forensics. I’ll post a proper writeup on the the course a bit later (it didn’t actually finish until this afternoon), but I thought I’d attend one of the SANS evening talks to learn something new and flex my rarely-used journalistic muscle....

2018-09-14 -  The bulk of cyber security incidents are fairly simple, but sometimes you end up working with a whole network of hosts that are connected to each other in different ways. With this scenario in mind, I recently set out to explore the possibility of creating a Python script to automatically...

2018-09-07 -  A colleague recently asked me for my advice for new cyber security consultants joining our company, which got me thinking about what I’ve learnt over my first year in the industry. Here are my seven top tips for those just entering the world of security consulting. 1. Get involved with...

2018-08-24 -  A little while ago I wrote about grouping data by multiple fields in Splunk, which is a very useful function that produces hideous export files. I took some time to write a Python script to fix that and make the data a lot more useful for further analysis. For reference,...

2018-08-10 -  It only took me half a year since its UK release, but I’ve finally finished reading InfoSec Rock Star, a book written by one of my old SANS instructors that touches on everything from dress codes to negotiation tactics for cyber security professionals. Disclaimer: Just so you’re aware before you read...

2018-07-22 -  Splunk is a powerful tool, but with so many available functions and hit-and-miss coverage on forums it can sometimes take some trial and error to get queries right. Here’s what I pieced together to perform a count on a subset of events and group the data by two fields… As...

2018-06-23 -  We all use passwords every day, but how exactly do they work? It would be easy to assume that the services we use all hold huge databases with our usernames and passwords side by side, but the reality is much more interesting – and, of course, much more secure. It’s...

2018-06-01 -  The security operations centre (SOC) is the heart of a firm’s cyber defences. Here are the basic elements and processes that a SOC uses to monitor for and respond to security incidents. Cyber security has a staffing problem. With so many roles out there and so few people with the...

2018-05-13 -  A while ago I wrote a post about using Python to parse tcpdump output for domains and URLs. Recently, I started to wonder if I could take that a step further. What if the DNS requests I saw could be checked against a blacklist in real time? And what if...