London, UK >  A cyber security professional observing technology, business, and culture with a skeptical – but never cynical – eye, and scratching a writing itch from a previous life as a journalist.

Recent blog posts

View all
Feed
Endpoint detection and response (EDR) - setting the record straight
 -  When I went to bed on the evening of Friday 19th July, I couldn’t sleep. It was a stuffy summer’s night in London, and the adrenaline was still pumping through my veins after one of the more notable days in recent memory for cyber security. Still,...
Centralisation, repeatability, and automation in a modular SOC
 -  The dictionary definition of “modular” leaves a little to be desired: “Employing or involving a module or modules as the basis of design or construction.” What is implied, but that I would make explicit, is that parts of the whole can be swapped o...
Cyber security sometimes means learning things backwards
 -  Stick around cyber security Twitter or LinkedIn for long enough and you’ll likely see somebody raise a question about how to get into the industry. You’ll also likely see a reply that describes a kind of rite of passage from sysadmin, to SOC analy...
Using winget to automate software deployment to a new laptop
 -  I got my first new laptop in six years this week! The new hardware is definitely exciting, but reviews aren’t really my thing, so while I’ll inevitably tweet about how the Microsoft Surface Laptop fares, that’s not the purpose of this post. This i...
2023: Thoughts on new challenges and sharing experiences
 -  A belated happy new year! If you’re reading this, I hope you have a terrific 2023. I recently went back and read some old posts that have long since been deleted from this blog - writings from my journalism days that reminded me of my perspectives...
Investigating Explorer's temporary ZIP folders and retrieving files
 -  If I was to describe how often malware is downloaded within ZIP archives, “common” would be a huge understatement. A key artefact in these investigations is the temporary directory Windows creates when a user opens an archive in Explorer, but I re...
Parsing login sessions from the Windows event log with PowerShell
 -  Faced with a day at home recovering from my most recent COVID-19 booster vaccine, I realised I hadn’t written anything more than a few lines of PowerShell in a while and decided to spend some time working on something interesting. The idea occurre...
Using Tkinter to build simple GUIs for Python apps
 -  I’ve written many Python scripts and apps in the past, including my Windows backup utility Backutil, which is probably the my most complex project to date. But I’ve always designed these to run in the background or on the command line, and haven’t...
Linux .bash_history: Basics, behaviours, and forensics
 -  During any incident investigation on a Linux system, one of the most valuable things for responders and forensicators to establish is which commands were run. This is key to finding out what an attacker or malicious user was attempting to do, and ...
SANS Holiday Hack Challenge 2021: Slot machine walkthrough
 -  Here’s one more writeup from the SANS Holiday Hack Challenge! The slot machine hack was one of the showpiece challenges this year, so I thought I’d put together a quick blog post to guide you through the process of identifying and exploiting a vul...

📓

Field Notes newsletter

A monthly collection of observations, ideas in progress, and the best books, podcasts, and articles I discover

Categories

Index & pages

Blog index

Thinking about

Digital journalism
Coincidentally, in the space of a week I encountered both Zach Seward's article about Quartz and Craig Mod's excellent podcasts with Tim Ferriss. Both evoked fond memories of my time in journalism and the buzz surrounding digital journalism and media in the 2010s

Interests

  • Cyber security
  • Tech
  • Python
  • PowerShell
  • JavaScript
  • F1
  • Reading
  • Writing
  • Psychology
  • Philosophy
  • Exercise
  • Running
  • Gaming
  • Football
  • Music
  • Guitar