2018-12-01 -  Not since Nico Rosberg’s victory in 2016 have we seen two drivers going head to head as closely as Hamilton and Vettel – and it’s been a lot longer since we’ve seen two teams fighting for both the drivers’ and constructors’ World Championships. Lewis Hamilton and Mercedes got there in...

2018-11-23 -  Bit by bit, I’m going to build a Python tool to scrape a Windows system disk image for common forensic artefacts and build a CSV timeline from the evidence gathered. In this first post, I’ll parse and add the data stored in Windows Prefetch files. On my recent SANS course...

2018-11-03 -  As I mentioned in my recent post about what I learnt in my first year as a cyber security consultant, I always keep an ebook handy on my phone so I can learn something new on long train journeys. Most recently, this has been Threat Modeling: Designing for Security. While my...

2018-10-19 -  After a year in cyber security I was given the opportunity to take another SANS training course – FOR500: Windows Forensic Analysis. It was an informative and enjoyable class that culminated in another GIAC certification exam, which I passed this morning. Having completed SEC401: Security Essentials and SEC504: Hacker Tools,...

2018-10-12 -  I recently dipped my toe into the world of SQL for the first time and got my head around the basic operators and statements. Here’s a summary of how to construct basic queries. I’d had brushes with SQL before. Even when I was a journalist, I would do the occasional...

2018-10-05 -  I had a week off recently, so for a bit of fun I embarked on my most ambitious and most complex Python project yet: to scientifically (kind of) predict the outcome of the 2018/19 Premier League season based on the results so far. Those who are particularly fond of buzzwords...

2018-09-22 -  This week I was at SANS London learning about forensics. I’ll post a proper writeup on the the course a bit later (it didn’t actually finish until this afternoon), but I thought I’d attend one of the SANS evening talks to learn something new and flex my rarely-used journalistic muscle....

2018-09-14 -  The bulk of cyber security incidents are fairly simple, but sometimes you end up working with a whole network of hosts that are connected to each other in different ways. With this scenario in mind, I recently set out to explore the possibility of creating a Python script to automatically...

2018-09-07 -  A colleague recently asked me for my advice for new cyber security consultants joining our company, which got me thinking about what I’ve learnt over my first year in the industry. Here are my seven top tips for those just entering the world of security consulting. 1. Get involved with...

2018-08-24 -  A little while ago I wrote about grouping data by multiple fields in Splunk, which is a very useful function that produces hideous export files. I took some time to write a Python script to fix that and make the data a lot more useful for further analysis. For reference,...