Category Archives: Uncategorized

TTLs and where to find them

Recently I have been conducted a lot of interviews for SOC Analysts; one of the questions I ask is as follows: You are reviewing your DNS logs and find an answer to a DNS query which shows rabbitcoldhotel.evil.com on <AnyExternalIP> … Continue reading

Posted in Network Analytics, Network Forensics, Uncategorized | Tagged , , , , | 2 Comments

Tip of the Hat to Phase 2a – Assessment & Engagement

This step is not included in the 6 step model which I set out at the start of this series, however during my research I was directed to this post by Steve Armstrong. In it he mentions: “Assessment and Engagement … Continue reading

Posted in Uncategorized | Leave a comment