Skip to main content

Posts

Showing posts from December, 2023

Email

300 Emails? It was 24 hours! I would have never thought as a front line manager of a small team that I could receive as much email as I do. It’s so overwhelming, I’ve taken to putting my Out of Office as “Due to the volume of email, I will be deleting all email received in my absence. Please hold important correspondence til my return on 3 January 2024”! So, how do we communicate to our peers and leaders if they’re also receiving this much email, or multitudes more? I propose a simple solution. A quick to remember and learn writing template for emails born of years of military correspondence, when seconds mattered, and enough time in the corporate world to know that it’s on me to communicate effectively. I originally adapted this from a business correspondence course, bolted on some pieces from the Army, and its served me well through out the years. I don’t quite get a 100% response rate, but it’s in the high 90’s. Take it, modify as it fits your needs and situations a
Read more

Savory Dutch Babies

Ingredients: 1/4 Stick butter 1/2C AP flour 3/4C room temp milk 3 room temp eggs Salt pepper mace nutmeg allspice etc if you want it Blend it or whisk it until homogeneous  Put a castiron in a cold oven at 425°.  Remove when preheat finishes and melt in a 1\4 stick of butter.   Pour in batter.  Top with parm and fresh herbs.  Cook 15m.
Read more

Velociraptor Offline Collector

This is a living document and may be incomplete. Updated 1DEC2023 Locating Evidences of Execution using Prefetch, Velociraptor, and Zimmerman’s PECmd Prefetch is a common Windows artifact used for determining the first and last incidences of a program being executed. This file is a binary blob stored at $:\Windows\Prefetch and consists of a series of files named APPLICATION-GUID.pf . These files contain the name of the executable, the last n run date time groups a hash of the executable and path, and a list of files accessed by the .exe in the first few seconds of loading. Tools Recommended: Get-ZimmermanTools.ps1 Velocidex/Velociraptor KAPE - note, it’s necessary to provide the vendor with your email to obtain KAPE but it will make your life much much easier. Using Velociraptor to collect forensic artifacts from a Live System Download Velociraptor and from an admin/sudo command prompt/CLI run velociraptor gui A browser will pop up, Accept and Continue when warned ab
Read more