Containment Detecting Lateral Movement with Windows Event IDs How can you use PowerShell and Event IDs to detect the most important events you need to be aware of and respond to?
Identity A primer on SAML, Golden SAML, Sunburst How the adversary steamrolled customers on-premises, and their cloud, bypassing MFA, and the facts on how we got here and why Microsoft was an enabler of the whole thing
Incident Response A necessary component to any Cyber Incident Response: Containment Incident Response and ContainmentAnyone who does Incident Response (IR), or any Digital Forensics Incident Response (DFIR) process knows that collecting Indicators of Compromise (IOC) is only half the story. Eventually, you’ll need to recover the environment, which inherently means you best have confidence in the IOCs and have a
