Phill Moore
Phill Moore
https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/verify-first-party-apps-sign-in
https://github.com/invictus-ir/ALFA Presentation on threat hunting in m365 Presentation on hunting google workspace
https://www.sans.org/posters/enterprise-cloud-forensics-incident-response-poster/
http://learndmarc.com
It would be great after switching to the text viewer in the preview widget if you could set the number of rows to display. This is currently tied to the...
Very low prio request but would be cool to be able to flag CHM files that contain executable file formats Example of malicious use case: https://www.docguard.io/microsoft-compiled-html-help-chm-using-in-spearphishing-attack/ More research required to...
Would be great to have an OLE plugin to use to parse Jumplists and other OLE containers directly. This is probably already here somewhere because there's the olevba plugin, would...
looking at the Windows.Registry.NTUSER artifact, it would be great to have it updated to do an API read of HKU first, and then only raw read the hives that arent...
Have seen this quite a lot, but have not good a good idea as to why this occurs.  This is a client running 0.6.8-2 (server 0.6.9). It can receive...
it would be great if the default "LIMIT 50" was configurable. At the very least 50 is way too small for a default, 500 or even 5000 would be better....