grab your free book on Cyber-Ops here.
Going to try something new.
I spend a lot of time reading blog posts, articles, books on DFIR related topics, some of which are quite good. This series of posts is an attempt to showcase some of the articles i find enlightening, good, interesting, etc.
First post: From Dark Reading
I thought this was the greatest:
“…where I have seen post-incident reviews excel is by leveraging the Kill Chain model to systematically break down the attack. Using the KC as a framework to answer questions as to how the attack played out, and dissecting each step for what the adversary did and why it worked, may provide a wealth of understanding of the attack, the actor, and what should be done afterwards.”