Incident Responder turned developer
Cyber security nerd who enjoys building tools to support investigations. After leading numerous DFIR engagements, I enjoy building tools to enrich the analysis of security incidents and enable efficient investigation. Threat data, infrastructure security, and data enrichment are among the problem spaces I enjoy focusing on. Generally tinkering with new Python packages, CLI tools, and data analysis utilities.
Skills: Python Rust Web development Django AWS SQL DFIR DevOps CDK Ansible Docker/Containers Windows/Linux/macOS CI/CD Mentoring Project management
Free reference for common tasks encountered when implementing DFIR scripts. These short snippets provide copy/paste templates to use to start parsing registry hives, analyzing Windows events, and reporting on JSON data. Open for contributions on GitHub and for use in your project!
Website GitHubA collection of resources to ease the process of integrating secure development practices. Includes a roadmap with suggested tools and how to install and configure them.
GitHubA honeypot that you can set up in a weekend to capture RDP traffic and share out findings via a Mastodon/Twitter/Pastebin bot. Includes enrichment of the observation and aggregation of statistics.
Blog Series MastodonThis book exhibits many of the Python libraries commonly used in digital forensics through small scripts (or recipes). Across the 60+ recipes, we explore how to process files with embedded metadata, parsing common file and registry artifacts, processing evidence stored as E01 files, integrating Python with common tools such as Axiom, EnCase, and Cellebrite, and much more. This book is available as Paperback & E-Book.
Packt Publishing Amazon GitHubLearn the art of designing, developing, and deploying innovative forensic solutions through Python scripting. Staring with the basics and building on them chapter by chapter with practical examples. This book is available as Paperback & E-Book.
Packt Publishing Amazon GitHub