Puppet Re-provisioning Guide
January 3, 2017
This document aims to create a complete checklist for puppet re-provisioning NOTE: The SA head unit...
How to deobfuscate malicious browser scripts using a script debugger
December 31, 2016
1.The sample.html file to add the debugger; statement in the beginning of the script 2.load...
Threat: GRIZZLY STEPPE
December 30, 2016
The FirstWatch team is constantly tracking various threats and threat actors. As part of their...
2017: time for a wake-up call
December 29, 2016
I am keenly aware that many of us are carrying lots of baggage due to the myriad of 2016 happenings...
Malware - Spectrum - What's involved...
December 23, 2016
This might help illustrate all the components and levers in place to make Malware/Spectrum function...
Using an ESA Rule to run a command on a windows machine
December 22, 2016
A colleague here at RSA posed an interesting problem so I thought I would share with you how I...
Applying 10.6.1.1 patch on 10.6.0.0 (unofficial!)
December 22, 2016
The Security Analytics/NetWitness Suite Patch releases can be installed on Service Packs, but not...
Log - Lateral Movement - Logging required eventID's ?
December 20, 2016
This is a helper report for the lateral movement report pack and alerting capability that was...
Popcorn-Time Ransomware
December 16, 2016
During the week of Dec 12th, FirstWatch took a look at popcorn-time ransomware and its novel...
NetWitness Suite 10.6.2/10.6.0/10.5.2 Mixed-mode Upgrade
December 15, 2016
Per request from external teams, I experimented with the NetWitness Suite/Security Analytics 10.6.2...