Get involved in the exciting world of Digital Forensics and Incident Response with: Traffic Light Protocol. The Digital Forensics Podcast. In each episode, we sit down with seasoned DFIR professionals, the blueteamers who work around the clock to investigate cyber intrusions. From data breaches to cyberattacks, they share firsthand accounts of some of the most intense investigations they've ever tackled, how they deal with burnout and the added pressure of cat and mouse while they learn abou ...
…
continue reading
1
Episode 15 -Windows event log analysis with Hayabusa. The Sigma-based log analysis tool
23:20
23:20
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
23:20
Send us a text Key Takeaways: Introduction to Hayabusa: Hayabusa is an open-source Windows Event Log Analysis Tool used for processing EVTX logs to detect suspicious activities in Windows environments. Critical Alerts Detection: The tool is capable of detecting a variety of suspicious activities, including WannaCry ransomware and unauthorized Activ…
…
continue reading
1
Episode 14 - AI and the future of log analysis, bug detection, forensics and AI ethical considerations with Jonathan Thompson
1:08:33
1:08:33
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
1:08:33
Send us a text In this episode of Traffic Light Protocol, Clint Marsden is joined by Jonathan Thompson, a developer and AI enthusiast currently studying at Macquarie University. Together, they dive into how artificial intelligence (AI) is transforming the cybersecurity landscape and discuss Jon’s insights into AI’s potential applications in digital…
…
continue reading
1
Episode 13-ELK EDR and Sandboxing, Home grown CTF environments, DFIR Automation & Forensics in the cloud, with Jacob Wilson
54:55
54:55
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
54:55
Send us a text Episode 13 is another giant episode with a focus on what its like be in the mud working on real life forensic investigations. Jacob and Clint talk about ELK EDR, using Sysmon. Sandbox Environments: Jacob discusses the creation of a sandbox environment using an ELK stack combined with Sysmon, enabling in-depth malware analysis by capt…
…
continue reading
1
Episode 12 - You're forced to decide: Cyber Generalist or Cyber Specialist?
17:47
17:47
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
17:47
Send us a text Quotes: “In the fast-paced world of DFIR, you are a mission critical system. Your job isn’t just to uncover what happened during an incident, but to do so in a way that gets results fast.” “Specialists bring expertise that pushes the entire industry forward, while generalists offer versatility and adaptability in the ever-changing la…
…
continue reading
1
Episode 11 - Velociraptor, Containerisation and Infrastructure Deployed as Code with Myles Agnew
52:46
52:46
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
52:46
Send us a text In this episode of Traffic Light Protocol, we sit down with Myles, a cybersecurity veteran with over 15 years of Cyber experience and background as a Combat Engineer in the Army. Myles brings his unique perspective on integrating automation and cloud technologies into cybersecurity infrastructure deployment (Used specifically when de…
…
continue reading
1
Episode 10 - Detecting and Preventing Phishing Attacks
19:04
19:04
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
19:04
Send us a text Quotes: "Phishing targets the human element, the 'wetware,' often the weakest link in any security chain." - Clint Marsden "Phishing isn't just about poorly spelled emails anymore; it's about sophisticated campaigns that even cyber-aware individuals can fall victim to." - Clint Marsden "Effective defense against phishing involves not…
…
continue reading
1
Episode 9 -Unmasking APT40 (Leviathan): Tactics, Challenges, and Defense Strategies
21:48
21:48
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
21:48
Send us a text Episode Title: "Unmasking APT40: Tactics, Challenges, and Defense Strategies" Key Takeaways: APT40 is a sophisticated Chinese state-sponsored cyber espionage group active since 2009. They target various sectors including academia, aerospace, defense, healthcare, and maritime industries. APT40 uses advanced tactics such as spear phish…
…
continue reading
1
Episode 8 - Hidden digital forensic logging for Cybersecurity on Any Budget: Practical Strategies for Enhanced Detection and Prevention Using Sysmon, Blocking Data Exfil with group policy and printer forensics ...
19:57
19:57
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
19:57
Send us a text In this episode, Clint Marsden goes straight into 4 practical strategies that enable better forensics and stop data exfiltration, no matter the size of your budget. Clint covers deploying Sysmon for enhanced monitoring, and using Group Policy to tighten print and USB security. Event log cleared: Event ID 1102 ACSC Sysmon: https://git…
…
continue reading
1
Episode 7 - Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures
17:07
17:07
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
17:07
Send us a text In todays episode of TLP - Traffic Light Protocol, Clint Marsden talks about Defending Against Scattered Spider: Understanding Their Tactics, Techniques, and Procedures. Key Takeaways Understanding Scattered Spider: Scattered Spider, also known as Roasted Octopus or Octo Tempest, utilizes various legitimate tools for malicious purpos…
…
continue reading
1
Episode 6 - Responding to ransomware - is your VPN a target? Plus ransomware risk mitigation with Phil Ngo
26:11
26:11
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
26:11
Send us a text In this episode, we speak with Phil Ngo, a Primary Investigator in Accenture's global cyber response team. As a primary investigator, he is responsible for helping clients recover from major incidents as well as delivering proactive cyber services, such as threat hunting and tabletop exercises. Philip started his career as a high sch…
…
continue reading
1
Episode 5 - NIST SP 800-61 Computer Security Incident Handling Guide (Post-Incident Activity)
33:06
33:06
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
33:06
Send us a text This is the biggest episode from a content perspective so far. I'm excited to share it with you. Episode Highlights: How to run post-incident debriefs and post-mortems. Involving external teams Using lessons learned to form actionable insights. Key questions to address in incident analysis. Effective report writing strategies, includ…
…
continue reading
1
Episode 4 - NIST SP 800-61 Computer Security Incident Handling Guide (Containment,Eradication and Recovery)
22:10
22:10
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
22:10
Send us a text Show Notes: Episode on Containment, Eradication, and Recovery In this episode of Traffic Light Protocol, Clint Marsden explores the containment, eradication, and recovery phases of the NIST SP 800-61 framework for computer security incident handling. Key Topics Covered: Containment Strategies: Choosing appropriate containment methods…
…
continue reading
1
Episode 3 - (Part 2) NIST SP 800-61 Computer Security Incident Handling Guide (Detection)
11:41
11:41
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
11:41
Send us a text In this conclusion of the Detection phase, Clint wraps up Incident Prioritisation. This includes Functional impacts of the incident, information impact of the incident and the recoverability of the incident. Not all of these are needed, or relevant when tracking your incident and Clint explains when to categorise incidents using thes…
…
continue reading
1
Episode 3 - NIST SP 800-61 Computer Security Incident Handling Guide (Detection)
46:52
46:52
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
46:52
Send us a text In this 45 minute episode Clint covers a lot of ground based on the Detection phase of NIST 800-61. Attack vectors for digital security incidents, including insider threats and weaponized USBs. Cybersecurity incident response and detection, including NIST guidelines and Sysmon logging augmentation The importance of following temporal…
…
continue reading
1
Episode 2 - NIST SP 800-61 Computer Security Incident Handling Guide (Preparation)
27:17
27:17
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
27:17
Send us a text In this Episode Clint Marsden talks about the first phase of Computer Security Incident Handling according to NIST. Listen to real world examples of how to get prepared before a Cyber Security Incident arrives. Show notes: Link to NIST SP 800-61 PDF https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf Bro has be…
…
continue reading
1
Episode 1 - Digital forensics trends and preparations, learning from real life case studies & DFIR training for getting started
23:27
23:27
「あとで再生する」
「あとで再生する」
リスト
気に入り
気に入った
23:27
Send us a text In this first episode we kick off with Clint Marsden, the host of Traffic Light Protocol (TLP) where he talks about what its like to work in DFIR, how to get started with Cyber training, what to expect in future episodes, and of course a light touch on AI Forensics! Join us for the first episode. The next episodes coming up talk abou…
…
continue reading