Stop Spoofing Yourself! Disabling M365 Direct Send
Remember the good ‘ol days of Zip drives, Winamp, the advent of “Office 365,” and copy machines that didn’t understand email authentication? Okay, maybe they weren’t so good! For a […]
Patterson Cake
OSINT for Incident Response (Part 2)
Be sure to read PART 1! Metadata and a New-Fashioned Bank Robbery Let’s face it, some cases are just more interesting than others and, when you do incident response for […]
OSINT for Incident Response (Part 1)
Being a digital forensics and incident response consultant is largely about unanswered questions. When we engage with a client, they know something bad happened or is happening, but they are […]
Wrangling the M365 UAL with SOF-ELK and CSV Data (Part 3 of 3)
Patterson Cake // PART 1 PART 2 In part one of “Wrangling the M365 UAL,” we talked about acquiring, parsing, and querying UAL data using PowerShell and SOF-ELK. In part […]
Wrangling the M365 UAL with SOF-ELK on EC2 (Part 2 of 3)
Patterson Cake // In PART 1 of “Wrangling the M365 UAL,” we talked about the value of the Unified Audit Log (UAL), some of the challenges associated with acquisition, parsing, […]
Wrangling the M365 UAL with PowerShell and SOF-ELK (Part 1 of 3)
Patterson Cake // When it comes to M365 audit and investigation, the “Unified Audit Log” (UAL) is your friend. It can be surly, obstinate, and wholly inadequate, but your friend […]