[SANS ISC] Investigating Microsoft BITS Activity

I published the following diary on “Investigating Microsoft BITS Activity“: Microsoft BITS (“Background Intelligent Transfer Service”) is a tool present[1] in all modern Microsoft Windows operating systems. As the name says, you can see it as a “curl” or “wget” tool for Windows. It helps to transfer files between


CoRIIN 2018 Wrap-Up

A security conference does not need to be “big” to be interesting. Size doesn’t matter with security conferences ;-). I’m in Lille, France where I attended the conference called “CoRIIN“. This event is held in French and means “Conférence sur la réponse aux incidents et l’investigation numérique” or “Incident Response


[SANS ISC] Comment your Packet Captures!

I published the following diary on “Comment your Packet Captures!“: When you are investigating a security incident, a key element is to take notes and to document as much as possible. There is no “best” way to take notes, some people use electronic solutions while others are using good

1 2