• Windows Events log for IR/Forensics Part 1
• Mozilla Server Side TLS
• Parsing 10TB of Metadata, 26M Domain Names and 1.4M SSL Certs for $10 on AWS
• Awesome Malware Analysis List
• How To Build And Run A SOC for Incident Response - A Collection Of Resources
• A Simple Hunting Maturity Model
• The Problems with Seeking and Avoiding True Attribution to Cyber Attacks
• Tools to Detect Routing Anomalies
• Lean Threat Intelligence, Part 1: The plan
• Lean Threat Intelligence Part 2: The foundation
• Lean Threat Intelligence Part 3: Battling log absurdity with Kafka
• Research Spotlight: Detecting Algorithmically Generated Domains
• The New and Improved R Shodan Package
• Gamification in the SOC & IRT
• Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory
• Intelligence Concepts - F3EAD
• Incident Response Hunting Tools
• How Cybersecurity Insurance Will Take Over InfoSec
• awesome list of honeypot resources
• GraphGist: Cyber security and attack analysis
• ATT&CK
• Advanced Defense Posture Assessment
• Goin' huntin'
• APT Detection Framework
• Protecting Windows Networking - Dealing with Credential Theft
• Monitoring pastebin.com within your SIEM
• Mitigating DDoS Attacks with NGINX and NGINX Plus
• Amazon Inspector – Automated Security Assessment Service
• My First 5 Minutes On A Server; Or, Essential Security for Linux Servers

Presentations

• Large Scale Malware Analysis
• Hunting Through RDP Data
• Incident Response - Taking CSIRT Modeling to the next level

Papers

• AmpPot: Monitoring and Defending Against Amplification DDoS Attacks