Auditing GSuite Login Activity

Often times during incident response activities, the responder is overwhelmed with data. The need for tools to automate the analysis and enhancement of this data is crucial. This is the concept behind many SIEM tools, as well as Cortex, the analyzer engine of one of my favorite incident response collaboration…

When Browser Extensions Go Rogue

So it's a random Wednesday night and I'm studying for my GIAC GCFE exam (which I just passed recently, woohoo!) and I take a quick break to read a news article or two... No shortage of those given recent election events! First article I browsed to, predictably and annoyingly greeted…

Macro Security for Enterprise Defenders

In my experience, one of those most prevalent and common threats to today‚Äôs enterprise networks comes in the form of malicious email attachments (shocker!). Attackers leverage document types that are most likely accessible to software installed on the victim endpoint, making Microsoft Office a prime target. Yes, in 2016,…