Knowledge Base | Law

Cyber Law

Cybersecurity Law Key Terms

Knowledge Base | Tools

DomainTools — Tool Overview
By

What is DomainTools? DomainTools is a domain and DNS-based cyber threat intelligence platform used by security teams to investigate suspicious domains, IP addresses, and internet infrastructure. It enables security practitioners to stop threats before they happen using internet intelligence data, detection and monitoring tools, and predictive risk scoring. For SOC analysts, DomainTools is primarily used…

Read More DomainTools — Tool Overview
Analysis | Knowledge Base | Techniques | Tools

The Global Hunt (Tanium)
By

Goal: Use a “Fingerprint” (MD5 Hash) to see if a file is on any computer in the company. The “Checklist”

Read More The Global Hunt (Tanium)
Hardware | Knowledge Base

Hard Drives
By

In the world of data storage, SSD and HDD are the two main technologies for storing your files. The difference primarily comes down to moving parts vs. flash memory. HDD (Hard Disk Drive) An HDD is the traditional storage technology. It uses physical, spinning magnetic platters and a moving “read/write head” to access data—much like…

Read More Hard Drives
Analysis | Knowledge Base | Operations | Platforms | Techniques | Threat Intelligence | Tools

Standard Endpoint Investigation
By

Objective: Determine the distribution of a specific file across the environment to establish a baseline for the investigation. Exercise Note: For this instructional walkthrough, a Standard Reference MD5 Hash is utilized. This allows the Analyst to practice the workflow using a known, high-incidence file to ensure the system and parameters are responding as expected. Step…

Read More Standard Endpoint Investigation
Analysis | Knowledge Base

Cyber Analysis 101
By

To look for hashes in your environment, you should check devices using an enterprise EDR or a similar solution with visibility into each connected device. But first, it is recommended to research the hash via a reputation tool such as VirusTotal – Home. To find IP addresses in your environment, use an enterprise SIEM solution…

Read More Cyber Analysis 101
Knowledge Base | Tools

Tanium — Tool Overview
By

What is Tanium? Tanium is an enterprise endpoint management and security platform that enables real-time visibility and control across every device in the environment. Unlike traditional security tools that rely on scheduled scans or passive data collection, Tanium queries endpoints directly and returns results in real time. For SOC analysts, this means the ability to…

Read More Tanium — Tool Overview

Similar Posts