| 2022-06-10 | Russ McRee | EPSScall: An Exploit Prediction Scoring System App |
| 2022-06-02 | Johannes Ullrich | Quick Answers in Incident Response: RECmd.exe |
| 2021-12-28 | Russ McRee | LotL Classifier tests for shells, exfil, and miners |
| 2021-12-06 | Xavier Mertens | The Importance of Out-of-Band Networks |
| 2021-03-02 | Russ McRee | Adversary Simulation with Sim |
| 2021-01-19 | Russ McRee | Gordon for fast cyber reputation checks |
| 2020-10-23 | Russ McRee | Sooty: SOC Analyst's All-in-One Tool |
| 2020-08-12 | Russ McRee | To the Brim at the Gates of Mordor Pt. 1 |
| 2020-06-30 | Russ McRee | ISC Snapshot: SpectX IP Hitcount Query |
| 2020-04-21 | Russ McRee | SpectX: Log Parser for DFIR |
| 2020-01-21 | Russ McRee | DeepBlueCLI: Powershell Threat Hunting |
| 2019-10-06 | Russ McRee | visNetwork for Network Data |
| 2019-06-04 | Russ McRee | ISC snapshot: r-cyber with rud.is |
| 2019-04-05 | Russ McRee | Beagle: Graph transforms for DFIR data & logs |
| 2018-12-19 | Xavier Mertens | Using OSSEC Active-Response as a DFIR Framework |
| 2018-11-11 | Pasquale Stirparo | Community contribution: joining forces or multiply solutions? |
| 2018-11-04 | Pasquale Stirparo | Beyond good ol' LaunchAgent - part 1 |
| 2018-08-26 | Didier Stevens | "When was this machine infected?" |
| 2018-06-16 | Russ McRee | Anomaly Detection & Threat Hunting with Anomalize |
| 2017-12-14 | Russ McRee | Detection Lab: Visibility & Introspection for Defenders |
| 2017-09-28 | Xavier Mertens | The easy way to analyze huge amounts of PCAP data |
| 2017-07-09 | Russ McRee | Adversary hunting with SOF-ELK |
| 2016-11-20 | Pasquale Stirparo | How many “Epoch” times? Epocalypse.py timestamp converter |
| 2016-10-31 | Russ McRee | SEC505 DFIR capture script: snapshot.ps1 |
| 2015-08-17 | Russ McRee | Tool Tip: Kansa Stafford released, PowerShell for DFIR |
https://www.sans.edu
