tag:blogger.com,1999:blog-9518042.post7371522904344333864..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: LinksUnknownnoreply@blogger.comBlogger6125tag:blogger.com,1999:blog-9518042.post-22938955899819091492016-02-24T23:11:20.285-05:002016-02-24T23:11:20.285-05:00Maybe I'm only speaking for myself, but I do e...Maybe I'm only speaking for myself, but I do enjoy the in the trenches stories. Even if only for providing some insight and background on yourself. Generally there is a bit of wisdom or humor in them that we, some of us at least, can relate to. Keep it up!Anonymoushttps://www.blogger.com/profile/11565440515221182864noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-48820848914960522472016-02-24T09:12:22.895-05:002016-02-24T09:12:22.895-05:00It's unfortunate that there isn't a great ...It's unfortunate that there isn't a great deal of interest in the 'trenches' stories...H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-34356456126832295192016-02-24T03:09:16.561-05:002016-02-24T03:09:16.561-05:00Hi Harlan, actually, I want to write a thesis pape...Hi Harlan, actually, I want to write a thesis paper about Sysmon. I would love to discuss this with you offline. I am in process of getting it approved right now.<br /><br />As for old war stories... I dunno, the Young people these days.. ;)<br />I think your comment is shared by many other skilled and hardworking people who take the time to share their experiences. I am not sure what the answer is here to be honest. For the main fact that we all come to the table from a variety of situations and our needs / interests are not all the same ? Just my guess :)Mitch Impeyhttps://www.blogger.com/profile/15321296469098994211noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-71084912489121022332016-02-24T00:07:05.968-05:002016-02-24T00:07:05.968-05:00Harlan
The trench stories are fun and if I am not ...Harlan<br />The trench stories are fun and if I am not mistaken you have one or two in one of the editions of WFAT. I enjoyed them especially the last one, while I do not have actual experience with terminators it made me recall a diagram in one of my networking books for one of my old college classes that I had to lookup so thanks for that :) <br /><br />I find carbon black to be the best as an endpoint monitoring tool due to the telemetry it collects and how the data is represented. PEcapture is interesting, I will have to check it out.43nsicbothttps://www.blogger.com/profile/10129306415286340173noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-46354135277672848072016-02-22T10:58:16.868-05:002016-02-22T10:58:16.868-05:00Mitch,
Thanks for the comment.
...the tip about ...Mitch,<br /><br />Thanks for the comment.<br /><br /><i>...the tip about PECapture.</i><br /><br />What are your thoughts regarding the use of process creation monitoring tools? How about the benefits of PECapture over something like Sysmon or MS audit configuration settings?<br /><br /><i>... old days of terminators...</i><br /><br />Yeah, I'm not seeing a great deal of interest in the "From the trenches" stuff. I try to find out more about what folks want to see, but since I don't get much in the way of feedback (at least, not stuff that I can actually achieve...), I'm kind of floundering around for content...<br /><br />H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-41477424537952715392016-02-22T10:46:47.285-05:002016-02-22T10:46:47.285-05:00Harlan, thanks for the tip about PECapture. Your c...Harlan, thanks for the tip about PECapture. Your comments about the old days of terminators took me way back. I do not miss them one bit :)Mitch Impeyhttps://www.blogger.com/profile/15321296469098994211noreply@blogger.com