Hello Reader,
Tonight we got Claude 3.7 and GPT 4.5 to write unit tests and documentation for our tool, also our tool is now on Github! Check it out!
https://github.com/dlcowen/CloudTrailLogExplorer
Watch the stream here:
Daily Blog #766: Surviving the breach Episode 0
Hello Reader,
Erik and I have recorded an 'episode 0' which is an introduction episode to the podcast. Next we will put up Episode 2 which is called 'When to fire your IR team'. Here is a link to episode 0 and I hope you like it!
You can listen to it here:
Daily Blog #765: Sunday Funday 3/2/25
Hello Reader,
It's Sunday! This week's challenge is all about Microsoft 365! I know many of you are routinely searching and reviewing Microsoft 365 UAL logs so let's see what you know!
The Prize:
$100 Amazon Giftcard
The Rules:
- You must post your answer before Friday 3/7/25 7PM CST (GMT -5)
- The most complete answer wins
- You are allowed to edit your answer after posting
- If two answers are too similar for one to win, the one with the earlier posting time wins
- Be specific and be thoughtful
- Anonymous entries are allowed, please email them to dlcowen@gmail.com. Please state in your email if you would like to be anonymous or not if you win.
- In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post
- AI assistance is welcomed but if a post is deemed to be entirely AI written it will not qualify for a prize.
What log entries are left behind when the following scenarios occur:
1. A user searches their own mailbox
2. A user searches their own onedrive
3. An administrator searches their own mailbox
4. An administrator searches their own one drive
5. An administrator searches someone else's mailbox
6. An administrator searches someone else's onedrive
Daily Blog #764: Solution Saturday 3/1/25
Hello Reader,
No winner this week, I think sometimes I'm the only person who is digging into these weird topics. That's ok though I'll just do the testing myself and document it in future posts!
The Challenge:
On a Windows 11 or Windows 10 system:
1. Make sure windows search is enabled
2. Create files with unique phrases such as "This is the smoking gun"
3. Make sure the files are indexed and present in the windows search db
4. Delete the document and determine what the trigger method is and the timing for the contents to be deleted from the search database
Bonus: Determine if the deleted records are recoverable
Daily Blog #763: Forensic Test Kitchen trying Chat GPT 4.5!
Hello Reader,
Tonight we continued our exploration of Claude 3.7 in our creation of our CloudTrail downloading tool and even took a detour to Chat GPT 4.5 which solved our issues! Watch below and see how our models interpret our rules files.
Daily Blog #762: Forensic Test Kitchen with Cursor Rules
Hello Reader,
Tonight we continued to expand our usage of Claude 3.7 in Cursor to see if we can see can have the cursor rules files to get our model to behave better. Check out the video below:
Daily Blog #761: Forensic Test Kitchen with more Claude 3.7!
Hello Reader,
Tonight Evan Anderson and I went back into the world of AI code development with Claude 3.7. This time we decided to see if we could make it fix its prior error and add asynch downloads. It didn't end well but it reinforced to us that in the next stream we need to implement .cursorrules! You can watch below:
Daily Blog #760: Forensic Lunch Test Kitchen adding role based discovery to our cloudtrail discovery tool
Hello Reader,
Today we are continuing our exploration of Claude 3.7 and Cursor to add support for AWS role testing for CloudTrail location and access to our CloudTrail discovery tool! It did actually work and we only found one thing that it broke! Watch it below.
Subscribe to:
Posts
(
Atom
)
