https://polymathmonkey.github.io/weblog/artifacts/sans_for608/index.htmlTable of Contents Enterprise Threat Hunting and Incident Response (FOR608) Preparing for the exam: building an index 608.1 – Proactive Detection and Response 608.2 – Scaling Response and Analysis 608.3 – Modern Attacks against Windows and Linux 608.4 – macOS and Docker Containers 608.5 – Cloud Attacks and Response 608.6 – Capstone What I took away from this The unseen hero of OpenBSD: otto’s malloc What this is about Start here: what malloc actually does A brief history: how we got here The internal structure The defense mechanisms, together Why classic heap exploits fail here Comparison with other allocators What I took away from this References Enterprise Threat Hunting and Incident Response (FOR608) My employer booked me back in 2025 onto SANS FOR608 in the on-demand version.Hugoen-usAll text is licensed under a Creative Commons Attribution 4.0 International License.