https://polymathmonkey.github.io/weblog/categories/forensic/index.htmlHugoen-usAll text is licensed under a Creative Commons Attribution 4.0 International License.Wed, 22 Apr 2026 07:09:36 +0200https://polymathmonkey.github.io/weblog/artifacts/sans_for608/index.htmlFri, 20 Mar 2026 07:39:00 +0100https://polymathmonkey.github.io/weblog/artifacts/sans_for608/index.htmlTable of Contents Enterprise Threat Hunting and Incident Response (FOR608) Preparing for the exam: building an index 608.1 – Proactive Detection and Response 608.2 – Scaling Response and Analysis 608.3 – Modern Attacks against Windows and Linux 608.4 – macOS and Docker Containers 608.5 – Cloud Attacks and Response 608.6 – Capstone What I took away from this Enterprise Threat Hunting and Incident Response (FOR608) My employer booked me back in 2025 onto SANS FOR608 in the on-demand version.https://polymathmonkey.github.io/weblog/artifacts/rescuetotheraid/index.htmlWed, 15 Oct 2025 19:03:00 +0200https://polymathmonkey.github.io/weblog/artifacts/rescuetotheraid/index.htmlIntroduction So I had this USB Disk attached to my OpenBSD Router used as storage, one saturday when I was walking by I noticed the weird clicking sounds from the disk. So I knew my time was running before the disc would fail. Curiously, when I plugged the same drive into a Linux box, it was detected and even showed a valid OpenBSD partition table. That gave me a glimmer of hope: maybe the hardware wasn’t completely dead yet.