About

January 15, 2025 · NobisD | Translations:

Fr

NobisD

Welcome to nobisd.fr. Once a month, you will find an article about forensics, from deploying training labs to digging into attacks through real system and network investigations.

Like Sherlock Holmes, we dive into logs to find the trail.

Who am I?

A cybersecurity profile who enjoys writing and sharing ideas.

What is forensics?

Forensics is the subtle art of exploring all kinds of data to find traces. It is investigative work that requires solid technical skills.

The setup

Always well equipped:

$ cat /etc/nobisd.conf
OS: Arch Linux, obviously
Shell: Nushell
Editor: Nvim
Coffee: Too much. Way too much.

Latest posts

Using cybersecurity graphs for DFIR, detection and threat hunting

Why modeling logs, attack paths and investigation pivots as graphs can help defenders in DFIR, detection and threat hunting.

Forensics at Scale: Using Dissect and ELK for Efficient Investigations

How to use Dissect and ELK to conduct large-scale forensic operations across multiple evidence files

Active Directory DFIR investigation: analyzing a PCAP with Zeek, SMB, RDP and DPAPI

Full network investigation in an Active Directory environment. Detecting initial access, lateral movement, and more.

Network DFIR with Zeek and JupyterLab: preparing an Active Directory PCAP analysis

Introduction to network DFIR using Zeek and JupyterLab

RPC backdoor: implementing and detecting a backdoor

Hijacking a Microsoft protocol to turn it into a backdoor? In this article, focused on the Microsoft ecosystem, we'll see how to implement it and then detect …