Posts

DFIR & Threat Hunting: Why Graphs Change Everything

Why modelling security data as graphs improves DFIR and threat hunting, with examples based on Zeek, Neo4j, BloodHound and JACG.

May 18, 2026 · NobisD

Forensics at Scale: Using Dissect and ELK for Efficient Investigations

How to scale forensic investigations with Dissect, Logstash and ELK to extract, centralise and search artefacts across multiple machines.

April 6, 2026 · NobisD

Active Directory DFIR investigation: analyzing a PCAP with Zeek, SMB, RDP and DPAPI

DFIR analysis of an Active Directory PCAP with Zeek to reconstruct initial access, SMB/RDP lateral movement and DPAPI-related activity.

February 27, 2026 · NobisD

Network DFIR with Zeek and JupyterLab: preparing an Active Directory PCAP analysis

Introduction to network DFIR on an Active Directory PCAP with Zeek and JupyterLab to prepare the investigation, inspect logs and build first pivots.

February 20, 2026 · NobisD

RPC backdoor: implementing and detecting a backdoor

Walkthrough of an RPC backdoor in a Microsoft environment, covering DCE/RPC internals, malicious interface implementation and network/host detection.

January 22, 2026 · NobisD

Deploying an Active Directory lab with ludus on Proxmox

Step-by-step guide to building an Active Directory lab with Ludus on Proxmox, including templates, VLAN networking and a Kali VM.

December 29, 2025 · NobisD

Preamble

Introduction to NobisD, a technical blog about cybersecurity, labs, Active Directory, DFIR and practical learning.

December 15, 2025 · NobisD