Welcome to NobisD, a little blog where you can share technical ideas and resources about cybersecurity. There’s no strict editorial line here, just the desire to offer technical, concrete articles, with no bullshit. We’ll be covering topics related to labs, infrastructure, Active Directory, both offensive and defensive, always with a view to learning and progressing. Feel free to use the RSS feed if, like me, you use it for monitoring ;) The rest is coming soon. NobisD
Preamble
Introduction to NobisD, a technical blog about cybersecurity, labs, Active Directory, DFIR and practical learning.
1 min
Latest posts
View alleBPF rootkits & forensics: from blinding telemetry to memory detection
How an eBPF rootkit bypasses kernel lockdown to blind Linux telemetry, and a memory detection method with Volatility 3 linking processes, maps and eBPF programs.
DFIR & Threat Hunting: Why Graphs Change Everything
Why modelling security data as graphs improves DFIR and threat hunting, with examples based on Zeek, Neo4j, BloodHound and JACG.
Forensics at Scale: Using Dissect and ELK for Efficient Investigations
How to scale forensic investigations with Dissect, Logstash and ELK to extract, centralise and search artefacts across multiple machines.
Active Directory DFIR investigation: analyzing a PCAP with Zeek, SMB, RDP and DPAPI
DFIR analysis of an Active Directory PCAP with Zeek to reconstruct initial access, SMB/RDP lateral movement and DPAPI-related activity.
Network DFIR with Zeek and JupyterLab: preparing an Active Directory PCAP analysis
Introduction to network DFIR on an Active Directory PCAP with Zeek and JupyterLab to prepare the investigation, inspect logs and build first pivots.
