Author: Marcus Edmondson

With over fifteen years of experience in cyber security and information technology, I am an expert in digital forensics, threat hunting, and incident response. I currently work as a Cyber Network Operator at the US Department of Defense, where I use various tools and techniques in an offensive capacity on critical networks. I have a passion for hunting, forensics, and detection, and I leverage my background in offensive cyber operations to improve defenses and gain visibility into attacks. I am skilled in collecting, parsing, and analyzing security data at scale using PowerShell, Velociraptor, Elasticsearch, SQL, Python, and spreadsheet tools. I am always eager to learn and apply new techniques to find adversaries on networks. I hold eleven GIAC certifications: GCFA, GCWN, GCFE, GPEN, GCPN, GREM, GCIH, GDAT, GCTI, GWAPT and GCIA.

Elasticsearch Stack Install Part 1 Elasticsearch

So in this blog post I am going to start a series of posts dealing with installing the Elasticsearch stack and then using Winlogbeat to forward Windows event logs and Filebeat to forward bro logs and then finally we will build out some cool visualizations and dashboards. I will be installing the Elasticsearch stack on […]

Using PowerShell and Python to Analyze Amcache

I wanted to write this post on using PowerShell and Python, specifically PowerForensics and the pandas library to remotely copy the Amcache.hve file from multiple computers and then use amcacheparser.exe to parse all the amcache files and then load them all up into a pandas DataFrame for analysis. What you will need to accomplish this, […]