Launching Find Evil
A space for blue teamers - from beginners to dudes wondering if their alert is APT or not so they can go to sleep.
Ryan Vital
A guy
Welcome to Find Evil
Yes, I really was able to get findevil.com. Kinda hot.
Never imagined myself creating a Cyber Security space on the internet, but the idea never went away. I wanted to create a space that was focused on helping people get through Cyber Incidents, specifically blue teamers.
It's great to have red teamers do their hacking and testing, but I personally believe there are not enough talks, conferences, and spaces for blue teamers.
I want Find Evil to be a place to balance that. A place a security analyst can go to for assistance with finding and validating evil. Articles on how to go through Sonicwall logs during a frantic Akira event. A How To on a parser to crunch through Digital Forensic artifacts. A guide showing newcomers to the space that it's not that bad over here!
Changing how analysts work in Digital Forensics
The Digital Forensic space is dated. Parsers with output sent to CSVs are still being used. It feels like analysis methods have stayed the same in endpoint forensics for 10 years. New IR firms are using dated methods or gatekeep progress in the space.
Over the last two years I've found myself working on code and researching artifacts I thought to have been "figured out". I haven’t discovered anything new or groundbreaking, but I want to challenge how analysts look at forensic data currently.
You might notice this blog is not the only section on my website. On my homepage I have a intro on a certain tool. In the coming weeks I will be releasing this tool that's purpose built for Digital Forensics. My goal is to make Digital Forensics easier for analysts in the space, and more obtainable for security teams to perform.