Chapin Bryce – Medium

Chapin Bryce
in
Pythonic Forensics

1 minute Canaries

Visibility is everything in cyber security. Let’s increase the visibility of suspicious activity in your environment in 1 minute.

2 min readOct 15, 2022

--

1 minute Canaries

--

Chapin Bryce
in
Pythonic Forensics

3 ways I improved my Python code last year

Using SonarLint, pre-commit, and type hinting

3 min readJan 7, 2022

--

3 ways I improved my Python code last year

--

Chapin Bryce

Two-minute InfoSec — Shell Timestamps

A new series with a goal on sharing quick wins that can assist organizational security, forensic investigations, incident response and …

2 min readMar 5, 2020

--

Two-minute InfoSec — Shell Timestamps

--

Chapin Bryce
in
Pythonic Forensics

3-Step RDP Honeypot: Step 3 | Build the Bot

In this mini-series, we have setup our honeypot, extracted valuable features from our PCAP data, and now we operationalize this intel.

8 min readFeb 15, 2020

--

3-Step RDP Honeypot: Step 3 | Build the Bot

--

Chapin Bryce
in
Pythonic Forensics

3-Step RDP Honeypot: Step 2 | Operationalize PCAPs

With our RDP Honeypot PCAP data captured, let’s analyze it. We will leverage Moloch to assist us with extracting valuable PCAP features.

5 min readFeb 15, 2020

--

Moloch with RDP PCAP data processed over time.

--

Chapin Bryce
in
Pythonic Forensics

3-Step RDP Honeypot: Step 1 | Honeypot Setup

Step 1 in our process is creating our Honeypot service and start capturing the request data. This brief post dives into building the most…

7 min readFeb 15, 2020

--

Our end goal is to generate a dashboard like this to help operationalize the RDP Honeypot request traffic.

--

Chapin Bryce
in
Pythonic Forensics

3-Step RDP Honeypot: Step 0 | Introduction

Easily set up your own RDP Honeypot, capture bots scanning for vulnerable systems, and operationalize the data to help the InfoSec…

2 min readFeb 15, 2020

--

Top countries with Remote Desktop services exposed to the internet — https://www.shodan.io/report/3Bks4gAr

--

Chapin Bryce
in
Pythonic Forensics

Build your own RDP Honeypot

This is a short post, largely inspired by alt3kx on creating your own RDP Honeypot

4 min readNov 20, 2019

--

Photo by Matthew T Rader on Unsplash

--

Chapin Bryce
in
Pythonic Forensics

Looking Back at AWS IPs

AWS is becoming more and more prevalent in DFIR casework. In addition to requests for acquiring data from services such as S3 and EC2, it…

2 min readJan 21, 2019

--

Looking Back at AWS IPs

--

Chapin Bryce
in
Pythonic Forensics

Fuzzy Hashing and CTPH

Today we have another short post, focused on two different approaches used for similarity analysis (aka Fuzzy hashing). While we know that…

9 min readNov 4, 2018

--

Fuzzy Hashing and CTPH

--

Chapin Bryce

Chapin Bryce

DFIR professional, skier, aviation nerd. Co-author of Learning Python for Forensics & Python Forensics Cookbook. Message me for free links to any of my articles

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams