index.html

<!doctype html>
<head>
	<title>MattCASmith | A blog about cyber security and technology</title>
	<meta name="description" content="MattCASmith.net is a blog about cyber security, technology, coding, and more." />
	<meta name="robots" content="index, follow" />
	<meta name="googlebot" content="index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1" />
	<meta name="bingbot" content="index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1" />
	<link rel="canonical" href="https://mattcasmith.net/" />
	<link rel="next" href="https://mattcasmith.net/blog.htm" />
	<meta property="og:locale" content="en_GB" />
	<meta property="og:type" content="website" />
	<meta property="og:title" content="MattCASmith | A blog about cyber security and technology" />
	<meta property="og:description" content="MattCASmith.net is a blog about cyber security, technology, coding, and more." />
	<meta property="og:url" content="https://mattcasmith.net/" />
	<meta property="og:site_name" content="MattCASmith" />
	<meta name="twitter:card" content="summary_large_image" />
	<meta name="twitter:site" content="@mattcasmith" />
	<link rel="alternate" type="application/rss+xml" title="MattCASmith &raquo; feed" href="/feed.xml" />
</head>
	<head>
		<style>
			html {
				display: none;
			}
		</style>
		<title>Home | MattCASmith</title>
		<meta name="viewport" content="width=device-width, initial-scale=1">
		<link rel="shortcut icon" href="/assets/images/favicon.png">
		<link rel="stylesheet" href="/assets/css/styles.css">
		<link href="https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap" rel="stylesheet">
		<link href="https://fonts.googleapis.com/css2?family=PT+Serif:ital,wght@0,400;0,700;1,400;1,700&display=swap" rel="stylesheet">
		
	</head>
	
	<body>
		<div id="site-container" class="home">
		<div id="header">
			<div id="header_left">
				<a href="/"><img class="site_logo light" src="/assets/images/mcas_site_logo.png" alt="MattCASmith"></a>
				<a href="/"><img class="site_logo dark" src="/assets/images/mcas_site_logo_dark.png" alt="MattCASmith"></a>
				<a href="/"><h2>MattCASmith</h2></a>
			</div>
			<div id="header_right">
				<a target="_blank" href="https://x.com/mattcasmith"><img class="link_icon_twitter light" src="/assets/images/x_icon.png" alt="MattCASmith on X"></a>
				<a target="_blank" href="https://x.com/mattcasmith"><img class="link_icon_twitter dark" src="/assets/images/x_icon_dark.png" alt="MattCASmith on X"></a>
				<a target="_blank" href="mailto:mattcasmith@protonmail.com"><img class="link_icon_email light" src="/assets/images/email_icon.png" alt="Email MattCASmith"></a>
				<a target="_blank" href="mailto:mattcasmith@protonmail.com"><img class="link_icon_email dark" src="/assets/images/email_icon_dark.png" alt="Email MattCASmith"></a>
			</div>
		</div>
			
		<div id="home_about_bio">
			<span class="year_label">London, UK</span> -&nbsp; Cyber security professional specialising in incident response and forensics, detection engineering, threat hunting, and SOC development. Former business and technology journalist
		</div>
		
		<div id="home_posts_list">
			<div class="home_content_box_title">
				<div class="home_content_box_title_left">
					<h2>Recent blog posts</h2>
				</div>
				<div class="home_content_box_title_right">
					<a href="/blog.htm">
					<div class="home_content_box_button">
						View all
					</div>
					</a>
					<a href="/feed.xml" target="_blank">
					<div class="home_content_box_button">
						Feed
					</div>
					</a>
				</div>
			</div>
			
			
					<a href="/2024/07/20/crowdstrike-bug-edr-setting-record-straight">
						<article class="blog_entry">
							<div class="blog_entry_title">
								<span class="post_title">Endpoint detection and response (EDR) - setting the record straight</span>
							</div>
							<div class="blog_entry_excerpt">
								<time datetime="2024-07-20T01:00:00+01:00"><span class="year_label">2024-07-20</span></time>&nbsp;-&nbsp;&nbsp;When I went to bed on the evening of Friday 19th July, I couldn’t sleep. It was a stuffy summer’s night in London, and the adrenaline was still pumping through my veins after one of the more notable days in recent memory for cyber security. Still, laying awake gave me...
							</div>
						</article>
					</a>
			
					<a href="/2023/11/26/modular-soc-centralisation-repeatability-automation">
						<article class="blog_entry">
							<div class="blog_entry_title">
								<span class="post_title">Centralisation, repeatability, and automation in a modular SOC</span>
							</div>
							<div class="blog_entry_excerpt">
								<time datetime="2023-11-26T00:00:00+00:00"><span class="year_label">2023-11-26</span></time>&nbsp;-&nbsp;&nbsp;The dictionary definition of “modular” leaves a little to be desired: “Employing or involving a module or modules as the basis of design or construction.” What is implied, but that I would make explicit, is that parts of the whole can be swapped out easily while maintaining the functionality of...
							</div>
						</article>
					</a>
			
					<a href="/2023/03/26/cyber-security-learning-things-backwards">
						<article class="blog_entry">
							<div class="blog_entry_title">
								<span class="post_title">Cyber security sometimes means learning things backwards</span>
							</div>
							<div class="blog_entry_excerpt">
								<time datetime="2023-03-26T00:00:00+00:00"><span class="year_label">2023-03-26</span></time>&nbsp;-&nbsp;&nbsp;Stick around cyber security Twitter or LinkedIn for long enough and you’ll likely see somebody raise a question about how to get into the industry. You’ll also likely see a reply that describes a kind of rite of passage from sysadmin, to SOC analyst, to just about any other security...
							</div>
						</article>
					</a>
			
					<a href="/2023/02/17/winget-automate-software-deployment-new-laptop">
						<article class="blog_entry">
							<div class="blog_entry_title">
								<span class="post_title">Using winget to automate software deployment to a new laptop</span>
							</div>
							<div class="blog_entry_excerpt">
								<time datetime="2023-02-17T00:00:00+00:00"><span class="year_label">2023-02-17</span></time>&nbsp;-&nbsp;&nbsp;I got my first new laptop in six years this week! The new hardware is definitely exciting, but reviews aren’t really my thing, so while I’ll inevitably tweet about how the Microsoft Surface Laptop fares, that’s not the purpose of this post. This is more about the mundane job of...
							</div>
						</article>
					</a>
			
					<a href="/2023/01/13/2023-new-challenges-sharing-experiences">
						<article class="blog_entry">
							<div class="blog_entry_title">
								<span class="post_title">2023&#58; Thoughts on new challenges and sharing experiences</span>
							</div>
							<div class="blog_entry_excerpt">
								<time datetime="2023-01-13T00:00:00+00:00"><span class="year_label">2023-01-13</span></time>&nbsp;-&nbsp;&nbsp;A belated happy new year! If you’re reading this, I hope you have a terrific 2023. I recently went back and read some old posts that have long since been deleted from this blog - writings from my journalism days that reminded me of my perspectives on certain news events...
							</div>
						</article>
					</a>
			
					<a href="/2022/12/15/investigating-explorer-temporary-zip-folders">
						<article class="blog_entry">
							<div class="blog_entry_title">
								<span class="post_title">Investigating Explorer's temporary ZIP folders and retrieving files</span>
							</div>
							<div class="blog_entry_excerpt">
								<time datetime="2022-12-14T00:00:00+00:00"><span class="year_label">2022-12-14</span></time>&nbsp;-&nbsp;&nbsp;If I was to describe how often malware is downloaded within ZIP archives, “common” would be a huge understatement. A key artefact in these investigations is the temporary directory Windows creates when a user opens an archive in Explorer, but I recently realised I’d never actually run a proper test...
							</div>
						</article>
					</a>
			
					<a href="/2022/12/03/parsing-login-sessions-windows-security-event-log-powershell">
						<article class="blog_entry">
							<div class="blog_entry_title">
								<span class="post_title">Parsing login sessions from the Windows event log with PowerShell</span>
							</div>
							<div class="blog_entry_excerpt">
								<time datetime="2022-12-03T00:00:00+00:00"><span class="year_label">2022-12-03</span></time>&nbsp;-&nbsp;&nbsp;Faced with a day at home recovering from my most recent COVID-19 booster vaccine, I realised I hadn’t written anything more than a few lines of PowerShell in a while and decided to spend some time working on something interesting. The idea occurred to me to try to correlate Windows...
							</div>
						</article>
					</a>
			
					<a href="/2022/08/21/using-tkinter-gui-python-apps">
						<article class="blog_entry">
							<div class="blog_entry_title">
								<span class="post_title">Using Tkinter to build simple GUIs for Python apps</span>
							</div>
							<div class="blog_entry_excerpt">
								<time datetime="2022-08-21T01:00:00+01:00"><span class="year_label">2022-08-21</span></time>&nbsp;-&nbsp;&nbsp;I’ve written many Python scripts and apps in the past, including my Windows backup utility Backutil, which is probably the my most complex project to date. But I’ve always designed these to run in the background or on the command line, and haven’t ever tried to build an app with...
							</div>
						</article>
					</a>
			
					<a href="/2022/02/22/bash-history-basics-behaviours-forensics">
						<article class="blog_entry">
							<div class="blog_entry_title">
								<span class="post_title">Linux .bash&#95;history&#58; Basics, behaviours, and forensics</span>
							</div>
							<div class="blog_entry_excerpt">
								<time datetime="2022-02-22T00:00:00+00:00"><span class="year_label">2022-02-22</span></time>&nbsp;-&nbsp;&nbsp;During any incident investigation on a Linux system, one of the most valuable things for responders and forensicators to establish is which commands were run. This is key to finding out what an attacker or malicious user was attempting to do, and what remediation activities are required. The .bash_history file,...
							</div>
						</article>
					</a>
			
					<a href="/2022/01/08/sans-holiday-hack-2021-slot-machine">
						<article class="blog_entry">
							<div class="blog_entry_title">
								<span class="post_title">SANS Holiday Hack Challenge 2021&#58; Slot machine walkthrough</span>
							</div>
							<div class="blog_entry_excerpt">
								<time datetime="2022-01-08T00:01:00+00:00"><span class="year_label">2022-01-08</span></time>&nbsp;-&nbsp;&nbsp;Here’s one more writeup from the SANS Holiday Hack Challenge! The slot machine hack was one of the showpiece challenges this year, so I thought I’d put together a quick blog post to guide you through the process of identifying and exploiting a vulnerability in the game. The challenge Our...
							</div>
						</article>
					</a>
			
			

			<nav class="pagination">
			   	
			   		<div class="page_previous"></div>
			   	
			   	<div class="page_number">Page 1 of 9</div>
			   	
			   		<div class="page_next"><a href="/page/2/" class="page_next">Next ></a></div>
			   	
			</nav>
		</div>
			
		<div id="home_sidebar">
			<div id="home_about_boxes">
				<div class="home_about_box home_box">
					<h2>Categories</h2>
					<div id="side_menu">
	<ul class="side_menu">
		<a href="/category/cyber-security"><li class="first">Cyber Security</li></a>
		<a href="/category/technology"><li>Technology</li></a>
		<a href="/category/programming"><li>Programming</li></a>
		<a href="/category/design"><li>Design</li></a>
		<a href="/category/off-topic"><li>Off-Topic</li></a>
	</ul>
</div>
				</div>
				<div class="home_about_box home_box">
					<h2>Index & projects</h2>
					<a href="/blog-index.htm"><div class="home-button green-button">Blog index</div></a>
<div id="side_menu">
	<ul class="side_menu">
		<a href="/2021/01/01/backutil-windows-backup-utility" class="home-index"><li class="first">Backutil</li></a>
		<a href="/2022/12/03/parsing-login-sessions-windows-security-event-log-powershell" class="home-index"><li>EVTX login parser</li></a>
		<a href="/reading-list.htm" class="home-index"><li>Reading list</li></a>
	</ul>
</div>
				</div>
				<div class="home_about_box home_box">
					<h2>Thinking about</h2>
					<p><span class="year_label">Website v2.0</span><br />I've given my website its first major update since 2020, keeping the same general aesthetic but placing a greater focus on content. Now to come up with some blog post ideas...</p>
				</div>
				<div class="home_about_box home_box">
					<h2>Interests</h2>
					<div id="interest_list">
<ul>
	<li>Cyber security</li>
	<li>Tech</li>
	<li>Python</li>
	<li>PowerShell</li>
	<li>JavaScript</li>
	<li>F1</li>
	<li>Reading</li>
	<li>Writing</li>
	<li>Psychology</li>
	<li>Philosophy</li>
	<li>Exercise</li>
	<li>Running</li>
	<li>Gaming</li>
	<li>Football</li>
	<li>Music</li>
	<li>Guitar</li>
</ul>
</div>
				</div>
			</div>
		</div>
					
				<div id="footer">
			&copy; 2016-25 MattCASmith
			<span class="home-link">Personal blog - does not reflect views of employers past or present</span>
		</div>
		
		<script data-goatcounter="https://mattcasmith.goatcounter.com/count"
        async src="//gc.zgo.at/count.js"></script>
		
		</div>
	
	</body>
</html>