Intelligence Analyst

Tony Lambert

Tony is a professional geek who loves to jump into all things related to detection and digital forensics. After working in enterprise IT administration and detection engineering for several years, he now applies his DFIR skills to research malware, detect malicious activity, and recommend remediation paths. Tony is a natural teacher and regularly shares his findings and expertise through blogs, research reports, and presentations at conferences and events.
 
Introducing Blue Mockingbird
 
Lateral Movement with Secure Shell (SSH)
 
Trapping the Netwire RAT on Linux
 
Context matters: harnessing creativity to triage security alerts
 
Detection Déjà Vu: a tale of two incident response engagements
 
ATT&CK T1501: Understanding systemd service persistence
 
Using visibility to gather context and find persistence mechanisms
 
It’s all fun and games until ransomware deletes the shadow copies