A huge thank you to my dearest friend Jeremy Jethro, who created this comprehensive script and the Detection rule in Sentinel one . Hi everyone, If you've been following the cybersecurity landscape lately, you've probably heard whispers about OpenClaw  (also known as Clawbot or Moltbot) . And if you're in IT security, you're likely dealing with requests to detect and block it right now. -----------------------------------------------------------------------------------------

Let’s talk about one of the most underestimated  data exfil paths in Google Workspace. Not malware. Not OAuth abuse. Not a compromised token. Just… Google Takeout . Most people think of Takeout as a harmless “download my data” feature. And to be fair, that was  the original idea. But from a security and forensics perspective, Takeout is a built-in data export mechanism  that works surprisingly well — maybe too  well. What Is Google Takeout (Really)? Google Takeout, also call

If you’ve worked in Google Workspace long enough, you already know this truth: Google Drive is where data leaks love to happen. Not always malicious. Sometimes it’s just: “Oops, shared it publicly” “Oops, shared it with the wrong domain” “Oops, didn’t realize Anyone with the link  means literally anyone” So when data exposure happens, we usually care about two questions: What happened to the file? Can we still access or recover it? That’s where Google Drive investigation tool

As you guys remember, I have created a complete series on Velociraptor. If you didn't check it out, do check it out - link below. https://www.cyberengage.org/courses-1/mastering-velociraptor%3A-a-comprehensive-guide-to-incident-response-and-digital-forensics Now, why am I here again? Because I recently tried to install Velociraptor with the latest version on my laptop and ran into some issues. Well, not exactly "issues" - I'd say it's more like modifications in how things wor

If you’ve ever had to investigate a Google Workspace account takeover , you already know one thing: it’s not about one  log — it’s about connecting multiple logs and understanding how Google thinks . The Two Logs You Must  Know When it comes to tracking user behavior (and especially account compromise), there are four core log types you’ll always come back to: Admin log events User log events ( Previously it was seperated into two logs) (Login Audit Log + User Accounts Audi