Join us for Episode 9 of Everyday Cyber as we dive deep into the Blue Team Field Manual by Alan White and Ben Clark - the ultimate practical guide for cybersecurity defenders. Discover essential command-line tools and techniques for Windows and Linux environments, structured around the NIST Cybersecurity Framework. Learn hands-on approaches to system hardening, network monitoring, malware analysis, and incident response. From vulnerability scanning with NMAP and Nessus to configuring firewalls and AppLocker policies, we cover the complete defensive toolkit. Whether you're a SOC analyst, system administrator, or cybersecurity professional, this episode provides actionable commands and methodologies for protecting, detecting, responding to, and recovering from cyber threats. Master the art of defensive cybersecurity operations with real-world commands you can use immediately.
Join us for Episode 9 of Everyday Cyber as we decode the complex world of data privacy and protection laws. From GDPR and CCPA to China's PIPL and Canada's PIPEDA, we break down what these regulations mean for businesses and individuals. Learn about Privacy by Design principles, data subject rights, cross-border data transfers, and how to build a robust privacy program. Whether you're a business owner, privacy professional, or simply want to understand your digital rights, this episode provides practical insights into navigating today's privacy landscape. Discover the evolution of privacy laws, key compliance requirements, and real-world case studies that shaped modern data protection.
🚨 Episode 8 – Part 1 of 2 | Everyday Cyber Podcast
In this first part of a two-part deep dive, host Alex Reid breaks down the essentials of Network Security Monitoring (NSM) — how it works, why it matters, and the open-source tools that power real-time detection and response.
From understanding the Intrusion Kill Chain to deploying tools like Security Onion, Zeek, and Suricata, this episode helps you build foundational knowledge in modern network defense.
🔍 In this episode (Part 1):
What is NSM and how it differs from continuous monitoring
Why prevention fails — and how NSM fills the gap
Data types in NSM: full content, session, alerts, and metadata
Challenges with proxies, NAT, and the X-Forwarded-For header
Overview of open-source NSM tools (Security Onion, Bro/Zeek, Suricata, Sguil)
🧠 This episode is ideal for SOC analysts, blue teamers, cybersecurity students, and anyone learning how defenders really detect threats.
🎧 Part 2 coming next week.
network security monitoring
NSM podcast
security onion tutorial
zeek bro network analysis
suricata ids
sguil security onion
intrusion kill chain explained
network visibility tools
incident response podcast
full packet capture analysis
network forensics tools
x-forwarded-for proxy logs
nsm data types explained
cybersecurity detection stack
virus total analysis
networkminer pcap analysis
client-side compromise
server-side compromise
ioc detection process
blue team workflows
everyday cyber podcast
🧠 Episode 7 – Everyday Cyber Podcast
In this episode, host Alex Reid explores the battlefield between digital forensics and anti-forensics — revealing how investigators extract hidden truths from NTFS volumes, and how attackers attempt to cover their tracks.
From Alternate Data Streams (ADS) and Volume Shadow Copies, to timestomping and file wiping, this episode dives into the structures and techniques that define modern forensic investigations — and the countermeasures used to evade them.
🔍 What You'll Learn in This Episode:
Key forensic artifacts in NTFS: $MFT, $I30, $LogFile, $UsnJrnl
How Alternate Data Streams (ADS) are used to hide data
Timestomping, file wiping, and registry key deletion as anti-forensics
Tools like MFTECmd, Bulk Extractor, PhotoRec, and vss_carver.py
How forensic analysts perform file carving, super timelines, and triage collection
The role of Zone.Identifier ADS, VSS, and SDelete in investigations
Techniques attackers use to stay hidden in plain sight — and how to find them
Whether you're learning digital forensics or defending against sophisticated attackers, this episode gives you a detailed breakdown of how investigations work at the file system level.
digital forensics
anti-forensics
alternate data streams
NTFS forensics
volume shadow copy forensics
file carving
timestomping detection
mftecmd tutorial
file wiping
photoRec recovery
zone.identifier ADS
NTFS metadata
ADS malware hiding
super timeline forensics
triage collection
bulk extractor forensic
registry key wiping
forensic tools podcast
NTFS MFT analysis
digital forensic investigation
everyday cyber podcast
🧠 Episode 6 – Everyday Cyber Podcast
In this episode, Alex Reid explores how cybersecurity analysts use timeline analysis to investigate intrusions, uncover malware, and detect threats at scale. This hands-on walkthrough reveals how modern blue teams reconstruct attacks across hundreds of endpoints using tools like log2timeline, YARA, capa, and more.
You’ll learn the full process from enterprise threat hunting to deep-dive forensic timeline building — including malware detection, IOC stacking, and how to pivot around suspicious activity.
🔍 Key topics covered:
The 3-phase model: Threat Hunting → Triage → Deep-Dive Forensics
Occurrence stacking, outlier detection, and IOC hunting
Detecting malware using tools like Sigcheck, maldump, and capa
Writing YARA rules and matching malware capabilities to MITRE ATT&CK
Filesystem timelines vs. super timelines — when to use each
Using log2timeline, Plaso, Timeline Explorer, and Timesketch
How to scale timeline analysis across multiple compromised systems
Practical insights for analysts, DFIR teams, and blue teamers
timeline analysis
threat hunting
malware detection
YARA rules
log2timeline
plaso forensic tool
capa malware analysis
digital forensics podcast
DFIR workflow
ioc hunting
sigcheck malware scan
timeline explorer
timesketch tutorial
fileless malware detection
endpoint forensics
blue team tactics
incident response timeline
cybersecurity tools
forensic timeline building
everyday cyber podcast
🧠 In Episode 6 of the Everyday Cyber Podcast, host Alex Reid explores the powerful role of memory forensics in both incident response and threat hunting. This episode breaks down the techniques and tools used to uncover hidden malware, detect rootkits, and investigate in-memory attack activity across compromised systems.
Whether you're working with live RAM captures or analyzing memory dumps post-incident, understanding these methods is essential for uncovering advanced adversaries and fileless threats.
🔍 What You’ll Learn in This Episode:
Core memory forensics concepts for incident responders
Using tools like Volatility, Velociraptor, and Memory Baseliner
Identifying code injection, process hollowing, DLL injection, and reflective loading
Detecting BYOVD attacks, rootkits (DKOM, SSDT, IDT hooks), and thread hijacking
Investigating suspicious memory regions, handles, VAD trees, and PE headers
Working with hiberfil.sys, pagefile.sys, .vmem, and .vmsn files
Understanding fileless malware and “living off the land” techniques
Using memory to trace attacker tools like Cobalt Strike, Emotet, and Poison Ivy
Crafting detection rules using YARA, and parsing strings with bstrings
If you're in digital forensics, blue teaming, or threat detection, this episode gives you actionable knowledge for using memory artifacts to expose what attackers try hardest to hide.
memory forensics
incident response podcast
threat hunting
cybersecurity podcast
code injection detection
volatility memory analysis
process hollowing
dll injection
BYOVD malware
rootkit analysis
fileless malware detection
DFIR podcast
malware investigation
advanced threat hunting
Velociraptor forensic tool
memory dump analysis
endpoint forensics
cobalt strike detection
memory artifacts analysis
digital forensics podcast
🔍 In this episode of the Everyday Cyber Podcast, host Alex Reid takes you deep into the world of Windows forensics and intrusion detection — revealing how defenders can track advanced attacks using native event logs, system artifacts, and modern blue team tools.
You’ll learn how to detect lateral movement, uncover PowerShell abuse, and investigate attacker activity using Prefetch, AppCompatCache, Amcache.hve, and Event ID correlation. We also cover how Sysmon dramatically improves visibility for detecting real-world threats.
🔐 Topics covered in this episode:
Prefetch, AppCompatCache, and Amcache forensic analysis
Tracking attacker movement with Event IDs 4648, 4688, and 7045
How to detect PsExec, WMI, and PowerShell Remoting
PowerShell logging: Script Block Logging, Downgrade Attacks, and Defense
Why Sysmon is a game-changer for endpoint intrusion detection
Real-world examples of "living off the land" attacks and how to catch them
Using event log artifacts to build a timeline of attacker behavior
Whether you're a SOC analyst, threat hunter, or just starting your cybersecurity career, this episode helps you level up your understanding of endpoint detection and response using only what’s built into the operating system.
Windows forensics
Intrusion detection
Cybersecurity podcast
SOC analyst tools
Threat detection
Event log analysis
PowerShell logging
Sysmon for security
Lateral movement detection
Amcache analysis
AppCompatCache
Prefetch forensic evidence
PsExec detection
WMI attack investigation
EDR strategies
Windows endpoint visibility
Security operations center
Detecting attacker behavior
Digital forensics podcast
Cybersecurity incident response
🚨 Welcome to Episode 4 of the Everyday Cyber Podcast, where we break down the critical strategies behind advanced incident response and proactive threat hunting — skills every modern security team needs to stay ahead of today’s fast-moving adversaries.
In this episode, host Alex Reid walks you through real-world detection and response tactics used by security operations teams to reduce attacker dwell time, detect lateral movement, and disrupt advanced threats before they succeed.
🔐 What You’ll Learn in This Episode:
The evolving threat landscape and the growing speed of intrusions
The full 6-step incident response process and how to do it right
Why premature eradication is dangerous — and what to do instead
How to leverage containment and intelligence development in real time
Building a repeatable loop of scoping, analyzing, and expanding IOCs
Key principles of the Cyber Kill Chain® and MITRE ATT&CK™
How to use TTPs, behavioral indicators, and campaign reconstruction
Atomic, computed, and behavioral IOCs — and how to use them effectively
Lessons from real-world response failures and successes
This episode is packed with field-proven frameworks and tactical strategies that help defenders identify threats, contain them smartly, and strengthen long-term cyber resilience.
🎧 Listen to all episodes:
https://open.spotify.com/show/1g19uYLancJsweZODur80H
🔁 New episodes weekly on:
Incident response workflows
Threat hunting techniques
Cyber threat intelligence
MITRE ATT&CK strategies
SOC tools and blue team ops
Entry-level cybersecurity career tips
🚨 Welcome to Episode 2 of the Everyday Cyber Podcast with your host Alex Reid – where we go deep into real-world defensive security practices and the essential skills needed in a modern Security Operations Center (SOC).
In this episode, we break down efficient alert triage, the science of email-based threat detection, and how structured analytics like Sigma rules, deny lists, allow lists, and new term rules can dramatically improve your ability to detect and respond to cyber threats.
🔍 What you'll learn in this episode:
How data enrichment increases alert fidelity
The role of "features" in building security analytics
Alert tuning using the Pareto Principle (80/20 rule)
Deny lists vs. allow lists — strengths and weaknesses
First-contact rules (New Term Rules) and how they work
Overview of Sigma and how it helps standardize SIEM analytics
Anatomy of a Sigma rule: metadata, log source, detection, condition
How to improve SOC morale and reduce burnout
Network layer disruption strategies: Layer 3, 4, and 7 blocking
Why a home lab is your secret weapon for mastering company-scale monitoring
Whether you’re a SOC analyst, blue teamer, or aspiring cybersecurity pro, this episode gives you advanced yet accessible insights to level up your detection engineering, automation mindset, and operational efficiency.
In this episode of the Everyday Cyber cybersecurity podcast, host Alex Reid explores one of the most critical skills in modern security operations: alert triage and email threat analysis.
You'll learn how structured analytical techniques like Hypothesis Generation, Link Analysis, and Analysis of Competing Hypotheses (ACH) can help you cut through alert fatigue, sharpen your decision-making, and avoid cognitive biases during complex investigations.
We also break down OPSEC best practices — essential when gathering threat intel or investigating targeted attacks — so you don’t inadvertently tip off adversaries.
Then we dive into the core of email security, including:
How SPF, DKIM, DMARC, and ARC really work
How attackers spoof emails and bypass protections
Real-world examples of Business Email Compromise (BEC), malicious attachments, and phishing links
Proven email threat detection strategies every Blue Teamer should know
If you're pursuing a career in cybersecurity or already working in a SOC, this episode will elevate your alert triage skills and email analysis confidence.
Welcome to the first episode of Everyday Cyber! In this foundational deep dive, host Alex Reid walks you through the core mission, structure, and daily reality of a modern Security Operations Center (SOC).
You'll learn how security teams are organized, what tools they use, and how they handle vast amounts of data to detect and respond to cyber threats. We’ll break down:
The mission and mindset of a Blue Team
SOC structure and key functions
Data sources: logs, network traffic, and endpoints
Fundamentals of DNS and HTTP analysis
How Windows and Linux systems log activity
How analysts identify malware, suspicious files, and triage alerts
The role of continuous improvement, enrichment, and automation in modern SOCs
Whether you're just starting your cybersecurity journey or brushing up your skills, this episode gives you a clear, structured look into the frontline of cyber defense.
