Cody Richardson

  Procmon (Process Monitor) is "an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity." This accurately describes what Procmon does, but it doesn't come close to describing the power that it provides to monitor, investigate, and troubleshoot on a Windows system.  Let explore it (download from Microsoft to follow along). Activity Options Procmon had a hard time adjusting to my display resolution, but you can see here and in the screenshot at the top the Activity display options. These will enable / disable various types of activities from being displayed. Deselecting one of these options doesn't erase any existing logs, but just narrows down the output to the types of events you want to see. These include registry, file system, network, and process/thread activity.  These are helpful for narrowing focus when troubleshooting an issue, but you can still be left with thousands of entries. This is where filters come...

  Regular expressions (regex) are used to to extract information or patterns from text. They are used by programming languages, AV/EDR software, application whitelisting software, data loss prevention (DLP) software, personally identifiable information scanning software, and more. While simple in concept, regex can become quite complex depending on what strings of text need to be extracted. I'll be using regex101.com  to show my examples, but there are a ton of great resources and "testers" available for free on the Internet.  Tokens  are how regular expressions are defined. There are dozens available, and we'll get to them in a minute, but nothing is more basic in regex than just typing the exact string you're looking for.  Example 1 - string If you're searching for the string "fire" in a given sentence, you would make your regular expression  fire . We can see here that this regex pattern patches on lines "fire", "firetruck", ...

  I found myself reading RFC 733 today as I had no idea how long BCC emails had been around. Turns out, it's a long time (November 21, 1977). In fact, that is when the "Standard for the Format of ARPA Network Text Messages" was ratified so a whole lot of other things were included in that RFC that are still used in email today, not just BCC emails. Some things that weren't proposed in 1977 for obvious reasons are SPF , DKIM , and DMARC . We'll be talking about those today! (If you're curious like I was what those RFCs are anyway, I linked them so you can check those out too).  SPF - Sender Policy Framework SPF is an authentication mechanism that allows an email server to verify that an email it receives was sent from an authorized server. SPF does this by checking the domain contained in the email header (specifically the envelope sender/MAILFROM), queries for an SPF TXT record that should be contained in that domain's DNS records, and depending on what t...