So those of you who have known me for a while know I have had a love affair with graph viz for a number of years now. I have always had this dream of running Volatility on a memory dump and then graphing the relationships between all of the artifacts, but I have never had the time to actually sit down and build the concept.

I have now been experimenting with Claude (begrudgingly) to get more familiar with it over the past few days and decided that my Volatility concept might be a good test of its capabilities. Man I am telling you I got sucked into the rabbit hole so fast I just now remembered to hydrate...  

This is the Volatility module output normalized, ingested into Neo4j, and then visualized in Graphistry. 😍 Nodes colored by Louvain community. Need to run this on a memdump of an infected machine next!

I can now see how intelligently utilizing Claude as an assistant can be such a force multiplier. Opus 4.6 is unlike any version I have tried before and actually produces useable code.

I'm on the hunt to join a good team! 🔍

Seeking: Threat Intel/IR Analyst or Security Automations Engineer positions

If any of my friends or mutuals know of any opportunities, please let me know or share for reach! 🫶

Spending my night playing with technology in a different way than usual. Currently have an astrophotography imaging run underway with NGC 3184 as my subject. Let's see if the night stays clear for once...

#astrophotography

Does anyone know if it is at all possible to programmatically access via API any of the GSuite Alert Center capabilities that you can see in the GUI? For example, being able to take action on a reported phishing email or getting message contents? I can't find any info if it is...

I am working on automating some of an analysts work required to respond to reported phishing emails and it would be incredibly helpful to be able to interact with the "Investigation" capabilities via API instead of just the web interface.