(Choose whatever web server you like as you work through this one)

This IP is not part of the vendor's known IP space.

What do you look for to investigate whether the update was tampered with upstream?

#InvestigationPath #DFIR #SOC

I've also published a standard you can use for creating human-centric playbooks: chrissanders.org/2025/06/hum...

If you want to learn how to create and use playbooks effectively, I recommend checking out my Investigation Theory class. www.networkdefense.co/courses/inv...

4. If you can predict the questions analysts will ask in an investigation, providing the analyst with a list of those questions when they encounter the cue has significant performance benefits.

3. Many of the initial investigative questions analysts will ask in response to these cues can be predicted.

2. Analysts encounter common scenarios (cues) across diverse investigations based on the evidence they encounter and their forecasting of potentially related events.

The reddish NWA 17405 end cut (center) is quite unique. Scientists believe it gets its color from aqueous alteration... ancient water on the moon! The stone is also a fragmental breccia, which constitutes the main mass of the recovery.

The dark NWA 14577 end cut (right) is a fragmental breccia; a mixture of broken lunar rock and glass fused together by impacts. They likely come from highland regolith where light clasts are mixed into a darker matrix.

The grey-white slice (left) is Adrar 17, a troctolitic anorthosite. It's an ancient piece of the Moon’s highlands crust rich in pale plagioclase with some olivine.