mgreen27
diff --git a/‎404.html‎
Lines changed: 1 addition & 15 deletions b/‎404.html‎
Lines changed: 1 addition & 15 deletions
diff --git a/‎about/index.html‎
Lines changed: 1 addition & 15 deletions b/‎about/index.html‎
Lines changed: 1 addition & 15 deletions
diff --git a/‎assets/combined.min.678b293becfc85716bd430e0d256f68da7ace5a6f49380390b9fde3d35e8bbce.css‎
Lines changed: 1 addition & 0 deletions b/‎assets/combined.min.678b293becfc85716bd430e0d256f68da7ace5a6f49380390b9fde3d35e8bbce.css‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎g-g41g20slqn/index.html‎
Lines changed: 1 addition & 1 deletion b/‎g-g41g20slqn/index.html‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎index.html‎
Lines changed: 23 additions & 18 deletions b/‎index.html‎
Lines changed: 23 additions & 18 deletions
@@ -43,25 +43,11 @@
 
 
 
-<link rel="stylesheet" href="/assets/combined.min.186794b3399a702d3092949042cdc215dea303c17e71e7c0254768448de11db8.css" media="all">
+<link rel="stylesheet" href="/assets/combined.min.678b293becfc85716bd430e0d256f68da7ace5a6f49380390b9fde3d35e8bbce.css" media="all">
 
 
 
 
-      <script async src="https://www.googletagmanager.com/gtag/js?id=G-G41G20SLQN"></script>
-      <script>
-        var doNotTrack = false;
-        if ( false ) {
-          var dnt = (navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack);
-          var doNotTrack = (dnt == "1" || dnt == "yes");
-        }
-        if (!doNotTrack) {
-          window.dataLayer = window.dataLayer || [];
-          function gtag(){dataLayer.push(arguments);}
-          gtag('js', new Date());
-          gtag('config', 'G-G41G20SLQN');
-        }
-      </script>
 
 
 
 
@@ -44,25 +44,11 @@
 
 
 
-<link rel="stylesheet" href="/assets/combined.min.186794b3399a702d3092949042cdc215dea303c17e71e7c0254768448de11db8.css" media="all">
+<link rel="stylesheet" href="/assets/combined.min.678b293becfc85716bd430e0d256f68da7ace5a6f49380390b9fde3d35e8bbce.css" media="all">
 
 
 
 
-      <script async src="https://www.googletagmanager.com/gtag/js?id=G-G41G20SLQN"></script>
-      <script>
-        var doNotTrack = false;
-        if ( false ) {
-          var dnt = (navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack);
-          var doNotTrack = (dnt == "1" || dnt == "yes");
-        }
-        if (!doNotTrack) {
-          window.dataLayer = window.dataLayer || [];
-          function gtag(){dataLayer.push(arguments);}
-          gtag('js', new Date());
-          gtag('config', 'G-G41G20SLQN');
-        }
-      </script>
 
 
 
 
@@ -44,7 +44,7 @@
 
 
 
-<link rel="stylesheet" href="/assets/combined.min.186794b3399a702d3092949042cdc215dea303c17e71e7c0254768448de11db8.css" media="all">
+<link rel="stylesheet" href="/assets/combined.min.678b293becfc85716bd430e0d256f68da7ace5a6f49380390b9fde3d35e8bbce.css" media="all">
 
 
 
 
@@ -3,7 +3,7 @@
   dir="ltr">
 
   <head>
-	<meta name="generator" content="Hugo 0.140.0">
+	<meta name="generator" content="Hugo 0.148.1">
     <meta charset="utf-8">
 <meta name="viewport" content="width=device-width">
 
@@ -45,25 +45,11 @@
 
 
 
-<link rel="stylesheet" href="/assets/combined.min.186794b3399a702d3092949042cdc215dea303c17e71e7c0254768448de11db8.css" media="all">
+<link rel="stylesheet" href="/assets/combined.min.678b293becfc85716bd430e0d256f68da7ace5a6f49380390b9fde3d35e8bbce.css" media="all">
 
 
 
 
-      <script async src="https://www.googletagmanager.com/gtag/js?id=G-G41G20SLQN"></script>
-      <script>
-        var doNotTrack = false;
-        if ( false ) {
-          var dnt = (navigator.doNotTrack || window.doNotTrack || navigator.msDoNotTrack);
-          var doNotTrack = (dnt == "1" || dnt == "yes");
-        }
-        if (!doNotTrack) {
-          window.dataLayer = window.dataLayer || [];
-          function gtag(){dataLayer.push(arguments);}
-          gtag('js', new Date());
-          gtag('config', 'G-G41G20SLQN');
-        }
-      </script>
 
 
 
@@ -145,8 +131,7 @@ <h1 class="header-title">
 
 
 
-    <p>Im a seasoned cybersecurity professional with a passion for incident response and threat research.<br>
-Currently working in Rapid7 labs tracking adversaries, and working with Velociraptor.<br>
+    <p>Im a seasoned cybersecurity professional with a passion for incident response, threat intelligence and research.<br>
 This is a personal DFIR and technology blog to document some of my projects.</p>
 
 </div>
@@ -223,6 +208,26 @@ <h1> Posts </h1>
 
 
 
+    <p class="line-date">1 Nov 2024 </p>
+
+    <div>
+        <p class="line-title">
+            <a href="/posts/2025/finding_the_lnk/">
+                Finding the LNK: Techniques and methodology for advanced analysis
+            </a>
+        </p>
+
+        
+        <p class="line-summary"> Malicious exploitation of LNK files, commonly known as Windows shortcuts, is a well-established technique used by threat actors for delivery and persistence. While the value of LNK forensics for cyber threat intelligence (CTI) is fairly well-understood, analysts may overlook less well-known data points and miss valuable insights. In this post, we explore the structure of LNK files using Velociraptor. We will walk through each LNK structure and discuss some analysis techniques frequently used on the Rapid7 Labs team. </p>
+        
+    </div>
+</div>
+    
+    <div class="post-line">
+
+    
+    
+
     <p class="line-date">29 Feb 2024 </p>
 
     <div>
Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@`
`44`	`44`
`45`	`45`
`46`	`46`
`47`		`-<link rel="stylesheet" href="/assets/combined.min.186794b3399a702d3092949042cdc215dea303c17e71e7c0254768448de11db8.css" media="all">`
	`47`	`+<link rel="stylesheet" href="/assets/combined.min.678b293becfc85716bd430e0d256f68da7ace5a6f49380390b9fde3d35e8bbce.css" media="all">`
`48`	`48`
`49`	`49`
`50`	`50`