Author: drkeithjones

Hunting Lazy OPSEC: Spotting Default C2 Certificates with DuckDB and Zeek

April 22, 2026

Threat actors love to reuse tools, and sometimes, they get lazy. Case in point: AsyncRAT and its notorious fork, DcRAT. These remote access trojans often ship with default, self-signed certificates. If the…
Beyond the Grep: Hunting Malware with Zeek and DuckDB SQL

April 14, 2026

Hunting through raw Zeek logs just got a massive upgrade. If you’ve spent years in the SOC, you’ve likely built up a library of complex awk chains and grep commands to parse…
Ian Diaz – The U.S. Marshal, the Etsy Sonogram, and the Condo Plot

April 1, 2026

Imagine a real-life psychological thriller where the villain carries a federal badge. When a high-ranking U.S. Marshal’s relationship with his fiancé imploded over an Anaheim condo, he didn’t just walk away—he used…
Inside the North Korean Laptop Farm: How Christina Chapman Defrauded 300+ U.S. Companies from Arizona

March 26, 2026

This case isn’t the story of a criminal mastermind — it’s the story of a woman who quietly turned her Arizona home into a pipeline for North Korean operatives simply because she…
How I Used Gemini To Fix My Terrible Zeek Documentation

November 24, 2025

I built a Zeek-based Amadey malware detector… and then absolutely did NOT document it. https://github.com/keithjjones/zeek-amadey-detector So instead of fixing my own mess, I made Gemini do it. In this video: If your…
Fix NoMachine’s CAPS LOCK Reversal Bug

February 16, 2025

I was recently trying to connect to a remote NoMachine host, and the sense of caps lock was reversed compared to my local machine. This happens if your caps was on when…
Keith Jones’ Journey As Expert Digital Forensics Expert To AI Malware Researcher

February 3, 2025

Had a great time as a guest on the Security Unfiltered Podcast, talking about work-life balance in cybersecurity—especially for parents. We covered how remote work has shifted expectations, the challenge of growing…
Manually Download MacOS Sequoia

January 30, 2025

Apple’s macOS updates are typically seamless through the App Store, but sometimes, a bug can throw a wrench in the process. I recently encountered this firsthand when updating one of my Macs…
Drone Flight @ BWI Airport Sept 8, 2024

September 11, 2024

Enjoy some runway 33L activity at the Baltimore Washington International Airport in Maryland. The FAA authorized me to fly and photograph airport activity with my part 107 commercial drone license.
Detect STRRAT Malware With Zeek And Suricata

August 31, 2024

Join me in learning how to detect the STRRAT malware family with Zeek and Suricata. Corelight Blog: https://corelight.com/blog/newsroom/news/strrat-malware Source Code: https://github.com/corelight/zeek-strrat-detector 00:00:10:18 – 00:00:37:17Dr. Keith JonesHey, welcome. We’re going to talk about…