Unknown – Page 5 – WindowsTechs.com

Rundown

Posted on October 15, 2024 by Unknown

I ran across a fascinating post from Cyber Sundae DFIR recently that talked about the Capability Access Manager, and how with Windows 11 it includes database of applications that have accessed devices such as the mic or camera, going beyond just t… Continue reading Rundown→

Exploiting LNK Metadata

Posted on October 9, 2024 by Unknown

Anyone who’s followed me for a bit knows that I’m a huge proponent of metadata, and in particular, exploiting metadata in LNK files that threat actors create, use as lures, and send to their targets.I read an article not long ago from Splunk titled, LN… Continue reading Exploiting LNK Metadata→

Shell Items

Posted on October 9, 2024 by Unknown

I ran across a Cyber5W article recently titled, Windows Shell Item Analysis. I’m always very interested in not only understanding parsing of various data sources from Windows systems, but also learning a little something about how others view the topic… Continue reading Shell Items→

RegRipper Educational Materials

Posted on October 8, 2024 by Unknown

A recent LinkedIn thread led to a question regarding RegRipper educational materials, as seen in figure 1; specifically, are there any.Figure 1: LinkedIn requestThere are two books that address the use of RegRipper; Windows Registry Forensics, and Inve… Continue reading RegRipper Educational Materials→

What is "Events Ripper"?

Posted on July 9, 2024 by Unknown

I posted to LinkedIn recently (see figure 1), sharing the value I’d continued to derive from Events Ripper, a tool I’d written largely for my own use some time ago.Fig. 1: LinkedIn postFrom the comments to this and other LinkedIn posts regarding Events… Continue reading What is "Events Ripper"?→

The Myth of "Fileless" Malware

Posted on June 3, 2024 by Unknown

Is “fileless” malware really fileless?Now, don’t get me wrong…I get what those who use this term are trying to say; that is, the actual malware itself, the malicious code, does not exist as a file on the local hard drive. However, for the uninitiated… Continue reading The Myth of "Fileless" Malware→

A Look At Threat Intel Through The Lens Of Kimsuky

Posted on March 22, 2024 by Unknown

Rapid7 recently shared a fascinating post regarding the Kimsuky threat actor group making changes in their playbooks, specifically in their apparent shift to the use of .chm/”compiled HTML Help” files. In the post, the team does a great job of sharing … Continue reading A Look At Threat Intel Through The Lens Of Kimsuky→

Threat Actors Dropping Multiple Ransomware Variants

Posted on March 22, 2024 by Unknown

I ran across an interesting LinkedIn post recently, “interesting” in the sense that it addressed something I hadn’t seen a great deal of reporting on; that is, ransomware threat actors dropping multiple RaaS variants within a single compromised organiz… Continue reading Threat Actors Dropping Multiple Ransomware Variants→

Uptycs Cybersecurity Standup

Posted on March 15, 2024 by Unknown

I was listening to a couple of fascinating interviews on the Uptycs Cybersecurity Standup podcast recently, and I have to tell you, there were some pretty insightful comments from the speakers.The first one I listened to was Becky Gaylord talking about… Continue reading Uptycs Cybersecurity Standup→

Investigative Scenario, 2024-03-12

Posted on March 14, 2024 by Unknown

Investigative ScenarioChris Sanders posted another investigative scenario on Tues, 12 Mar, and this one, I thought, was interesting (see the image to the right).First off, you can find the scenario posted on X/Twitter, and here on LinkedIn.Now, let’s g… Continue reading Investigative Scenario, 2024-03-12→