analysis – Page 8 – WindowsTechs.com

North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn

Posted on October 28, 2020 by Tara Seals

The Kimsuky/Hidden Cobra APT is going after the commercial sector, according to CISA. Continue reading North Korea-Backed Spy Group Poses as Reporters in Spearphishing Attacks, Feds Warn→

Google Cloud Buckets Exposed in Rampant Misconfiguration

Posted on September 22, 2020 by Tara Seals

A too-large percentage of cloud databases containing highly sensitive information are publicly available, an analysis shows. Continue reading Google Cloud Buckets Exposed in Rampant Misconfiguration→

Analysis of Apple Unified Logs [Entry 12] – Quick & Easy Unified Log Collection from iOS Devices for Testing

Posted on September 8, 2020 by Sarah Edwards

Collection of Unified Logs on macOS systems is pretty straight forward. You can use the command, and yes – you do have to be root.sudo log collect Collection from iOS device is not as obvious. I think most of us are doing the sysdiagnose/AirDrop m… Continue reading Analysis of Apple Unified Logs [Entry 12] – Quick & Easy Unified Log Collection from iOS Devices for Testing→

Part 2: Step-by-step iPhone Setup for iOS Research (via @bizzybarney)

Posted on August 23, 2020 by Sarah Edwards

This is a follow-on to the previous post showing how to setup your Mac for iOS testing. If you haven’t read over that one – this article draws assumptions that your Mac is setup in a certain way, or that you know what you’re doing otherwise. Feel free … Continue reading Part 2: Step-by-step iPhone Setup for iOS Research (via @bizzybarney)→

Step-by-step macOS Setup for iOS Research (via @bizzybarney)

Posted on August 14, 2020 by Sarah Edwards

CLI…WTFCommand line interface (CLI) isn’t for everyone. Trust me; I get it. @iamevltwin forced me out of my comfort zone a few years ago and opened my eyes to the power of Terminal (command prompt on Mac). Now it is pinned to the Dock… Continue reading Step-by-step macOS Setup for iOS Research (via @bizzybarney)→

Hunting injected processes by the modules they keep

Posted on August 5, 2020 by davehull

A relatively recent post showed how Metasploit’s Meterpreter module made some noise on endpoints when the migrate command was used to move the agent code into a legitimate process, spoolsv.exe in our example.

One of the things we saw in that post was … Continue reading Hunting injected processes by the modules they keep→

Analyzing an Instance of Meterpreter’s Shellcode

Posted on July 26, 2020 by davehull

In my previous post on detecting and investigating Meterpreter’s Migrate functionality, I went down a rabbit hole on the initial PowerShell attack spawned by and Excel macro. In that payload was a bit of shellcode and I mentioned that I’d like to retur… Continue reading Analyzing an Instance of Meterpreter’s Shellcode→

Lazarus Group Surfaces with Advanced Malware Framework

Posted on July 22, 2020 by Tara Seals

The North Korean APT has been using the framework, called MATA, for a number of purposes, from spying to financial gain. Continue reading Lazarus Group Surfaces with Advanced Malware Framework→

Follow-on to DFIR Summit Talk: Lucky (iOS) 13: Time To Press Your Bets (via @bizzybarney)

Posted on July 20, 2020 by Sarah Edwards

Facial Recognition in PhotosOne facet of my DFIR Summit talk I want to expand upon is a look into the Photos application, and a few of the derivative pieces of that endeavor. While trying to focus on the topic of facial recognition, it seemed pru… Continue reading Follow-on to DFIR Summit Talk: Lucky (iOS) 13: Time To Press Your Bets (via @bizzybarney)→

Alina Point-of-Sale Malware Spotted in Ongoing Campaign

Posted on July 1, 2020 by Tara Seals

The malware is using DNS tunneling to exfiltrate payment-card data. Continue reading Alina Point-of-Sale Malware Spotted in Ongoing Campaign→