Collaborate Disseminate
Tsurugi Linux is a heavily customized open-source distribution focused on supporting DFIR investigations. The project focuses mainly on live forensics analysis, post-mortem analysis, and digital evidence acquisition. Users can also perform malware anal… Continue reading Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations
Unix-like Artifacts Collector (UAC) is a live response collection script for incident response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD, and Solaris … Continue reading UAC: Live response collection script for incident response
Velociraptor is a great DFIR tool that becomes more and more popular amongst Incident Handlers. Velociraptor works with agents that are deployed on endpoints. Once installed, the agent automatically “phones home” and keep s a connection with the server… exactly like a malware with it’s C2 server but this time
The post Velociraptor & Loki appeared first on /dev/random.
Ben Reardon – Corelight Labs Researcher The threat actors who created SUNBURST went to extraordinary lengths to hide Command-and-Control (C2) traffic by mimicking the nature of communication patterns used by legitimate software within the SolarWinds pa… Continue reading Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example
Companies that ransomware-hit US organizations hire to facilitate the paying of the ransom are at risk of breaking US sanctions, falling afoul of the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) regulations and may end up pay… Continue reading Companies that facilitate ransomware payments risk violating US sanctions
In my previous post on detecting and investigating Meterpreter’s Migrate functionality, I went down a rabbit hole on the initial PowerShell attack spawned by and Excel macro. In that payload was a bit of shellcode and I mentioned that I’d like to retur… Continue reading Analyzing an Instance of Meterpreter’s Shellcode
When you need to quickly investigate a suspicious computer located thousands of kilometers away or during a pandemic like we are facing these days, it could be critical to gain remote access to the computer. Just to perform basic investigations. Also, if the attacker did a clever job, he could
[The post Web Conferencing Tools Used for Forensic Investigations has been first published on /dev/random]
Continue reading Web Conferencing Tools Used for Forensic Investigations
Good morning readers and welcome back! This is going to be a very short blog post to inform everyone that a very minor update to the Cedarpelta version of the Live Response Collection has been published. This change was needed, as it was pointed out by… Continue reading Small Cedarpelta Update
Permalink
The post SANS CTI Summit 2019, Katie Nickels’ & Brian Beyer’s ‘ATT&CK™ Your CTI With Lessons Learned From 4 Years In The Trenches’ appeared first on Security Boulevard.
Continue reading SANS CTI Summit 2019, Katie Nickels’ & Brian Beyer’s ‘ATT&CK™ Your CTI With Lessons Learned From 4 Years In The Trenches’
Permalink
The post SANS CTI Summit 2019, Matt Bromiley’s ‘BEC Revisited: Dropping By On Our Favorite Prince’ appeared first on Security Boulevard.
Continue reading SANS CTI Summit 2019, Matt Bromiley’s ‘BEC Revisited: Dropping By On Our Favorite Prince’