investigation – Page 3 – WindowsTechs.com

Investigative Scenario: How Do I find out where the request is originating from? [on hold]

Posted on October 18, 2019 by Mahesh Chandra

I have a dns filtering device setup…. and I am blocking all pornographic content on it… When I am looking at the blocked results and it gives me the web address and the machine from which the request was originating… no… Continue reading Investigative Scenario: How Do I find out where the request is originating from? [on hold]→

SANS DFIR, Mari DeGrazia’s ‘Triage Collection And Timeline Analysis With KAPE’

Posted on October 5, 2019 by Marc Handelman

Thanks to SANS for publishing the SANS DFIR
superlative DFIR videos on their SANS DFIR YouTube Channel
Permalink
The post SANS DFIR, Mari DeGrazia’s ‘Triage Collection And Timeline Analysis With KAPE’ appeared first on Security Bou… Continue reading SANS DFIR, Mari DeGrazia’s ‘Triage Collection And Timeline Analysis With KAPE’→

Solar System Wars: Walmart versus Tesla

Posted on September 19, 2019 by Dan Maloney

It seems like hardly a day goes by that doesn’t see some news story splashed across our feeds that has something to do with Elon Musk and one or another of his myriad companies. The news is often spectacular and the coverage deservedly laudatory, as when Space X nails another …read more

Continue reading Solar System Wars: Walmart versus Tesla→

A question for people in the field of information security

Posted on September 18, 2019 by Rafael Vaturi

my name is Raphael and I am trying to learn a bit about the world of information security and investigations to get started in this area

Suppose you received an alert from one of the operating systems in the organization ann… Continue reading A question for people in the field of information security→

How to delete data so that forensics cannot find it? [on hold]

Posted on August 27, 2019 by aas312

Is there any cloud-based storage or database that deletes data and makes it impossible to recover?

I know I can encrypt the data and throw away the encryption key (crypto shred)

Continue reading How to delete data so that forensics cannot find it? [on hold]→

How can I track a local host device [on hold]

Posted on August 27, 2019 by ose

I have a communication picked up from my Firewall to a known wannacry IP address. However, the source IP reflecting shows the address of the web proxy and also shows the post-NAT IP address. I have checked the proxy logs for … Continue reading How can I track a local host device [on hold]→

Hackers used password spraying to breach Citrix, investigation confirms

Posted on July 24, 2019 by Sean Lyngaas

The hackers who breached corporate VPN service provider Citrix last year used an unsophisticated technique that throws commonly used, weak passwords at a system until one works, the company’s investigators has confirmed. The “password spraying” ploy allowed the hackers to steal business files from a Citrix network drive along with a drive linked with its consulting practice, Citrix President David Henshall wrote in a blog post last week. The attackers had access to the drives for a “limited number of days,” between October 2018 and March 2019, he said. Henshall did not say who carried out the hack or what their ultimate objective was. VPN providers could be an enticing target for any set of hackers looking for a foothold in a corporation’s network. “The cybercriminals also may have accessed the individual virtual drives and company email accounts of a very limited number of compromised users and launched without further exploitation […]

The post Hackers used password spraying to breach Citrix, investigation confirms appeared first on CyberScoop.

Continue reading Hackers used password spraying to breach Citrix, investigation confirms→

Ransomware recovery firms often just pay attackers’ ransom demands

Posted on May 17, 2019 by Filip Truta

Companies advertising ransomware recovery services often simply pay the attackers their ransom demand in exchange for the decryption keys, an investigation into the sector has revealed. A former employee at Proven Data Recovery of Elmsford, New York, t… Continue reading Ransomware recovery firms often just pay attackers’ ransom demands→

MCAS and the 737: When Small Changes have Huge Consequences

Posted on March 14, 2019 by Tom Nardi

When the first 737 MAX entered service in May of 2017, it was considered a major milestone for Boeing. For nearly a decade, the aerospace giant had been working on a more fuel efficient iteration of the classic 737 that first took to the skies in 1967. Powered by cutting-edge …read more

Continue reading MCAS and the 737: When Small Changes have Huge Consequences→

A Daring Search for Answers in Soyuz Mystery

Posted on December 26, 2018 by Tom Nardi

If you happened to tune into NASA TV on December 11th, you’d have been treated to a sight perhaps best described as “unprecedented”: Russian cosmonauts roughly cutting away the thermal insulation of a docked Soyuz spacecraft with a knife and makeshift pair of shears. Working in a cloud of material ripped loose during the highly unusual procedure, cosmonauts Oleg Kononenko and Sergey Prokopyev were effectively carving out their own unique place in space history. Their mission was to investigate the external side of the suspicious hole in the Soyuz MS-09 capsule which caused a loss of air pressure on the …read more

Continue reading A Daring Search for Answers in Soyuz Mystery→