-
Jun 28, 2017
Just create a file in c:\windows! Currently we have a lot of information about Petya (ot Notpetya): you can take a look at this post, that i use to collect all information gathered from websites and social networks. And from… read more »
-
Jun 28, 2017
Using vboxmanage and some tools from SleuthKit A key step in a forensic analysis is the creation of a timeline of the filesystem operations.The operation can be performed using (for example) the fls tool from Sleuthkit, that exports the timeline… read more »
-
Jun 27, 2017
What we know so far? UPDATE: We have a local vaccine New ransomware start spreading in Ukraine and shutdown a lot of critical infrastructures (hospitals, airport, banks and power plants). Some report coming also from Italy, Germany and Spain. Early comments on… read more »
-
Jun 27, 2017
Using a direct access to /sys/class/backlight My Debian laptop is configured with a very minimal setup, using i3 as window manager and without any graphical tool for system management. To manage the screen brightness i choosed not using a specific… read more »
-
Jun 25, 2017
In order to start a memory analysis with Volatility, the identification of the type of memory image is a mandatory step. Here some usefull commands. imageinfo For a high level summary of the memory sample you’re analyzing, use the imageinfo… read more »
-
Jun 23, 2017
In order to analyze it with Volatility Usually i use a VirtualBox sandbox in order to ‘detonate’ some malware and analyze the behavior of them. In this phase, the analysis of sandbox’s ram with Volatility is a mandatory step.But, how… read more »
-
Jun 22, 2017
The research paper by P1 Security was presented last week in a security conference in France A team of researchers from security firm P1 Security has detailed a list of flaws in the VoLTE protocol that allows an attacker to spoof… read more »
-
Jun 21, 2017
A research by Japan Computer Emergency Response Team With “lateral movement’ we identify the techniques that enable an adversary to access and control remote systems on a network: an attacker can use lateral movement for many purposes, including remote execution… read more »