-
Jul 25, 2018
Spoiler: shame on DumpIT! Some days ago, I was busy with a forensic analysis on a Windows server. The machine was a Windows Server 2008 R2, used as webserver, with 24 GB of RAM. But during memory analysis with Volatility,… read more »
-
Jul 23, 2018
The ability to quickly and reliably detect lateral movement in the network is one of the most important skills in information security today: the lateral movement attack phase represents the biggest difference between a targeted and strategic attacks and a simplistic… read more »
-
Jul 20, 2018
Joaquín Rodrigo’s Concierto de Aranjuez is one of the most popular concertos of all time, one of the most original masterpieces of the 20th century. Its beautiful central Adagio has been arranged for everything, from mouth, organ to brass… read more »
-
Jul 18, 2018
Having a solid grasp of tcpdump is mandatory for anyone desiring a thorough understanding of TCP/IP. What is tcpdump? Tcpdump is one of th best network analysis tool for information security professionals. tcpdumpruns under the command line and allows the… read more »
-
Jul 16, 2018
Previously i've talked a lot about Volatility, and i've published also some articles about YARA. Today i'd like share a brief and simple workflow, useful for a first high-level analysis of memory dumps in order to search the presence of… read more »
-
Jul 13, 2018
“Shape of My Heart” is a song by Sting from his album "Ten Summoner’s Tales", released in 1993. The song was co-written by guitarist Dominic Miller. This transcription was born during a guitar lesson: one of my students asks me… read more »
-
Jul 11, 2018
Application whitelisting is the practice of specifying an index of approved software applications that are permitted to be present and active on a computer system. The main goal to protect critical systems from potentially malicious applications. How it works? The… read more »
-
Jul 9, 2018
Which is the best command line text editor? Seriously, i don't know! In my opinion, the best choice depends by the context: undoubtedly EMACS is the most complex and comprehensive, and VIM is the right balance between features and simplicity.… read more »
-
Jul 6, 2018
Recently i have found on YouTube some wonderful recordings of Heitor Villa-Lobos playing his own music. https://www.youtube.com/watch?v=KLbZLmIhggA https://www.youtube.com/watch?v=UZkEYK4WKKg The recordings seems to be extracted from the CD Villa Lobos Plays Villa-lobos, published by Sanctus Records and also available on Spotify:… read more »
-
Jul 4, 2018
Researchers at Kromtech Security Center discovers seventeen malicious Docker containers with embedded cryptominer applications that permitted to cybercriminals to earn $90,000 in 30 days. According to the Kromtech's report, containers are shaping up to be the next target for these… read more »
-
Jul 2, 2018
bash (Bourne Again shell) is the standard GNU shell, a powerful tool for the advanced and professional user. This shell is a so-called superset of the Bourne shell, a set of add-ons and plug-ins. This means that the Bourne Again… read more »
-
Jun 29, 2018
This little piece has an interesting story. Many years ago i played guitar for a brief period in a melodic rock group that tried to propose some original songs. In this period i have written some original instrumental pieces but,… read more »
-
Jun 27, 2018
Some days ago, with a colleague, i've talked about the real usefulness of USB hardware locks on critical clients/servers. USB Locks are tools that allows to completely avoid the use of USB ports using a simple padlock. Well, in my… read more »
-
Jun 25, 2018
When you develop an application, often you could need to store some configurations. This data can contain a lot of sensitive informations, and this is a critical point if your sourcecode is hosted on a GitHub repository. In fact, a… read more »
-
Jun 22, 2018
It's not a mistery: a musician needs to spend time with the instrument. If you don’t practice enough, your progress will be much slower than a person who practices more. This leads us to the question: how long should I… read more »
-
Jun 20, 2018
Gargoyle is a memory analysis evasion technique that uses return-oriented programming (RoP) for hiding all of a program’s executable code in non-executable memory when it is inactive, and temporarily mark it executable to do some work at a pre-defined interval… read more »
-
Jun 18, 2018
Impacket is a collection of Python classes, developed by Core Security, for working with network protocols, which provides a low-level programmatic access to the packets and, for some protocols such us SMB1-3 and MSRPC, the protocol implementation itself. The library… read more »
-
Jun 15, 2018
When the first hacking of a telecommunication system occurred? In 1834, according to this article by Tom Standage! At that time there was no Internet or computers, but since 1794 France had its own national telecommunications network: a semaphore telegraph,… read more »
-
Jun 13, 2018
During investigation in a security incident, event log analysis is a key element. If the affected network is managed by Active Directory, identify compromised accounts is a critical step. For such investigation, because is quite difficult to conduct detailed analysis… read more »
-
Jun 11, 2018
With some useful enhanced features! Netcat is a "venerable"network tool, dubbed "the TCP/IP swiss army knife". It's an open source UNIX utility written in C (but also available on a great number of OSs) for performing network related tasks, really… read more »