-
Mar 19, 2018
The problem is always the same: every data that is stored into volatile memory can be extracted with the correct tools/techniques. I've already written a lot of posts about volatility and mimikatz, today i want to write something about KeeFarce.… read more »
-
Mar 16, 2018
Simple, but effective! The Pomodoro technique is a productivity method that uses timers and breaks, emphasizing working in focused bursts. Developed in the 1980s by Francesco Cirillo, the Pomodoro technique is based on a simple concept: write down a task,… read more »
-
Mar 14, 2018
In my point of view, SIFT is the definitive forensic toolkit! The SIFT Workstation is a collection of tools for forensic investigators and incident responders, put together and maintained by a team at SANS and specifically Rob Lee, also available bundled… read more »
-
Mar 12, 2018
Nmap is the most known port scanner, written and maintained by Gordon Lyon (Fyodor). It can be used for network discovery and for most security enumeration during the initial stages of penetration testing. Nmap has a multitude of options and… read more »
-
Mar 9, 2018
For several year i've played classical guitar in the traditional way...but some year ago i've fallen in love with the sonority of nylon guitar played with only the fingertips. So, i've cut my fingernails and started to rebuild my right-hand… read more »
-
Mar 7, 2018
Some months ago a serious vulnerability on EXIM has been disclosed (CVE-2017-16943), and in the last hours Meh Chang (from devco.re) discovered a buffer overflow that allows remote command execution on this MTA. As in March 2017, the total number… read more »
-
Mar 5, 2018
2018's security trends: malicious cryptomining Malicious cryptomining, also sometimes called drive-by mining, is when someone else is using your computer to mine cryptocurrency like Bitcoin or Monero: essentially, they are stealing your resources to make money. [caption id="attachment_2762" align="alignnone" width="852"]… read more »
-
Mar 2, 2018
In a comment on my article Volatility, my own cheatsheet (Part 3): Process Memory, Fabrizio asked me: [...] da un dump di memoria su un sistema win7, ho rilevato che era in esecuzione notepad, è possibile visualizzarne il contenuto? ([...]… read more »
-
Feb 28, 2018
Network printers use a various amount of protocols and firmwares which differ from vendor to vendor and model to model. Obviously, every firmware (and protocol) could be vulnerable and exploitable but, a printer could be an attack vector? Why would… read more »
-
Feb 26, 2018
Since 2014, the use of containers started making a big growth in IT, and especially in devops. The benefits are undeniable: flexibility and go-live times, small size of deployement images, task specific and reproducible containers. However when using a container… read more »
-
Feb 23, 2018
Scales are a valuable tool to improve the coordination between both hands and develop a fluent phrasing. Speed, sound, accuracy, articulation, dynamics these are all techniques that can be worked on with scales. In my opinion, the right hand should… read more »
-
Feb 21, 2018
In some occasions you need to acquire an image of a computer using a boot disk and network connectivity. Usually, this approach is made with a Linux boot disk on the machine under analysis, and another computer used as imaging… read more »
-
Feb 19, 2018
Dynamic and static malware analysis using a lot of preconfigured environments. ANY.RUN is an interactive online malware analysis service that allows both dynamic and static research using environments based on all Windows version from XP to 10, 32 and 64… read more »
-
Feb 16, 2018
Every analyst, during day by day experiences refines its own workflow for timeline creation. Today i propose mine. Required tools Sleutkit Sleuth Kit is a collection of command line tools that allows you to analyze disk images. https://www.sleuthkit.org/sleuthkit/ Volatility The… read more »
-
Feb 14, 2018
Do you think that protect your Excel worksheet with password is safe? You are wrong! Starting with Office 2007, Excel files use the Open Office XML File Format. It’s an open standard, really well documented: http://www.ecma-international.org/publications/standards/Ecma-376.htm Each Excel workbook contains… read more »
-
Feb 12, 2018
Malware authors have always looked for new techniques to stay invisible. This includes being invisible on the compromised machine, but it is even more important to hide malicious indicators and behavior during analysis. Malware authors attempt to utilize techniques to… read more »
-
Feb 9, 2018
Parsing SetupAPI log for fun and profit! USB device history can be a great source of evidence during a forensic analysis, when an examiner needs to determine if an external device was connected to a system and how USB devices… read more »
-
Feb 7, 2018
Often i publish some small code snippets, usually written during development of large projects. Today i want to share a small PHP class that uses Twitter API in order to perform a search and downloads the most recents tweets. In… read more »
-
Feb 5, 2018
During a penetration test, you could lucky enough to find a RCE vulnerability: in this case, the next step should be to obtain an interactive shell. One of the most used method is the creation of a reverse shell, useful… read more »
-
Feb 2, 2018
Let there be no mistake about this: from a technical point of view, 5G Network Slicing is totally awesome! However, some aspects seems to disagree with Network Neutrality principles. What is Network Neutrality? Network neutrality is the principle that Internet… read more »