-
Oct 25, 2017
Spreads via network, currently hits Russia, Ukraine, Germany, Japan, and Turkey A variant of Petya/NotPetya/EternalPetya called BadRabbit and probably prepared by the same authors has infected several big Russian media outlets. BadRabbit uses SMB to propagate laterally with a hardcoded… read more »
-
Oct 23, 2017
SID is one of the core data structures in the NT security infrastructure A Security Identifier (commonly abbreviated SID) is a unique, immutable identifier of a user, user group, or other security principal. A security principal has a single SID… read more »
-
Oct 20, 2017
On Windows systems, event logs contains a lot of useful information about the system and its users. Depending on the logging level enabled and the version of Windows installed, event logs can provide investigators with details about applications, login timestamps for… read more »
-
Oct 19, 2017
Release the KRACKen! Security researcher Mathy Vanhoef has discovered several vulnerabilities in the core of WPA2 protocol that could allow an attacker to hack into a Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a authentication scheme widely used… read more »
-
Oct 18, 2017
Windows registry contains information that are helpful during a forensic analysis Windows registry is an excellent source for evidential data, and knowing the type of information that could possible exist in the registry and location is critical during the forensic analysis… read more »
-
Oct 16, 2017
Amcache and Shimcache can provide a timeline of which program was executed and when it was first run and last modified In addition, these artifacts provide program information regarding the file path, size, and hash depending on the OS version. Amcache… read more »
-
Oct 11, 2017
Some information raised during preparation of GCFA exam The New Technology File System (NTFS) is a file system developed and introduced by Microsoft in 1995 with Windows NT as a replacement for the FAT file system. Versions Microsoft has released five… read more »
-
Oct 10, 2017
A Python script for auditing wireless networks Do you know Wifite? It’s a great wifi auditing tool, designed for use with pentesting distributions of Linux, such as Kali Linux, Pentoo, BackBox and any Linux distributions with wireless drivers patched for injection (so… read more »
-
Oct 9, 2017
A technique used by malware author to evade defenses and detection analysis of malicious processes execution Process hollowing is a technique used by malware in which a legitimate process is loaded on the system solely to act as a container… read more »
-
Oct 6, 2017
Essential information during timeline analysis During a forensic analysis, especially during timeline analysis, you deal with MAC timestamps, so it’s important to know and understand the concept of time resolution. The MAC(b) times are derived from file system metadata and… read more »
-
Oct 4, 2017
Some information raised during preparation of GCFA exam FAT, or File Allocation Table, is a file system that is designed to keep track of allocation status of clusters on a hard drive. Originally designed in 1977 for use on floppy disks… read more »
-
Oct 2, 2017
Integral part to the Windows Operating System and essential for DFIR analysts Shadow Copy (also known as Volume Snapshot Service, Volume Shadow Copy Service or VSS) is a technology included in Microsoft Windows that allows taking manual or automatic backup copies… read more »
-
Sep 29, 2017
A mono-GPU password cracking tool BitLocker is a full disk encryption feature included with Windows Vista and later. It is designed to protect data by providing encryption for entire volumes, using by default AES encryption algorithm in cipher block chaining(CBC) or… read more »
-
Sep 27, 2017
A new cryptocurrency on which to bet? Recently, ThePirateBay conducted an experiment to see if it could replace the advertisements that keep the site afloat with a new monetization scheme: using visitors’ browsers to mine cryptocurrency. So, the webmasters has embedded… read more »
-
Sep 26, 2017
A simple and useful snippet Recently i’ve developed a simple webscraper that extract magnet links from a specific page and starts the download with bittorrent. The core of the script is the code snippet below, that uses pyquery in order to… read more »
-
Sep 22, 2017
Looking for a good alternative to CCleaner? Take a look to BleachBit! A good analysis by Cisco Talos Version 5.33 of the CCleaner downloaded between August 15 and September 12 was modified to include the Floxif malware: We would like to… read more »
-
Sep 21, 2017
A bug really difficult to reproduce! Hanno Böck, a freelance journalist, has disclosed a bug in Apache Web Server causes servers to leak pieces of arbitrary memory in a way that could expose passwords or other secrets, like the most… read more »
-
Sep 20, 2017
How to share code snippets from command line Gist.github.com is a great service provided by GitHub, useful to share code snippets. You can share single files, parts of files, or full applications: every gist is a Git repository, which means that… read more »
-
Sep 18, 2017
Useful during analysis of malicious sites Yesterday in my twitter stream i’ve seen this tweet by Florian Roth: [embed]https://twitter.com/cyb3rops/status/902934898700320770[/embed] During the analysis of a malicious site, one of the first step is the deobfuscation of the suspicious javascript. There are… read more »
-
Sep 15, 2017
Do you know what is the blockchain? You should! How an independent, transparent, and permanent database coexisting in multiple locations and shared by a community will changing money and business? In this lucid and simple talk, Bettina Warburg describes how… read more »