-
Jul 13, 2017
Like ‘sed’, for JSON data jq is like sed for JSON data - you can use it to slice and filter and map and transform structured data with the same ease that sed, awk, grep and friends let you play with… read more »
-
Jul 12, 2017
An Open Source tool for analyzing web artifacts. Hindsight is a open source tool for parsing a user’s Chrome browser data. Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill… read more »
-
Jul 11, 2017
Kaspersky Releases an Open Source Digital Forensics Tool Bitscout initially started as a hobby project a few years ago (version 1.0 was never released to the public), and it has been continually improved based on the requirements that arose in… read more »
-
Jul 10, 2017
Let’s try to analyze the memory in more detail… If we try to analyze the memory more thoroughly, without focusing only on the processes, we can find other interesting information. memmap The memmap command shows you exactly which pages are memory… read more »
-
Jul 7, 2017
Why do humans eat meat? Dr. Melanie Joy believes humans eat meat due to the long-engrained ideology of carnism: “Carnism is a dominant ideology, which means it’s embedded deeply in society to the point that it’s considered ‘just the way things are,’”… read more »
-
Jul 6, 2017
Once executed on target system, a malware try to hide itself and achieving persistence on the exploited machine, in order to continue to act even after system reboot. Today let’s try to focus on Windows systems, which have a lot… read more »
-
Jul 5, 2017
A valuable historical document In the 1960s, the Italian TV broadcaster RAI broadcast a fascinating concert by Andres Segovia.I’ve found a copy on Youtube, the sound is slightly distorted, but the program very respectable: 1:27 — “Da un Codice Lautenbuch”, Six lute… read more »
-
Jul 4, 2017
Just some random thoughts about this kind of threat Some days ago, a non-technical friend asked me some informations about ‘fileless malware’. Has been pretty difficult to explain this concept to a person lacking a correct security knowledge, so i have… read more »
-
Jul 3, 2017
Once identified the correct profile, we can start to analyze the processes in the memory and, when the dump come from a windows system, the loaded DLLs. pslist To list the processes of a system, use the pslist command. This walks the… read more »
-
Jun 30, 2017
Using OSINT sources for penetration testing In early stages of a penetration test is a best practice the gathering of the most detailed information about the target, also using public data and search engines. Below there is my short list… read more »
-
Jun 29, 2017
Six Python tools useful for identify and analyse malware Python is a very used scripting language in the field of computer forensics and malware analysis. Today, we look at some of the tools developed in this scripting language that are useful… read more »
-
Jun 28, 2017
Just create a file in c:\windows! Currently we have a lot of information about Petya (ot Notpetya): you can take a look at this post, that i use to collect all information gathered from websites and social networks. And from… read more »
-
Jun 28, 2017
Using vboxmanage and some tools from SleuthKit A key step in a forensic analysis is the creation of a timeline of the filesystem operations.The operation can be performed using (for example) the fls tool from Sleuthkit, that exports the timeline… read more »
-
Jun 27, 2017
What we know so far? UPDATE: We have a local vaccine New ransomware start spreading in Ukraine and shutdown a lot of critical infrastructures (hospitals, airport, banks and power plants). Some report coming also from Italy, Germany and Spain. Early comments on… read more »
-
Jun 27, 2017
Using a direct access to /sys/class/backlight My Debian laptop is configured with a very minimal setup, using i3 as window manager and without any graphical tool for system management. To manage the screen brightness i choosed not using a specific… read more »
-
Jun 25, 2017
In order to start a memory analysis with Volatility, the identification of the type of memory image is a mandatory step. Here some usefull commands. imageinfo For a high level summary of the memory sample you’re analyzing, use the imageinfo… read more »
-
Jun 23, 2017
In order to analyze it with Volatility Usually i use a VirtualBox sandbox in order to ‘detonate’ some malware and analyze the behavior of them. In this phase, the analysis of sandbox’s ram with Volatility is a mandatory step.But, how… read more »
-
Jun 22, 2017
The research paper by P1 Security was presented last week in a security conference in France A team of researchers from security firm P1 Security has detailed a list of flaws in the VoLTE protocol that allows an attacker to spoof… read more »
-
Jun 21, 2017
A research by Japan Computer Emergency Response Team With “lateral movement’ we identify the techniques that enable an adversary to access and control remote systems on a network: an attacker can use lateral movement for many purposes, including remote execution… read more »
-
Jun 20, 2017
Great speech by Keren Elazari from TED.com Keren Elazari is an internationally recognized researcher, author and speaker on all matters cyber security and hacker culture. Since 2000, Keren has worked with leading security firms, public organizations, Big 4 and Fortune 500… read more »