解析メモ

マルウェア解析してみたり解析に役に立ちそうと思ったことをメモする場所。このサイトはGoogle Analyticsを利用しています。

4n6 WEEK 50 – 2022 - MISCELLANEOUS

本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。「Buy me a coffee」からカンパをすると喜ばれます。

MISCELLANEOUS

Adam at Hexacorn

December 8, 2022 in Incident Response, SOC, Triage Over last few years we moved away from a SOC that used to be almost solely focused on Network and Windows events and artifacts (probably a strong fintech bias here) towards the one that is a Frankenstein’s monster we see today – very fractured, multi-dimensional, multi-platform, multi-architectural, multi-device and multi-everything-centric, plus certainly multi-regional (regulated markets, data across borders)/privacy-savvy, on- and off-prem, c...

Adrian at ‘Agood cloud’

  • go to homepage Toggle Navigation Home Blog Projects All AWS Free and Open Source TheHive/Cortex/MISP Tools Pokemon Value over the long term Celestial Storm Unbroken Bonds Hiking My hikes Contact ssh honeypot with fail2ban and AWS SQS to MISP By Adrian | December 7, 2022 So I wanted to do something which has been done many times before and that was to create an SSH honeypot for some threat intelligence collection purposes. The twist to this is that I want to send the results to MISP and I came ...

Brian Maloney

Security and Compliance - All Apps - Microsoft 365 App Certification | Microsoft Learn Windows Azure Active Directory 00000002-0000-0000-c000-000000000000 Azure App IDs Security and Compliance - All Apps - Microsoft 365 App Certification | Microsoft Learn Office 365 Exchange Online 00000002-0000-0ff1-ce00-000000000000 Azure App IDs Security and Compliance - All Apps - Microsoft 365 App Certification | Microsoft Learn Microsoft Graph 00000003-0000-0000-c000-000000000000 Azure App IDs Security and...

Chris Sanders

Posted on December 6, 2022December 5, 2022 I’m excited to announce my 2022 Golden Ticket Fundraiser! With this fundraiser, you’ll have a chance to win some fantastic prizes, including a free seat in EVERY training course I offer! Along the way, we’ll raise money for some worthy causes: the Rural Technology Fund and a collection of food banks worldwide! Read the complete list of prizes and entry details at //ruraltechfund.org/goldenticket/.The fundraiser runs from December 6th to December 20th. P...

Bret at Cyber Gladius

Building a company-specific wordlist is a skill both Defenders and Attackers need. When defending, it is vital to ensure that users are not using weak passwords to protect assets. We need to think like an Attacker and develop the same wordlists an attacker would use against us in brute-force attacks. A custom company-specific wordlist enables a Defender to conduct password audits or block weak passwords from being set. In this post, we will think like an Attacker and create a company-specific wo...

Reza Rafati at Cyberwarzone

1 week ago Reza Rafati CYBERWARZONE – Threat actors are individuals or organizations that use malicious tactics to gain access to a person or organization’s confidential information, systems, or networks. They may use various techniques to carry out their objectives, such as phishing, malware, and social engineering. The impact of these activities can be far-reaching, as they can cause costly damage to businesses and disrupt critical operations. Threat actors are typically motivated by financial...

1 week ago Reza Rafati CYBERWARZONE – Security Operation Centers (SOCs) are dedicated units that provide a comprehensive view of an organization’s security posture. They are designed to detect, analyze, and respond to cyber threats in a timely manner. SOCs are becoming increasingly important for organizations of all sizes as cyber threats continue to evolve. In this article, we will provide ten steps to help you build your own security operation center. 1. Establish governance standards: Establi...

Desi at Hardly Adequate

Leave a Comment / Critical Infrastructure, Thoughts / By desi Something that I took for granted early on in my career was translating the technical so what into risk and even how to explain that to people who don’t know technical content. One thing that I have appreciated in working with some amazing and intelligent people in my last three jobs is observing them be so eloquent in how they explain the so what to senior leaders and people who aren’t in the cyber security space. It always reminds m...

Brett Shavers at DFIR.Training

Dec 07, 2022 Short version: Complete a DFIR tools & training survey . Get one (or more chances if you share the survey) to win a free book. Winner will be chosen on January 6, 2023. Go to the survey here: //survey.zohopublic.com/zs/oOCzKw Then enter the giveaway here: //survey.zohopublic.com/zs/pXCz2d Longer version: See where you fit in the world of DFIR folks with this survey. It’s only 30 questions with checkboxes. You’ll get an entry for a free book (free shipping too!). If you share the sur...

Forensic Focus

Grayshift

Lesley Carhart

Career Counseling Office Hours! I now have some limited appointments for career counseling and resume discussion open for sign-ups. These sessions are free for college students and current enlisted military, and tip-what-you can for everyone else, if you feel my help was meaningful. You can sign up here: //calendly.com/lesleycarhart Keep in mind that I can only review North American style resumes, not international CVs, and I do not take the place of a grammar and style resume editor, who everyo...

Magnet Forensics

In this solution brief, learn how Magnet AUTOMATE Enterprise complements SOAR solutions to enable immediate and automatic collections and forensic processing at scale. Click here to directly download a PDF of the overview. Benefits of Automation in DFIR Digital Forensics and Incident Response (DFIR) use cases require the coordinated effort of people, processes, and technology. Orchestration and automation solutions can help forensics labs: Define and execute digital workflows;Increase the speed,...

By founder & CTO, Jad Saliba One of my biggest motivating factors in seeing Magnet Forensics succeed over the years was to make sure we could truly achieve our mission to seek justice and protect the innocent. I’ve worked with so many agencies over the years and heard about a lot of successes, roadblocks, and above all stories—both heartwarming and horrific. Of course, some of the most heinous activity is seen day in and day out by the Internet Crimes Against Children (ICAC) task forces in many ...

How to Build a Windows 10 ‘Windows to Go’ Drive to Support Offline Collections With Magnet OUTRIDER and Magnet ACQUIRE A bootable Windows to Go SSD that can boot and run Magnet OUTRIDER and Magnet ACQUIRE in dead-disk situations. Includes syntax to use Diskpart.exe to bring drive(s) to acquire online in Read-Only mode. The idea originated here, with documented changes and updates. By incorporating other live response tools (RAM capture, EDD, Process Capture etc. on same drive) – you’re ready for...

With the range of cybersecurity threats targeting government agencies, it’s not a matter of if a cyberattack will occur, it’s a matter of when. With that in mind, cybersecurity teams need to prioritize developing, implementing, and updating their incident response playbook to help reduce the impact and recovery time of a cybersecurity incident. A key step in developing a successful incident response playbook is the post-incident review and analysis. Effective prevention of future events needs to...

MobilEdit

December 7, 2022 Lucia Dlugošová As 2022 comes to an end, MOBILedit can look back on a year full of significant improvements, breakthrough innovations, and amazing interactions with our customers. We developed brand new products like the Smartwatch Kit and MOBILedit Cloud Forensic and strengthened our team with new, field-experienced members, giving us an even better view from the end-users perspective. With our groundbreaking development of smartwatch forensics, we’ve reaffirmed our position as...

Richard Frawley at ADF

Posted by Richard T. Frawley on December 7, 2022 Find me on: LinkedIn Twitter Tweet Victims and witnesses are encountered every day in law enforcement and you can almost guarantee that they will have some sort of digital evidence to go along with their account of the situation or incident. No need to look any further than the window to their world: their mobile device. Mobile devices have become an everyday item and can be seen in the hands of just about everyone you pass on the streets today. W...

Salvation DATA

Work Tips 2022-12-07 Working as a forensic video analyst, you could always encounter challenges during your work, which could sometimes severely impact and even lead to your case cracking and investigation being in vain. However, it doesn’t mean you’re out of chances to improve the expected outcome of your investigative cases. Based on our over 20 years project experience working with forensic video experts on various successfully closed cases all over the world, below few crucial tips is of som...

SANS

homepage Open menu Go one level top Train and Certify Train and Certify Immediately apply the skills and techniques learned in SANS courses, ranges, and summits Overview Courses Overview Full Course List By Focus Areas Cloud Security Cyber Defense Cybersecurity and IT Essentials DFIR Industrial Control Systems Offensive Operations Management, Legal, and Audit By Skill Levels New to Cyber Essentials Advanced Expert Training Formats OnDemand In-Person Live Online Course Demos Training Roadmaps Ski...