本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MISCELLANEOUS
Jessica Hyde from Hexordia
Hi! This is Jessica Hyde and I am so excited to announce the plans for the upcoming Capture The Flag contests during our Magnet Virtual Summit this February and March and in-person Magnet User Summit event in Nashville in April. This year we are creating TWO CTFs, each with unique different data sources and questions. I have been having a blast working with the amazing students Dylan Navarro, Alayna Cash, Lorena Castillo, A’zariya Daniels, Austin Grupposo, and Thomas Claflin from the Champlain D...
Ben Heater
Proxmox Proxmox: Running OpenCTI In this post, I walk you through steps of running an OpenCTI server to aggregate threat intelligence into a single interface. a day ago • 12 min read By 0xBEN Table of contents OpenCTI Project GitHubOpenCTI PlatformOpen Cyber Threat Intelligence Platform. OpenCTI Platform has 6 repositories available. Follow their code on GitHub.GitHub OpenCTI Project DocumentationNotion – The all-in-one workspace for your notes, tasks, wikis, and databases.A new tool that blends...
Cassie Doemel at AboutDFIR
AboutDFIR Site Content Update 01/15/23 By Cassie DoemelOn January 15, 2023January 14, 2023 Tools & Artifacts – Windows – new entries added – Program Compatibility Assistant, Security:4624 (Win11), and Notepad++ Tools & Artifacts – iOS– new entries added – Apple Watch Data and Continuity/Cellular Relay Tools & Artifacts – Android – new entry added – TikTok Annual Industry Reports – new entry added – Google Threat Report Jobs – old entries cleaned up, new entries added -Fortinet, Nissan, American ...
Albert Robinson at Cellebrite
Android Forensics, Smart Flow, Selective File System Extraction – Part 2 of Cellebrite Solutions 2022 Update Summary January 16, 2023 | Albert Robinson | Product Marketing Writer at Cellebrite Email Cellebrite released many updates to its digital intelligence and forensics solutions in 2022. These updates were covered in a recent on-demand webinar you can watch here. This blog is part 2 in the series and will highlight the mobile device forensic tool updates supporting Android devices. You can r...
Robert B. Fried at Sandline Global and Ryan Parthemore at Cellebrite
Perspectives on Electronic Evidence Management January 8, 2023 | Robert B. Fried, Senior Vice President & Global Head of Forensics and Investigations, Sandline Global & Ryan Parthemore, Saas Evangelist, Cellebrite Email Source: PI Magazine print issue, Jan/Feb 2023 There are different standards, considerations, and perspectives regarding the documentation and management of electronic evidence. Ideally, a digital forensic practitioner who handles or interacts with evidence understands the various...
Ariel Watson at Cellebrite
Physical Analyzer, PA Ultra, Cryptocurrency Enrichment and Location Data – Part 3 of Cellebrite Solutions 2022 Update Summary January 18, 2023 | Ariel Watson - Senior Manager of Digital Intelligence & Forensics Web Content Email Cellebrite released many updates to its digital intelligence and forensics solutions in 2022. This blog is a continuation of: Part 1 – iOS Forensics Advanced Logical File System Extraction and Checkm8 – Cellebrite Solutions 2022 Update Summary Part 2 – Android Forensics,...
Consultancy.com.au
16 January 2023 Consultancy.com.au 7 min. read More news on Cyber Security Recent high-profile data breaches have shown that Australian organisations are firmly in the crosshairs of cyber adversaries. These breaches have also illustrated that – when they are hit by an intrusion – many organisations’ security measures fall short of what is required to adequately secure their data, writes Nick Lowe, a Director at CrowdStrike Falcon. Over the past year, Australia has experienced a 33 per cent rise ...
Bret at Cyber Gladius
PowerShell is a powerful scripting language that makes automating Windows system admin tasks a breeze. If you’re new to PowerShell scripting, you may feel overwhelmed. There are so many different commands it can take a lot of work to know where to start. To help make your journey into PowerShell scripting easier, here are some of the top commands every new PowerShell scripter needs to know. PowerShell Commands Name Structure PowerShell commands are structured using a “verb–noun” naming pattern. ...
Doug Burks at Security Onion
Many folks have asked for a printed version of our official online documentation and we're excited to provide that! Whether you work on airgap networks or simply want a portable reference that doesn't require an Internet connection or batteries, this is what you've been asking for.Thanks to Richard Bejtlich for writing the inspiring foreword!Proceeds go to the Rural Technology Fund!This 20230112 edition has been updated for Security Onion 2.3.200 and includes a 20% discount code for our on-deman...
Forensic Focus
Aamir Lakhani at Fortinet
By Aamir Lakhani | January 18, 2023 As the world of technology continues to evolve, so have the types of ransomware attacks that can impact organizations. For most businesses, data is their most valuable asset, and without protections against ransomware in place, employees can put themselves and their organization at risk of losing critical information. Having a ransomware protection strategy that incorporates cyber-hygiene best practices should be top of mind for businesses and their employees....
Grayshift
Johann Hofmann at Griffeye
Harlan Carvey at Huntress
Why Having Backups Isn't Enough Previous Post Next Post It’s been widely understood and accepted for some time that a critical component of surviving a cyberattack is to have a solid, tested business continuity and disaster recovery (DR) plan that includes offline backups. This DR plan should include verification of backups, as well as regular testing to ensure that your business can effectively recover using those backups. Verifying the backup process is paramount. Even as far back as the late ...
Ismail Tasdelen at InfoSec Write-ups
Photo by ev on UnsplashIn this article, I will be talking about how you can create an incident response. An incident response plan is a documented process for responding to a cybersecurity incident or data breach. It should outline the steps that an organization should take when responding to an incident, including how to contain the incident, how to recover from it, and how to prevent future incidents.To create an incident response plan, follow these steps:Identify potential incidents: Determin...
Lisa Forte at Red Goat
Written by: Lisa Forte Categorized: Cyber Resilience Bitcoin has been synonymous with ransomware for as long as cybercriminals have been encrypting hard drives. Now ransoms are increasingly being demanded in alternative cryptocurrencies such as Monero and other privacy coins. In this article we look at why this shift is happening, how these currencies work and what cyber professionals need to know.Traditionally the ransomware lock-screens that have heralded a bad day for your IT Team have ended ...
RJM at Anchored Narratives
Anchored Narratives on Threat Intelligence and GeopoliticsSubscribeSign inShare this postCourse Review - Zero2Automated Advanced Malware Analysis Courseanchorednarratives.substack.comCopy linkTwitterFacebookEmailCourse Review - Zero2Automated Advanced Malware Analysis CourseThe OSCP experience for reversing malware. Try harder!RJMFeb 12, 2022Share this postCourse Review - Zero2Automated Advanced Malware Analysis Courseanchorednarratives.substack.comCopy linkTwitterFacebookEmailCover Certificatio...
Sam Sabin at Axios
Sam Sabin, author of Axios CodebookAxios on facebookAxios on twitterAxios on linkedinAxios on emailIllustration: Sarah Grillo/AxiosCriminal gangs are using a new method to guarantee a ransomware payout: They're ditching the part where they lock up a target firm's systems by encrypting them and are skipping straight to holding the company's precious data for ransom.The big picture: As law enforcement attention on ransomware grows, gangs are constantly looking for less-flashy, but still efficient ...
Anusthika Jeyashankar at Security Investigation
Home Active Directory Attack Network Attack SIEM TOOLS IOC Mitre Att&ck E-Mail Attack Search Security Investigation Be the first to investigate Home Active Directory Attack OS Credential Dumping- LSASS Memory vs Windows Logs Credential Dumping using Windows Network Providers – How to Respond The Flow of Event Telemetry Blocking – Detection & Response UEFI Persistence via WPBBIN – Detection & Response Microsoft Notified Blueteam to Monitor Sqlps.exe and Powershell Network Attack What is Port Forw...
Jason Roslewicz at Sumuri
A.I it’s not just for term papers anymore! In recent years, artificial intelligence (AI) has been increasingly used in eDiscovery to assist with tasks such as document review, data analysis, and predictive coding. AI is now an essential and anticipated aspect of eDiscovery. One of the most notable examples of this is the use of language models like OpenAI’s GPT-3 and its competitors such as Google’s TensorFlow, Hugging Face’s BERT, and eDiscovery providers such as Relativity’s ECA AI and Open Te...
The Security Noob.
Posted on 19/01/202319/01/2023 This book is a little different to the ones I have been reading recently in that it is more general in a sense that it covers the whole cybersecurity umbrella regarding red and blue teaming and the like. It’s nice every now and then to just read book like this every now and then over some others that are more like work, educational and reference books now this IS educational so don’t get me wrong but it’s not based in a specific subject so no need to really get the...
Trail of Bits
Post January 17, 2023 Leave a comment A new tool for Windows RPC research By Aaron LeMasters Trail of Bits is releasing a new tool for exploring RPC clients and servers on Windows. RPC Investigator is a .NET application that builds on the NtApiDotNet platform for enumerating, decompiling/parsing and communicating with arbitrary RPC servers. We’ve added visualization and additional features that offer a new way to explore RPC. RPC is an important communication mechanism in Windows, not only becau...
