本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MISCELLANEOUS
Jessica Hyde at Hexordia
Jan 22 Written By Jessica Hyde I am often asked how to get into Digital Forensics and/or Incident Response. It is a great question, often filled with a lot of nuances based on the background of the person asking as well as their areas of interest. That said, I think there are 7 key things that need to be considered; namely, Education, Certification, Resume/ Curriculum Vitae, Networking, Social Media, Mentorship, Applying for Roles, Sharing and Contributing to the field. Let’s dive into each one ...
Samuel Abbott at Amped
We are excited to announce that we will be running a limited video series of Amped Gym challenges starting on February 2 dedicated to all the Amped users with an active SMS plan. The challenges are going to be a way for our users to test your analytical and enhancements skills with Amped FIVE and discover new possibilities in how to improve your workflow during investigations. We will start with 4 challenges, launched onto our Discord channel every two weeks. Each challenge will include a summar...
Andrea Fortuna
Jan 22, 2023 A very short article that I think will be useful to DFIR colleagues. According to this article from Microsoft, after installing Windows 11 build 22H2, Windows events 4688 stopped working correctly. Event ID 4688 is a Windows security event that is generated when a new process is created. This event is usually logged on the computer where the process is created, and it contains information such as the process name, ID, and the user who created it: this event can be useful in identify...
ArcPoint
ArcPoint Forensics and Hexordia LLC Join Forces Jan 25, 2023 | Blog Intro We are proud to announce that ArcPoint Forensics and Hexordia LLC have entered into a strategic partnership to resell the ATRIO product line. Hexordia is an SDVOSB, WOSB, and VOB. By working together, our organizations will be able to provide analysts, investigators, and agents with powerful digital forensics tools to assist in their work. What Does This Mean? ArcPoint Forensics is a leading provider of digital forensics p...
Arctic Wolf
Jordan Bowen at Cado Security
Cassie Doemel at AboutDFIR
AboutDFIR Site Content Update 01/28/2023 By Cassie DoemelOn January 28, 2023January 28, 2023 Tools & Artifacts – Windows – new entries added – LNK Files, Malwarebytes, PsExec, and Prefetch Tools & Artifacts – Android – new entries added – uTorrent and Garmin Connect Tools & Artifacts – File Systems – new entry added – $Security Jobs – old entries cleaned up, new entries added – Raytheon, Charles Schwab, Vanderbilt University, Cisco Talos, IHG Hotels & Resorts, Costco, Trustwave Government Soluti...
Cellebrite
Read the ReleaseLeading Singapore Law Enforcement Agency Awards Cellebrite with $14 Million Agreement for Cellebrite’s Advanced Extraction SolutionRead the ReleaseCellebrite to Release Fourth Quarter and Fiscal Year 2022 Financial Results on February 15, 2023Read the Release Get started NOW AVAILABLE: Cellebrite Premium packaged to fit varying agency needs. Learn more Newsroom / Press Releases / Cellebrite Enterprise Solutions 2023 Industry Trends Report Finds 70 Percent of eDiscovery Profession...
Cellebrite’s Latest Industry Trends Survey for the Private Sector Uncovers Challenges Facing Enterprises January 23, 2023 | Cellebrite Email Introduction In a quickly changing world, corporations must have the latest information about the trends affecting eDiscovery and Corporate Investigations. This is critical in order to provide important insights that can protect their business and employees from internal and external threats. To enable an understanding of where your enterprise – whether sma...
Sylvain Heiniger at Compass Security
January 25, 2023 / Sylvain Heiniger / 0 Comments Red Teaming exercises are getting popular with the growth of security operations centers. These attack simulations aim to help companies improve their defenses and train the blue team. But solid foundations are necessary to get the most of such an exercise. Penetration Test vs Red Teaming First off, let us clear up any confusion. Penetration Testing is focused on coverage while Red Teaming is focused on stealth. Penetration Testing is the way to g...
Joseph Naghdi at Computer Forensics Lab
UK Police overwhelmed by digital forensics as 25,000 devices await checks – 2022 HMICFRS reportdigital forensics investigationsFREE Computer Forensics ToolsComputer Forensics Services Computer Forensics Insights Computer Forensics Services Joseph Naghdi 26/01/2023 No CommentsWhat do computer forensic experts do?Computer Forensics Lab experts identify, discover, recover and analyse digital evidence from all types digital devices such as computers, networks, mobiles phones, hard drives, memory sti...
Craig Ball at ‘Ball in your Court’
ChatGPT Proves a Mediocre Law Student 27 Friday Jan 2023 Posted by craigball in E-Discovery, General Technology Posts ≈ 5 Comments I recently spent a morning testing ChatGPT’s abilities by giving it exercises and quizzes designed for my law and computer science graduate students. Overall, I was impressed with its performance, but also noticed that it’s frequently wrong but never in doubt: a mechanical mansplainer! If you’re asking, “What is ChatGPT,” I’ll let it explain itself: “ChatGPT is a lar...
Robert Graham at Errata Security
Errata Security Wednesday, January 25, 2023 I'm still bitter about Slammer Today is the 20th anniversary of the Slammer worm. I'm still angry over it, so I thought I'd write up my anger. This post will be of interest to nobody, it's just me venting my bitterness and get off my lawn!!Back in the day, I wrote "BlackICE", an intrusion detection and prevention system that ran as both a desktop version and a network appliance. Most cybersec people from that time remember it as the desktop version, bu...
Jonathan Greig at The Record
CybercrimeGovernmentMalwareNews Jonathan Greig January 27, 2023 CybercrimeGovernmentMalwareNews Ransomware experts laud Hive takedown but question impact without arrests The Justice Department’s splashy announcement of the takedown of the Hive ransomware group’s infrastructure on Thursday was reminiscent of other recent high-profile operations against the scourge of ransomware. But the details of the operation set it apart from other ransomware group takedowns in recent years. FBI Director Chris...
Lacework
Lacework Editorial 6 min read Cloud Security Learn more about how Lacework secures from code to cloud Access guided tours & demos Threat detection and response, commonly abbreviated to TDR, is the process of identifying cyber attacks that are intended to cause harm in an organization’s environment — either on-premises or in the cloud. Whether you’re facing a sophisticated phishing attack or a form of never-before-seen malware (also known as an “unknown threat” or “unknown unknown”), threat detec...
MSAB
/ Updates / Interim report Q4 2022, October – December 2022 Interim report Q4 2022, October – December 2022 Summary October – December 2022 • Net sales were SEK 106.6 (108.5) million, a decrease of 1.7 percent compared with the corresponding period last year. Growth adjusted for currency fluctatuations was -10.8 percent. • EBIT amounted to SEK 7.7 (16.2) million, corresponding to an EBIT margin of 7.2 (15.0) percent. • Profit after tax amounted to SEK 6.3 (12.7) million. • Earnings per share bef...
Benjamin Danjoux at NVISO Labs
Benjamin Danjoux SOC January 25, 2023January 24, 2023 7 Minutes This entry is part 13 of 10 in the series Cortex XSOAR Tips & TricksThis entry is part 13 of 10 in the series Cortex XSOAR Tips & Tricks Introduction As an automation platform, Cortex XSOAR fetches data that represents events set at defined moments in time. That metadata is stored within Incidents, will be queried from various systems, and may undergo conversions as it is moves from machines to humans. With its various integrations,...
Brian Fox at Sonatype
The Shifting Landscape of Open Source Supply Chain Attacks - Part 3 January 26, 2023 By Brian Fox 11 minute read time SHARE: This series started with a discussion on how open source software has shifted software development to rely on a supply chain. And how existing supply chains respond, improve, and adapt to make mitigating and remediating unexpected issues easier. In our second post, we looked at how the software supply chain has been under attack for nearly a decade. But while some attacks ...
Melusi shoko at System Weakness
SOC Analyst level 1Here are some of the tasks that a SOC Analyst performs on a daily basis.A SOC (Security Operations Center) Level 1 analyst’s daily tasks may vary based on the organisation and environment, however some frequent activities may include:Monitoring security alertsSecurity alertsAnalyzing security alerts issued by intrusion detection systems (IDS), firewalls, network detection and response (Darktrace), SIEM, ELK stack, and antivirus software.Investigating security incidentsInvestig...
John Kristoff at Netscout
Arbor Networks - DDoS Experts DDoS Remembering SQL Slammer A 20-Year Retrospective by John Kristoff on January 27th, 2023 Executive SummaryTwenty years ago, the internet came as close to a total meltdown as we’ve seen since its commercialization in the 1990s. A UDP network worm payload of just 376 bytes, targeting UDP destination port 1434, aggressively propagated to all vulnerable, internet-connected Microsoft SQL Server hosts worldwide within a matter of minutes. Popularly known as the SQL Sla...
The Security Noob.
Jon Clay at Trend Micro
Subscribe Content added to Folio Folio (0) close Ransomware Recovery Plan for 2023 It’s important to defend against ransomware attacks, but is your organization prepared to deal with the consequences of a breach? Find out how to plan an effective ransomware recovery strategy. By: Jon Clay January 24, 2023 Read time: ( words) Save to Folio Subscribe Ransomware continues to be a significant global threat for organizations in all sectors. In 2022, it accounted for 41% of breaches, with an average c...
Xavier Mertens at /dev/random
January 25, 2023 People / Places Leave a comment Twenty years ago… I decided to start a blog to share my thoughts! That’s why I called it “/dev/random”. How was the Internet twenty years ago? Well, they were good things and bad ones… With the years, the blog content evolved, and I wrote a lot of technical stuff related to my job, experiences, tools, etc. Then, I had the opportunity to attend a lot of security conferences and started to write wrap-ups. With COVID, fewer conferences and no more re...
Peter LaFosse at Binary Ninja
Peter LaFosse 2023-01-26 reversing, meta New year, new Binary Ninja version, new survey and sweepstakes. Take the survey to help shape the future of reverse engineering tools and have a chance to win some great prizes! The survey starts today, January 26, 2023 and will end on February 8, 2023 at 12pm EST. Grand Prizes: One (1) winner will receive a Binary Ninja Commercial named license (may be substituted for a license extension if the winner has an existing license) Runners Up: Five (5) winners...
