本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Ahmed Belhadjadji
//app.letsdefend.io/challenge/windows-forensicsThis is a writeup for the “Windows Forensics” letsdefend challengeThe organization has been the target of a phishing campaign, and as a result, the phishing email has been opened on three systems within our network. To identify the Tactics, Techniques, and Procedures (TTPs) employed by the attackers, a rapid triage image was taken from one of the compromised systems and submitted to you for analysis. We need your expertise to help our incident respo...
Emma Sousa at Forgotten Nook
CyberDefenders - InsiderAuthorsNameEmmaTwitterCyber Defenders - InsiderCase Overview: After Karen started working for 'TAAUSAI,' she began to do some illegal activities inside the company. 'TAAUSAI' hired you to kick off an investigation on this case. You acquired a disk image and found that Karen uses Linux OS on her machine. Analyze the disk image of Karen's computer and answer the provided questions.Link to ChallengeTools Used:AccessData FTK Imager 4.5.0.3 [free tool]Verify the hash of the do...
CyberDefenders - L'espionAuthorsNameEmmaTwitterCyber Defenders - L'espionCase Overview: You have been tasked by a client whose network was compromised and brought offline to investigate the incident and determine the attacker's identity. Incident responders and digital forensic investigators are currently on the scene and have conducted a preliminary investigation. Their findings show that the attack originated from a single user account, probably, an insider. Investigate the incident, find the ...
Eric Capuano
blog.ecapuano.comCopy linkTwitterFacebookEmailFind Threats in Event Logs with HayabusaA powerful technique for finding threats in Windows event logs.Eric CapuanoMar 2121Share this postFind Threats in Event Logs with Hayabusablog.ecapuano.comCopy linkTwitterFacebookEmailWhat is Hayabusa?I am a huge fan of the open source Hayabusa from Yamato Security and you’ll soon know why.Description pulled directly from the repo:Hayabusa is a Windows event log fast forensics timeline generator and threat hunt...
Eric’s SubstackSubscribeSign inShare this postA "Thank You" to Paid Subscribersblog.ecapuano.comCopy linkTwitterFacebookEmailA "Thank You" to Paid SubscribersI sincerely want to thank those of you that are supporting this blog. Here are some resources just for you.Eric CapuanoMar 204Share this postA "Thank You" to Paid Subscribersblog.ecapuano.comCopy linkTwitterFacebookEmailKeep reading with a 7-day free trialSubscribe to Eric’s Substack to keep reading this post and get 7 days of free access t...
blog.ecapuano.comCopy linkTwitterFacebookEmailSo you want to be a SOC Analyst? Part 4Now that we've detected attacks, let's learn to actively block an attack.Eric CapuanoMar 204Share this postSo you want to be a SOC Analyst? Part 4blog.ecapuano.comCopy linkTwitterFacebookEmailIf you just landed here, be sure to check out the Intro to this series for backstory. You absolutely need to cover Part 1, Part 2, and Part 3 before you proceed here.Blocking AttacksSo in Part 3 we learned that we can craft...
Forensafe
Investigating Window Bittorrent 21/03/2023 Monday BitTorrent is a peer-to-peer file sharing software that allows users to share large files such as movies, music and so on over the internet. It works by breaking down large files into smaller pieces and distributing them across a network of users, known as a swarm. When a user wants to download a file, they connect to the swarm and start downloading and uploading pieces of the file to and from other users. This means that as more users join the s...
Investigating Window Avira Antivirus 24/03/2023 Friday Avira is a security software company that provides customers with secure and private digital solutions. Avira antivirus is one of the company's essential and well known solutions which is available for free. Avira claims that its antivirus software provides protection and repairing services without affecting the performance of the devices. Digital Forensics Value of Avira Antivirus Windows Avira Antivirus artifacts retain information about d...
Khris Tolbert at MaverisLabs
Published inMaveris LabsKhris TolbertFollowMar 24·7 min readHTB: CA2023 — Forensics Interstellar C2The folks at HackTheBox put on another fun/great event!One of my favorite solves from this event was the Forensic Interstellar C2 challenge. I really enjoyed the realistic-ish hunt via PCAP of a suspected PowerShell dropper and it’s encrypted traffic. It was a nice break from burning myself out on crypto challenges (why does sagemath hate me so much?).As this challenge was ranked “hard” and at the ...
Oleg Afonin at Elcomsoft
Sideloading the Extraction Agent using a FirewallHomePod Forensics I: Pwning the HomePodRight Method, Wrong OrderPassword Recovery and Data Decryption: Getting Around and AboutBehind the Scenes of iOS Data Extraction: Exploring the Extraction AgentiOS Forensic Toolkit Maintenance: Following Apple iOS UpdatesForensically Sound checkm8 Extraction: Repeatable, Verifiable and SafeApple Releases iOS 12.5.7, iOS 15.7.3. What About Low-Level Extraction?iOS 15.5 Low-Level Keychain ExtractionMore... Even...
HomePod Forensics I: Pwning the HomePodRight Method, Wrong OrderPassword Recovery and Data Decryption: Getting Around and AboutBehind the Scenes of iOS Data Extraction: Exploring the Extraction AgentiOS Forensic Toolkit Maintenance: Following Apple iOS UpdatesForensically Sound checkm8 Extraction: Repeatable, Verifiable and SafeApple Releases iOS 12.5.7, iOS 15.7.3. What About Low-Level Extraction?iOS 15.5 Low-Level Keychain ExtractionMore... Events Official site About us Home Categories General...
Angel Garrow at tcdi
Home / The Hidden Dangers of Entrusting Forensic Data Collections to Your Internal IT Team Tags: Author - Garrow, Computer Forensics, data collections, digital forensics 24 March, 2023 In today’s digital world, we’re all connected to our electronic devices, social media platforms, and cloud-based accounts like Gmail and DropBox. Remember the last time you printed something to file away? Even if you do, chances are you haven’t referenced it in a while. Digital files have made our lives easier, al...
Andrew Case at Volatility Labs
As mentioned in a recent blog post, our team is once again offering in-person training, and we have substantially updated our course for this occasion. Over the next several weeks, we will be publishing a series of blog posts, offering a sneak peek at the types of analysis incorporated into the updated Malware & Memory Forensics training course.IntroductionTo begin the series, this post discusses a new detection technique for hidden services on Windows 7 through 11. Since not all readers will be...
