解析メモ

マルウェア解析してみたり解析に役に立ちそうと思ったことをメモする場所。このサイトはGoogle Analyticsを利用しています。

4n6 Week 34 – 2023 - MISCELLANEOUS

本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。

MISCELLANEOUS

Adam Goss

Adam Goss·Follow13 min read·6 days ago--ShareYour organization’s incident response playbook can be the difference between defending against a cyber attack and becoming a victim.An incident response playbook is a step-by-step guide on how your organization shouldrespond to and manage cybersecurity incidents. It provides your security team with instructions to follow when they encounter a potential cyber attack and are a proactive approach to minimizing the impact of an attack.All organizations wi...

ADF Solutions

From Data Extraction to Courtroom: ADF Solutions' Integrated Workflow for Digital Forensic Investigations Posted by Seth Land on August 16, 2023 Find me on: LinkedIn Tweet Digital forensics plays a crucial role in modern-day investigations, especially in the realm of cybercrime and law enforcement. In the complex world of digital evidence, an effective and streamlined workflow is essential for successful outcomes. Digital forensic investigations involve the collection, analysis, and preservation...

Posted by ADF Solutions on August 18, 2023 Find me on: Facebook LinkedIn Twitter Tweet The ability to extract crucial data from Android and iOS devices efficiently is paramount. As the usage of smartphones continues to soar, investigators and analysts require reliable tools to acquire and preserve data for examination. The ability to scan and analyze mobile devices is vital whether you are an investigator, a digital forensics expert, or simply someone concerned about the security of your own dev...

Jack Zalesskiy at Any.Run

August 17, 2023 Add comment 514 views 8 min read HomeCybersecurity LifehacksWhat is an Incident Response Plan: 6 Example Templates and Definition Recent posts What is an Incident Response Plan: 6 Example Templates and Definition 514 0 Expert Q&A: Roberto Gonzalez on OSINT, Impact of AI, and More 627 0 Top 3 Prevalent Malware of Q2 2023: Overview 1280 0 HomeCybersecurity LifehacksWhat is an Incident Response Plan: 6 Example Templates and Definition Having an incident response plan is key to minim...

Belkasoft

Devices can be seized under various circumstances, and situations, where digital examiners do not have the passcodes to access them, are not uncommon. Such devices may remain in a DFIR lab for years, concealing crucial evidence. However, you should not give up on them, as brute-force methods exist, allowing you to discover device passcodes, and these methods continue to evolve. Brute-force is a trial-and-error technique used to guess unknown information like logins, passwords, passcodes, and so ...

Ben Heater

Wazuh Upgrading Wazuh Components In this post, I'll be covering process of upgrading Wazuh tailored to some customizations in my environment. 2 months ago • 5 min read By 0xBEN Table of contents Why I'm Writing this PostIn some previous posts, I've gone over a few topics that necessitate this post, including:Introduced the process of installing and configuring WazuhCovering in detail the OwlH NIDS integration with WazuhCovering the logall_json log archiving option in WazuhFor anyone who may have...

Bhargav Rathod at DFRWS

Home Blogs APAC DFRWS-APAC Teams With GovWare on Room Rates, Conference Access 14 - Aug 2023 DFRWS-APAC Teams With GovWare on Room Rates, Conference Access By Bhargav Rathod The Digital Forensics Research Workshop is teaming up with the annual GovWare Conference and Exhibition for a one-of-a-kind opportunity to bring together cyber professionals from around the world. The two events are being held concurrently during Singapore International Cyber Week (SICW) on 17–19 October, giving us an unprec...

Devon Ackerman at AboutDFIR

Day 3 – Locard’s Exchange Principle and #DFIR By DevonOn August 14, 2023August 14, 2023 Day 3 – Excerpt from my newly released book, “Diving In – An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn” which you can get your copy here -< //www.amazon.com/Diving-Responders-Executives-Insurance-Audiences/dp/B0CCCHTN8R “Locard’s Exchange Principle is a fundamental concept in traditional forensic science, which posits that ‘every contact leave...

Day 4 – Excerpt from Chapter 4 – User Causality in the context of DFIR By DevonOn August 15, 2023 Day 4 – Excerpt from my newly released book, “Diving In – An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn” which you can get your copy here -< //www.amazon.com/Diving-Responders-Executives-Insurance-Audiences/dp/B0CCCHTN8R “User causality in the context of Digital Forensics science refers to the relationship between a user’s actions (ca...

Day 5 – Excerpt from Chapter 5 – “Intrusion Lifecycles” By DevonOn August 19, 2023 Day 5 – Excerpt from my newly released book, “Diving In – An Incident Responder’s Journey: A Guide for Executives, Lawyers, Insurance, Brokers & Audiences Eager to Learn” which you can purchase your copy here -< //www.amazon.com/Diving-Responders-Executives-Insurance-Audiences/dp/B0CCCHTN8R “Nearly all intrusions involve some type of scouting stage, although attackers may not have specific targets in mind when the...

Forensic Focus

Jeffrey Appel

0 Onboard and configure Defender for Endpoint for non-persistent VDI environments 0 How to use Defender for IoT firmware Scanning for checking potential security vulnerabilities and weaknesses 0 Block apps (discovered/ shadow IT) with Defender for Cloud Apps and Defender for Endpoint 3 Manage Defender for Endpoint for Windows, macOS, and Linux via Security settings management 1 How to protect Azure storage accounts (Blob) using Defender for Storage 0 This website uses cookies to provide an optim...

Magnet Forensics

To help you work as efficiently as possible when collecting and examining from mobile evidence sources, we’re excited to introduce our latest mobile integration: you can now initiate processing of full filesystem mobile images with Magnet AXIOM and Magnet AXIOM Cyber directly from the GrayKey or VeraKey UI! This feature will help to speed up your mobile workflows by eliminating previously required steps and manual touchpoints while helping you surface the most data and provide the best analysis ...

Magnet Forensics, a developer of digital investigation solutions for more than 4,000 enterprises and public safety agencies in over 100 countries, is proud to share a partnership with Jamf, the industry standard in managing and securing Apple endpoints at work— to simplify the digital investigation of macOS endpoints. Thanks to this partnership, Magnet Forensics customers can now reliably acquire data from remote macOS devices providing them with the evidence they need for thorough internal inve...

The use of Mac computers for business applications continues to grow steadily. In US-based enterprise companies (1,000+ employees), IDC reported the usage of macOS devices is around 23%, up 6% from 2 years prior. But when Apple made a recent update to their security controls, it prevented data collection from a Mac endpoint without triggering a Transparency Consent and Control (TCC) prompt on the endpoint — which limits acquisition abilities for investigations requiring a more subtle approach. T...

Access is the cornerstone of digital forensics. Grayshift has developed GrayKey, a state-of-the-art forensic access tool, that extracts encrypted or inaccessible data from mobile devices. GrayKey accesses more data than any other extraction technology to help you solve more cases. iOS SUPPORT Apple iOS 9.xApple iOS 10.xApple iOS 11.xApple iOS 12.xApple iOS 13.xApple iOS 14.xApple iOS 15.xApple iOS 16.x DEVICE SUPPORT iPhone 4siPhone 5, 5c, 5siPhone 6, 6 PlusiPhone SE, SE 2020, SE 3rd GeniPhone 6...

Things need to move quickly in cybersecurity. When a potential compromise is uncovered, the more time it takes to determine the scope of the incident and the root cause, the greater the risk of data exfiltration and overall impact on the operation and reputation of the business. Magnet IGNITE is a SaaS solution that helps accelerate the initial assessment of cases with the concurrent collection and initial analysis of remote endpoints to quickly assess the scope of the investigation and identify...

Microsoft Security

Your current User-Agent string appears to be from an automated process, if this is incorrect, please click this link:United States English Microsoft Homepage

PhishLabs

The Use of Natural Language Processing for Identifying and Mitigating Threats Posted on August 15, 2023 Image As technology advances, the battle between cyber criminals and organizations intensifies. Cyber threats have become more sophisticated, complex, and widespread, posing a significant risk to the security and integrity of sensitive data. In Q1 2023 alone, the number of global cyber attacks increased by 7%, with an average of 1,248 attacks reported per week. In a separate report by The Inde...

Teri Radichel

How to clear an IP that was incorrectly blocked by Suricata or Snort in pfSenseTeri Radichel·FollowPublished inCloud Security·5 min read·5 days ago--ShareOne of my stories on pfSense and Network Security.I just turned on Suricata in PFSense right before I went out of town.Suricata on pfSenseDetecting the attacks (like bit torrent) that aren’t in your flow logsmedium.comI turned it on in alert mode in one interface and blocking mode in another.Before I left, both interfaces were working. Also bef...

Some Suricata or Snort rules won’t work with VPN and SSL encrypted trafficTeri Radichel·FollowPublished inCloud Security·5 min read·5 days ago--ShareOne of my stories on pfSense and Network Security.I was troubleshooting some issues with Suricata and ran across this Q & A post on the Netgate website. The person is talking about how Suricata rules don’t block people who are using a VPN when the traffic is applied to the WAN interface. However, when applied to other interfaces or when not using th...

Vendors not following specifications, misconfigured devices, false positives, and rule implementation issuesTeri Radichel·FollowPublished inCloud Security·17 min read·5 days ago--ShareOne of my stories on pfSense and Network Security.I mentioned I’ve turned on Suricata on pfSense and Suricata flagged some rules using the default ruleset.In order to take a closer look at the alerts, navigate to:Services < Suricata < AlertsHere you can see some of the traffic that is causing Suricata to send alert...

Show me the packets!Teri Radichel·FollowPublished inCloud Security·8 min read·4 days ago--ShareOne of my stories on pfSense and Network Security.I’ve been writing about Suricata on pfSense for a minute. In the last post I dug into why the stream rules don’t work for Suricata on pfSense.Why The Stream Rules Don’t Work in Suricata on pfSenseVendors not following specifications, misconfigured devices, false positives, and rule implementation issuesmedium.comIn this post, I want to look at the indiv...

Methodically troubleshooting things that could go wrongTeri Radichel·FollowPublished inCloud Security·7 min read·3 days ago--ShareOne of my posts on pfSense and Netgate and Network Security.I spent far too long on a simple dumb thing today so of course I’m going to write about it. It’s a good idea to test out and configure these options before you need them…I had some issues with newer devices but luckily had an older one hanging around.Here’s the thing. Sometimes you can’t log into pfSense at a...