解析メモ

マルウェア解析してみたり解析に役に立ちそうと思ったことをメモする場所。このサイトはGoogle Analyticsを利用しています。

4n6 Week 32 – 2023 - MISCELLANEOUS

本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。

MISCELLANEOUS

Jon Williams at Bishop Fox

By: Jon Williams, Senior Security Engineer Share Introduction The previous article in our Fortinet series, CVE-2023-27997 is exploitable, and 69% of FortiGate firewalls are vulnerable, described how to use intelligent Shodan queries to identify FortiGate SSL VPN endpoints exposed on the internet. By comparing the dates in their Last-Modified response headers to patch release dates, we were able to estimate how many devices were vulnerable to a recently discovered heap overflow exploit allowing r...

Christopher Elce

Operating a SOC Analyst Home LabChristopher Elce·Follow10 min read·Jul 29--ListenShare… “Find Evil — Know Normal.” (SANS DFIR slogan)The cybersecurity industry is vast and entails many specialized topics. No one person can learn or know everything and the breadth of concepts to learn can seem overwhelming. Admittedly, I spent a considerable amount of time looking at the different types of cybersecurity career paths out there. On that note, one of the best decisions I’ve made regarding cybersecur...

Forensic Focus

Christa Miller at Forensic Horizons – Medium

Christa Miller·FollowPublished inForensic Horizons·8 min read·Aug 3--ListenShareWhere tech and the law meet over the horizon lie dragons: the unknown of what it all means to society. Follow us as we navigate!Photo by James Haworth on UnsplashLast month forensic horizons continued our series on credibility in digital forensics with this article: “Can Certainty in Digital Forensics Be Automated?”The ability to assign a numeric value to uncertainty is complicated, in digital forensics, by a variety...

Kevin Pagano at Stark 4N6

Posted by Kevin Pagano August 01, 2023 Get link Facebook Twitter Pinterest Email Other Apps Shortlink: startme.stark4n6.comIf people have suggestions for additions please feel free to shoot me a message on Twitter (@KevinPagano3) or Mastodon.Blog FeedBen Kixmiller's DFIR WebsiteForensic IT Guy - Tony Lambertmohaim1n - Mohaiminul ChowdhuryForensic ToolsArtifactParsers - A repo that aims to centralize a current, running list of relevant parsers/tools for known DFIR artifactsFennec - Artifact colle...

Magnet Forensics

We’ve integrated Magnet AUTOMATE Enterprise with CrowdStrike Falcon Real Time Response to help instantly perform forensic collection and process endpoints at enterprise scale. Learn more about the benefits of DFIR automation and how our open, vendor-agnostic approach enables you to integrate your entire tech stack into streamlined, efficient workflows. Lost Insights: The Challenge With Disconnected Tools The delay between an alert in the SOC and manual forensic collection could have severe conse...

Malwarebytes Labs

Posted: August 3, 2023 by Bill Cozens Malwarebytes Ransomware Rollback rescues your data from encryption by effectively “turning back the clock” of a ransomware attack. But how does it work, exactly? As the old cybersecurity saying goes: “It’s not if, but when.” Everyone and their grandma have repeated this foreboding maxim about the nature of ransomware attacks, but sadly, that doesn't make it any less true. Time and again we’re reminded that ransomware can slip past even the best defenses. Pre...

MantaRay Forensics

We're sorry -- the Sourceforge site is currently in Disaster Recovery mode. Please check back later.

N00b_H@ck3r

What You Need to Know If You Are Thinking of Taking the SANS SEC504: Hacker Tools, Technique, and Incident Handling and the GIAC Certified Incident Handler Certification Exam Posted bylightkunyagami August 4, 2023August 8, 2023 2 Comments on What You Need to Know If You Are Thinking of Taking the SANS SEC504: Hacker Tools, Technique, and Incident Handling and the GIAC Certified Incident Handler Certification Exam Who is the SEC504 course for? The content of the course can be considered for begin...

SANS

LDR553: Cyber Incident Management – Now 5 Days! Steve Armstrong-Godwin LDR553: Cyber Incident Management – Now 5 Days! What’s new and why it matters July 31, 2023 Just over a year ago I was launched the BETA of the MGT553 2-day Cyber Incident Management Course with the SANS Institute. The MGT553 course was originally developed in response to a Law Enforcement request to help them train their staff to better support major incidents that are regularly hitting large and small organisations.I ...

Jeroen Vandeleur How Purple Team Can Use Continuous Adversary Emulation This blog post series offers a primer on continuous adversary emulation. August 2, 2023 Adversary emulation introductionWith this blog post series, I am excited to share my personal experiences and insights related to the intriguing concept of adversary emulation. Additionally, I will delve into practical applications of adversary emulation within your organization. Join me as we explore the fascinating realm of cyber securi...

Alison Kim A Visual Summary of SANS DFIR Summit 2023 Check out these graphic recordings created in real-time throughout the event for SANS DFIR Summit 2023 August 3, 2023 On August 3-4, attendees joined us in-person in Austin or tuned in Live Online for the SANS DFIR Summit 2023!We invited Ashton Rodenhiser of Mind's Eye Creative to create graphic recordings of our Summit presentations. If you missed a talk or are looking to view the Summit through a visual lens, take a look at the recordings be...