解析メモ

マルウェア解析してみたり解析に役に立ちそうと思ったことをメモする場所。このサイトはGoogle Analyticsを利用しています。

4n6 Week 03 – 2024 - MISCELLANEOUS

本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。

MISCELLANEOUS

Jessica Hyde at Hexordia for Magnet Forensics

Hi! This is Jessica Hyde and I am so excited to announce our plans for the Magnet Virtual Summit Capture the Flag (CTF) powered by Hexordia. What is the Magnet Virtual Summit CTF? It is a gamified learning opportunity to test your skills with digital forensics challenges. Forensic Images of multiple pieces of evidence are made available to participants along with a variety of challenge questions based on the data set. Participants can use any tools they like to answer a variety of questions whic...

Adam at Hexacorn

Posted on 2024-01-21 by adam In my post from 2018 I listed a number of strategies one can use to ‘find interesting stuff’ – that post was heavily focused on Windows’ persistence mechanisms… Today Dominik posted this twit: eliminate your self defeatist attitudes to which I replied: this is the exact reason why I recently looked at a number of known lolbins only to discover a lot more in my ‘little known’ series, culminating with the regsvr32.exe bomb Security research discipline is a funny thing....

Peter Sosic at Amped

Peter Sosic January 16, 2024 Reading time: 5 min The 2024 training schedule is now out! Amped Software provides a variety of training classes tailored to different skill levels. Whether you’re a beginner, intermediate, or advanced user, our courses are designed to help you improve your investigative skills and deepen your knowledge in handling image and video evidence within our software tools. Contents 1 Training Sessions 2 What are the benefits of attending our courses? 3 Who’s the training ai...

Eric Capuano

Report this article Eric Capuano Eric Capuano InfoSec Founder, Practitioner, Advisor & SANS DFIR Instructor Published Jan 17, 2024 + Follow Whether you're looking to start an incident response practice, or already have one, this article will offer insights. Full disclaimer–this article is about LimaCharlie, which is my day job, but stick with it and you'll see why it's worth talking about.In the past, most IR firms were built around an expensive EDR product. While this approach made sense back t...

Fabian Mendoza at AboutDFIR

AboutDFIR Site Content Update – 01/19/2024 By Fabian MendozaOn January 19, 2024January 15, 2024 Jobs – old entries cleaned up, new entries added – Arete, CyberClan, Kivu Consulting, modePUSH, Paramount Tools & Artifacts – DVR/Multimedia – new entry added – Video Analysis – Video Forensic Analysis of Samsung DVRs – Insights from 2024 Tools & Artifacts – iOS – new entries added – iOS Acquisition – When Extraction Meets Analysis: Cellebrite Physical Analyzer, iOS Calls – Investigating iOS Calls Too...

Forensic Focus

Alex Petrov at Hex Rays

Posted on: 16 Jan 2024 By: Alex Petrov Categories: IDAPython Tags: plugin repository Plugins Survey One reason for our success is the strong community that has emerged around our products. We are always excited and surprised to see what plugins and tools you’ve been building on top of IDA all those years. This year, we want to engage with all of you better. It starts with asking you a few questions we’ve compiled in this short survey. Do not hesitate to take part. Whether you are a seasoned plug...

Neil Lines at Lares Labs

SuperSharpShares is a tool designed to automate enumerating domain shares, allowing for quick verification of accessible shares by your associated domain account. Neil Lines Jan 15, 2024 • 6 min read Back StorySuperSharpShares came about somewhat unexpectedly - it was never intended for release and wasn't initially developed with that goal in mind. Originally, it served as a solution within a more intricate tool we created that remains unreleased (for now, never say never). However, during a cha...

Lee Sult at Sleuth Kit Labs

Magnet Forensics

We’re excited to share that we have acquired the strategic IP assets of High Peaks Cyber, a business dedicated to developing and delivering full-spectrum cyber capabilities across the government and commercial sectors. With this transaction, the High Peaks Cyber team will join the Magnet Forensics team and further bolster the Magnet GRAYKEY Labs research team. “One of the most important aspects of our technology is our ability to provide timely lawful access to as many mobile devices as possible...

From everyone on the Magnet Forensics Training team: Happy New Year! Our 2024 training schedule is now live, so this is a great time to start planning (and budgeting) for the development of your digital forensics skills in 2024. Here are some highlights of what’s new in Magnet Forensics training, including some great new courses in mobile and video forensics, Magnet GRAYKEY certification, and more! New Free Course: Making a Case (Portable Case) This course is specifically designed to introduce s...

Angelika Rohrer and Jon Brown at Open Source DFIR

How do you know you are "Ready to Respond"? Get link Facebook Twitter Pinterest Email Other Apps By Angelika Rohrer January 19, 2024 How do you know you are "Ready to Respond"?The Continuous Improvement Framework - A framework designed to help improve a team’s response readiness through data driven actions Authors: Angelika Rohrer, Jon BrownContributors: Joachim MetzJanuary 2024___About this paperWhat is the CI Framework?IntroductionWhat does “Ready to Respond” mean?Measuring Response ReadinessC...

Salvation DATA

Knowledge 2024-01-15 Content Introduction Evolution of Cyber Threats Case Studies Mobile Forensics Tools Conclusion Content Introduction Evolution of Cyber Threats Case Studies Mobile Forensics Tools Conclusion Introduction With the ever-evolving cyber age, digital detectives have become a significant force fighting off cyber attacks daily. Since technology is advancing and always will, the schemas of malicious actors change accordingly, demanding more sophisticated knowledge about digital foren...

Knowledge 2024-01-19 Content Overview Features of Recuva and Glarysoft Comparison between Recuva and Glarysoft Disadvantages of Recuva and Glarysoft VIP 2.0 – Alternative for Glarysoft & Recuva Conclusion Content Overview Features of Recuva and Glarysoft Comparison between Recuva and Glarysoft Disadvantages of Recuva and Glarysoft VIP 2.0 – Alternative for Glarysoft & Recuva Conclusion Overview In the modern age of technology, videos have become a priceless medium for capturing special moments, ...

SANS

Ransomware Cases Increased by 73% in 2023 showing our actions have not been enough to thwart the threat Ryan Chapman Ransomware Cases Increased by 73% in 2023 showing our actions have not been enough to thwart the threat As we move further into 2024, we must be cautious (maybe even fearful!) of ransomware cases increasing even more than in previous years. January 15, 2024 No single entity will ever know just how many ransomware incidents occur within a given year. Given the fact that many ransom...

FOR528: Ransomware & Cyber Extortion Course Updates Implemented – What’s New? Ryan Chapman FOR528: Ransomware & Cyber Extortion Course Updates Implemented – What’s New? The recent FOR528 course better addresses the differences between ransomware and cyber extortion, and provides new hands-on labs and bonus content. January 16, 2024 When first released in December of 2022, the SANS FOR528 course focused most intently on ransomware. The course has since been updated in December of 2023 wit...

Dean Parsons Industrial Control Systems Cyber Threats & The Gulf Region: ICS Blog Series: 1 of 3 January 16, 2024 Modern Attacks Against Critical InfrastructureThe evolution of targeted attacks against critical infrastructure in recent times sends a clear message to asset owners and operators. In industrial control systems - water management, oil and gas refineries and distribution operations, and power grids, etc. - that is, modern adversaries have illustrated brazen steps to defeat traditional...

Sergey Lozhkin, Anna Pavlovskaya, Kaspersky Security Services at Securelist

Kaspersky Security Bulletin 17 Jan 2024 minute read Table of Contents An overview of last year’s predictionsIncrease in personal data leaks; corporate email at riskMalware-as-a-service: a greater number of cookie-cutter attacks, more complex toolsMedia blackmail: businesses to learn they were hacked from hackers’ public posts with a countdown to releaseEnjoying the fun part: cybercriminals to post fake hack reports more oftenCloud technology and compromised data sourced on the dark web to become...

Pierre Coyne at Tenable

Pierre Coyne | Products January 19, 2024 | 6 Min Read Tenable Cloud Security enriches cloud activity log data to give you the context you need to quickly respond to and remediate cloud risks.In 2023, it took organizations an average of 204 days to identify a breach, according to the IBM Cost of a Data Breach Report 2023. Perhaps of equal concern: 82% of breaches involved data stored in the cloud. The average total cost of a data breach increased 2.8% in 2023 to $4.45 million.With so many tools a...