本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MISCELLANEOUS
Fabian Mendoza at AboutDFIR
AboutDFIR Site Content Update – 03/29/2024 By Fabian MendozaOn March 29, 2024March 24, 2024 Challenges & CTFs – new entries added – CTF – Magnet Virtual Summit 2024 Capture The Flag, CTF Walkthrough – Magnet Virtual Summit 2024 Capture The Flag – Cipher, iOS (Doug Metz), Magnet Virtual Summit 2024 Capture The Flag – Android, Cipher (DFIR101), Magnet Virtual Summit 2024 Capture The Flag – Android, Cipher, iOS (Forensafe, Kairos (Hestia) Tay, Kevin Pagano, Madi Brumbelow at The Hive) Jobs – old en...
Brett Shavers
Craig Ball at ‘Ball in your Court’
What’s All the Fuss About Linked Attachments? 29 Friday Mar 2024 Posted by craigball in Computer Forensics, E-Discovery, Uncategorized ≈ 5 Comments TagsESI Protocols, hyperlinked files, Linked attachments, Purview In the E-Discovery Bubble, we’re embroiled in a debate over “Linked Attachments.” Or should we say “Cloud Attachments,” or “Modern Attachments” or “Hyperlinked Files?” The name game aside, a linked or Cloud attachment is a file that, instead of being tucked into an email, gets uploaded...
Security Onion
We've been offering our Security Onion documentation in book form on Amazon for a few years and it's now been updated for the recently released Security Onion 2.4.60!Thanks to Richard Bejtlich for writing the inspiring foreword!Proceeds go to the Rural Technology Fund!This edition has been updated for Security Onion 2.4.60 and includes a 20% discount code for our on-demand training and certification!This book covers the following Security Onion topics:First Time UsersGetting StartedSecurity Onio...
F-Response
Sometimes you can't deploy... Sometimes you can't deploy... Mar 25, 2024 When it works, F-Response's built in deployment mechanisms are nothing short of magical. You put in some credentials, and we take care of the rest. We connect to the remote machine, negotiate the right protocol, and get the software where it needs to be. But when it doesn't work... Well, there's nothing more frustrating. Photo by Taylor Vick on Unsplash Typically deployment problems fall into a couple of buckets: Firewalls....
Forensic Focus
Google Workspace
Wednesday, March 27, 2024 What’s changingGoogle Workspace audit logs enable admins to have visibility into activity on their data, such as file shares and downloads, when it occurred, and who within the organization performed the action. The Google Drive audit events include activity on content your users create in Google Docs, Sheets, Slides, as well as the files that your users upload to Drive, such as PDFs and Microsoft Word files. Today, we’re excited to announce that for admins who analyze ...
Justin De Luna at ‘The DFIR Spot’
Gootloader, SolarMarker, AsyncRAT, Oh my! What is one common thing these trojans and RATs have in common? Well, they all have a similar form of delivery! Often, users will come across these trojans, infostealers, and RATs through Search Engine Optimization (SEO) poisoning, drive-by downloads, and phishing, just to name a few. With this said, what does the delivery of these trojans look like? Typically, once the user comes across the malicious file in one of the above techniques above, they will ...
Magnet Forensics
It’s here! The Magnet Forensics 2024 State of Enterprise DFIR report is now available. Based on a survey of almost 400 DFIR professionals, we’ve analyzed the data and captured the key challenges and trends DFIR professionals in corporate and service provider environments faced over the past year. Download our fourth annual report to learn how your peers see their digital investigations evolving and our expert’s recommendation on tackling the biggest challenges and trends of 2024. One key finding...
Thank you to everyone who joined us for another amazing Magnet Virtual Summit! The virtual DFIR event of the year was back again with record-breaking attendance, bringing experts from Magnet Forensics and the broader field from around the world to the community. They shared some fascinating insights for DFIR professionals—from the granular day-to-day to the broader industry shifts—and there was definitely a lot of stimulating conversation generated throughout. Recordings of nearly all the sessio...
MISP
- go to homepage Toggle Navigation Home Features Data Models Data Models MISP core format MISP taxonomies MISP Galaxy MISP Objects Default feeds Documentation Documentation Documentation OpenAPI Tools Support Contributing Research projects Research topics Legal License Legal and policy GDPR ISO/IEC 27010:2015 NISD Communities Download Events Upcoming events Past events Webinars Hackathon MISP Summit News Contact Reaching us Contact Us Press inquiries Professional Services Commercial Support Secu...
- go to homepage Toggle Navigation Home Features Data Models Data Models MISP core format MISP taxonomies MISP Galaxy MISP Objects Default feeds Documentation Documentation Documentation OpenAPI Tools Support Contributing Research projects Research topics Legal License Legal and policy GDPR ISO/IEC 27010:2015 NISD Communities Download Events Upcoming events Past events Webinars Hackathon MISP Summit News Contact Reaching us Contact Us Press inquiries Professional Services Commercial Support Secu...
Morten Knudsen
Sandfly Security
Sandfly Security Receives Seed Funding from Gula Tech Adventures & Sorenson CapitalPress ReleaseDateMarch 24, 2024AuthorThe Sandfly Security TeamSandfly Security, the agentless Linux Security Company, celebrates securing seed funding from Gula Tech Adventures and Sorenson Capital to meet growing market demand for its comprehensive Linux security solution. Industries that power the world's infrastructure, including telecommunication services, manufacturing, and networking companies, rely on Sandf...
Mike Elgan at Security Intelligence
A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else? In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage. NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton k...
Sally Adam at Sophos
Insights into the financial and operational implications of having backups compromised in a ransomware attack. Written by Sally Adam March 26, 2024 Products & Services backups featured Ransomware research Click above to download the full report There are two main ways to recover encrypted data in a ransomware attack: restoring from backups and paying the ransom. Compromising an organization’s backups enables adversaries to restrict their victim’s ability to recover encrypted data and dial-up the...
