解析メモ

マルウェア解析してみたり解析に役に立ちそうと思ったことをメモする場所。このサイトはGoogle Analyticsを利用しています。

4n6 Week 30 – 2024 - FORENSIC ANALYSIS

本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。

FORENSIC ANALYSIS

Chris Ray at Cyber Triage

0xdf hacks stuff

sherlock-tracer forensics ctf hackthebox dfir psexec prefetch ntfs-journal pecmd evtxecmd mftecmd event-logs win-event-7045 named-pipe win-event-17 win-event-11 Jul 23, 2024 HTB Sherlock: Tracer Tracer is all about a forensics investigation where the attacker used PSExec to move onto a machine. I’ll show how PSExec creates a service on the machine, creates named pipes to communicate over, and eventually drops a .key file. I’ll identify the machine that sourced the attack as well. Challenge Info ...

forensics sherlock-campfire-2 ctf hackthebox dfir eventlogs evtx-dump win-event-4769 win-event-4768 win-event-5140 as-rep-roasting jq Jul 26, 2024 HTB Sherlock: Campfire-2 The second in the Campfire Sherlock series about active directory attacks is about AS-REP-Roasting, an attack against users configured to not require preauthentication when interaction with Kerberos. I’ll examine the event logs to show which user account was compromised in the attack, as well as the workstation that was compro...

Baris Dincer

Belkasoft

In mobile forensics, application artifacts are often the most significant. They contain valuable and relatively easy-to-interpret information. However, if these artifacts do not provide the expected evidence, deeper research may be necessary. This is where system files, which contain information about the device and application usage, can be instrumental in finding the clues. In this article, we will overview several forensically interesting Android system artifacts associated with application u...

Digital Forensics Myanmar

Digital Forensics Myanmar Digital Forensics Science နှင့် OSINT အကြောင်းအား Knowledge Sharing ပြုလုပ်ခြင်းဖြစ်ပါသည်။ Digital Forensics with Myanmar Language PDF (View Or Download) Get link Facebook Twitter Pinterest Email Other Apps July 22, 2024 Digital Forensics with Myanmar Language @ Archive Get link Facebook Twitter Pinterest Email Other Apps Comments Post a Comment Popular posts from this blog B-Trees (NTFS) August 24, 2022 B-Trees An NTFS index sort attributes into a tree, specifically a ...

eCDFP (Module-6) (Window Forensics) (Part - 4 ) Get link Facebook Twitter Pinterest Email Other Apps July 22, 2024 Volume Shadow Copy Service (VSS) ကိုတော့ တော်တော်များများက System Restore Point အနေနဲ့အသိများပါတယ်။ VSS ကို အသုံးပြုတဲ့ User အပေါ်မူတည်ပြီး Volume တွေတင်မကဲ Directory တွေအထိအသုံးပြုနိုင်ပါတယ်။ VSS ကို Manual (သို့မဟုတ်) Schedule Task အနေနဲ့ ပြုလုပ်နိုင်ပြီး VSS Storage Size ကို User ကနေ Manual သတ်မှတ်နိုင်ပါတယ်။ VSS On/OFF ကိုလဲ User ကနေ Manual သတ်မှတ်နိုင်ပါတယ်။ System Restore ပြုလ...

Forensafe

26/07/2024 Friday Skype is a widely used software, enables seamless communication among individuals and businesses. With features including free video and voice calls, instant messaging, and file sharing, Skype enhances interaction. It's accessible on laptops, mobiles, tablets, and supports Microsoft Windows, macOS, Linux, Android, iOS, and Windows Phone. Digital Forensics Value of iOS Skype Artifacts iOS Skype emerged as a digital goldmine for forensic experts, containing many artifacts that sh...

Jouni Mikkola at “Threat hunting with hints of incident response”

July 27, 2024July 27, 2024JouniMi Post navigation The DFIR.. what? For the last couple of years I have tinkered around a docker-compose configuration for launching DFIR investigation system. The original one was created with four components: ELK – ingesting all the data with all the visualisations PLASO – parse all the Windows evidence Chainsaw – parse evtx logs Hayabusa – parse evtx logs This was a good start and I used it especially with different CTF’s and such. However it did get a bit heavy...

Lionel Notari

iOS Unified Logs - Device OrientationDisclaimer: The information and analyses presented in this article are the result of personal research and testing. They are provided for informational and educational purposes only. Any commercial use of the contents of this article without prior written permission from the author is strictly prohibited. Users are not authorized to copy, reproduce, transmit, or distribute the contents of this article without permission. The author disclaims any responsibilit...

Magnet Forensics

Geolocation data has become an indispensable tool in criminal investigations, offering unparalleled insights into the movements and whereabouts of mobile devices. This technological advancement provides law enforcement with the ability to reconstruct crime scenes, establish timelines, and verify alibis with a level of precision that was previously unattainable. The forensic examination of mobile digital devices can yield a wide variety of GPS-source information. With this information, investigat...

Husam Shbib at Memory Forensic

Husam ShbibJul 21, 2024Jul 25, 2024 Credit This lab is made by TryHackMe team. Lab Scenario “Our user “Hattori” has reported strange behavior on his computer and realized that some PDF files have been encrypted, including a critical document to the company named important_document.pdf. He decided to report it; since it was suspected that some credentials might have been stolen, the DFIR team has been involved and has captured some evidence. Join the team to investigate and learn how to get infor...

Husam ShbibJul 22, 2024Jul 25, 2024 Credit This lab is made by CyberDefenders team. Lab Scenario “As a cybersecurity analyst for a leading financial institution, an alert from your SIEM solution has flagged unusual activity on an internal workstation. Given the sensitive financial data at risk, immediate action is required to prevent potential breaches. Your task is to delve into the provided memory dump from the compromised system. You need to identify basic Indicators of Compromise (IOCs) and ...