How the ESC14 technique is used to take over computer accounts.

#ThreatHunting #DFIR

I published a step by step guide on using Windows event logs to hunt for malware trying to steal sensitive data from browsers e.g. cookies, passwords etc. security.googleblog.com/2024/04/detect… #DFIR Hope it's useful!

Learn about sparse files and how to use them.

youtu.be/MHuhPUwd9gM

#DFIR #commandline #sparsefiles

As a DFIR Engineer, you should notice something suspicious going on here!!
But how many techniques do you know that an attacker can use to hide this easy detection from you?!
#C5W #DFIR #Malware #ThreatHunting #Cybersecurity

How lateral movement with ⏲️ WMI event subscriptions works.

#ThreatHunting #DFIR

Using Linux to access and analyze NTFS Alternate Data Streams

#DFIR #Linux #NTFS

youtu.be/A7MBLlUFDgk

We've added argument decoders for CertServerRequest to the Extended Telemetry fork of RPC Firewall. This can reveal AD CS abuse in real time with:

• source user/IP
• the requested certificate template
• subject alt names

github.com/ACE-Responder/…

#ThreatHunting #DFIR

SOC Döngüsü (SOC Loop)

#cybersecurity #tips #git #web #soc #dfir #blueteam #bug bounty #bug #reward

Updated for 2024! #Leafs #Choke #NHL

On a DFIR Investigative Mindset:

* If you want academic studies, buy a textbook.
* If you want theories, take a college class.
* If you want random info, watch YouTube.

But if you want practical and actionable knowledge, engage with this book.
amzn.to/3UCvRct #DFIR

I really enjoy blogs like this, breaking down IR reports and layering in places to add deception or defense.

Also Casey come back to twitter 😂

blog.thinkst.com/2024/05/what-c…

My Hexordia Weekly CTF week 3 write-ups are available at 🔎 tkh4ck.github.io/ctf/2024/hexor…
Waiting for the last week 🤓
#HexCTF #DFIR #CTF #HexWeeklyCTF

I had the opportunity to co-author this blog. This case started from IcedID to Cobalt Strike to deploying Dagon Locker RW. This case had a TTR (time to ransomware) of 29 days. It's a long report with lots of graphics. Hope you like it The DFIR Report #DFIR
thedfirreport.com/2024/04/29/fro…

MasterParser - Powerful DFIR Tool Designed For Analyzing And Parsing Linux Logs kitploit.com/2024/05/master…

Diving into Hidden Scheduled Tasks #DFIR
binarydefense.com/resources/blog…

Elok cari dulu hala tuju anon. Nak pergi ke arah infra ke, DFIR ke, GRC ke dsb. Dari situ mudah untuk anon buat strategi & persiapan untuk langkah seterusnya. Kalau sec engineer, langkah seterusnya yang logik adalah ke arah infra & architecture.

Second update in as many weeks - but this is a fairly big one.
Facelift UI / Tabbed interface / Working, Synchronized Search / Protobug Origina Byte View / ABX Support :)
#dfir

🆕 New Free Lab: BlueSky Ransomware
📘 Network Forensics
🔍 As an analyst handling a major ransomware attack at a high-profile corporation, determine the attacker's TTPs to aid in containment and recovery.

🔗 cyberdefenders.org/blueteam-ctf-c…

#DFIR #SOC #infosec #cybersecurity

About NTFS Journaling, did you know that every operation that happens on any file at the NTFS file system 'and others also' is tracked and stored on a file that can be used as an evidence of file manipulation during forensics analysis of the machine.
#C5W #CCDFA #DFIR #Infosec

Digital Forensics Masterclass : Forensic Science 2024 DFMC+

Learn digital forensics and be computer forensics investigator / Certificate after completing course / DFMC+ / DFIR 2024

Coupon code is LAST_APRIL_SALE

udemy.com/course/digital…