Hot Topics

forensics

NetWitness ? A Brief History of an Iconic Threat Detection & Response Platform

| | Detection, Evolved SIEM, forensics, iot, NetWitness, SOAR, Threat Detection and Response, UEBA, XDR
The history of NetWitness reflects the continuous evolution of threats and bad actors. Begun as a government intelligence research project, NetWitness has earned a reputation as the most powerful detection and forensics ...
RSA Blog

More SolarWinds News

| | attribution, forensics, Hacking, Malware, Russia, tamper detection, Uncategorized
Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was ...
Schneier on Security

Analyzing an Instance of Meterpreter’s Shellcode

| | analysis, DFIR, Digital Forensics, digital investigations, forensics, Incident Response, IR, Malware, Triage
In my previous post on detecting and investigating Meterpreter's Migrate functionality, I went down a rabbit hole on the initial PowerShell attack spawned by and Excel macro. In that payload was a ...
trustedsignal -- blog
AI cybersecurity

How to Forensically Examine Phishing Emails

| | email header, email scams, Emails, forensics, Phishing, social engineering
Learn about the warning signs that can help you identify phishing and how to confirm your suspicions with a forensic examination of the email header In the fight to safeguard data, one ...
Security Boulevard

Shmoocon 2020 – Alissa Gilbert’s ‘Anti-Forensics For Fun And Privacy’

| | 0xdade, Anti-Forensics, Conferences, education, forensics, Information Security, Shmoocon 2020
Thanks to the 0xdade for publishing these outstanding Shmoocon 2020 Convention videos via the 0xdade YouTube channel and the 0xdade Shmoocon 2020 Playlist for everyone to view, learn and, of course, enjoy ...
Infosecurity.US
Laptop, Raspberry Pi, PolarProxy, Internet ASCII

Discovered Artifacts in Decrypted HTTPS

| | adnxs.com, CS3, CS3Sthlm, decrypt, forensics, HTTP/2, http2, incoming.telemetry.mozilla.org, majestic, Majestik møøse, NetworkMiner, pcap, PolarProxy, reddit, telemetry, TLS, TLSI, Wireshark, x-moose, X-Proxy-Origin
We released a PCAP file earlier this year, which was recorded as part of a live TLS decryption demo at the CS3Sthlm conference. The demo setup used PolarProxy running on a Raspberry ...
NETRESEC Network Security Blog
Erik presenting PolarProxy at CS3Sthlm, photo credit: CS3Sthlm

Sharing a PCAP with Decrypted HTTPS

| | CS3, CS3Sthlm, decrypt, DoH, forensics, google, HTTP/2, http2, HTTPS, NetworkMiner, Pastebin, pcap, PolarProxy, TLS, TLS Inspection, TLS Interception, TLSI, Twitter, video, Wireshark
Modern malware and botnet C2 protocols use TLS encryption in order to blend in with 'normal' web traffic, sometimes even using legitimate services like Twitter or Instagram. I did a live demo ...
NETRESEC Network Security Blog

Dark Web Site Taken Down without Breaking Encryption

| | Bitcoin, childpornography, cryptocurrency, cryptography, Darkweb, forensics
The US Department of Justice unraveled a dark web child-porn website, leading to the arrest of 337 people in at least 18 countries. This was all accomplished not through any backdoors in ...
Schneier on Security

SANS DFIR, Jason Jordaan’s ‘Understanding The Forensic Science In Digital Forensics’

| | Digital Forensics, Forensication, forensics, Forensics Education, Information Security, SANS, SANS DFIR
Thanks to SANS for publishing the SANS DFIR superlative DFIR videos on their SANS DFIR YouTube Channel Permalink ...
Infosecurity.US

Webinar: Wireshark for Hackers

| | 2019, Chappell, EH-Net Live!, forensics, highlight, Incident Response, Wireshark
Register Now for a Packet Level Foundation in Incident Response! Join Laura Chappell as she demonstrates Wireshark’s use as a network forensics tool. Laura will walk you through some tricks used to ...
The Ethical Hacker Network
Load more