forensics
NetWitness ? A Brief History of an Iconic Threat Detection & Response Platform
The history of NetWitness reflects the continuous evolution of threats and bad actors. Begun as a government intelligence research project, NetWitness has earned a reputation as the most powerful detection and forensics ...
More SolarWinds News
Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was ...
Analyzing an Instance of Meterpreter’s Shellcode
In my previous post on detecting and investigating Meterpreter's Migrate functionality, I went down a rabbit hole on the initial PowerShell attack spawned by and Excel macro. In that payload was a ...
How to Forensically Examine Phishing Emails
Learn about the warning signs that can help you identify phishing and how to confirm your suspicions with a forensic examination of the email header In the fight to safeguard data, one ...
Shmoocon 2020 – Alissa Gilbert’s ‘Anti-Forensics For Fun And Privacy’
Thanks to the 0xdade for publishing these outstanding Shmoocon 2020 Convention videos via the 0xdade YouTube channel and the 0xdade Shmoocon 2020 Playlist for everyone to view, learn and, of course, enjoy ...
Discovered Artifacts in Decrypted HTTPS
We released a PCAP file earlier this year, which was recorded as part of a live TLS decryption demo at the CS3Sthlm conference. The demo setup used PolarProxy running on a Raspberry ...
Sharing a PCAP with Decrypted HTTPS
Modern malware and botnet C2 protocols use TLS encryption in order to blend in with 'normal' web traffic, sometimes even using legitimate services like Twitter or Instagram. I did a live demo ...
Dark Web Site Taken Down without Breaking Encryption
The US Department of Justice unraveled a dark web child-porn website, leading to the arrest of 337 people in at least 18 countries. This was all accomplished not through any backdoors in ...
SANS DFIR, Jason Jordaan’s ‘Understanding The Forensic Science In Digital Forensics’
Thanks to SANS for publishing the SANS DFIR superlative DFIR videos on their SANS DFIR YouTube Channel Permalink ...
Webinar: Wireshark for Hackers
Register Now for a Packet Level Foundation in Incident Response! Join Laura Chappell as she demonstrates Wireshark’s use as a network forensics tool. Laura will walk you through some tricks used to ...