Check Point Research have a post about developing Cuckoo extensions to manage AWS instances and more, allowing for parallel task performance without wasting resources.
CERT Polska previews their incident 2018 report with categories like fraud (includes phishing and copyright issues) making up 50% of reported incidents, followed by malicious code at 23%, then abusive content (from harmful speech to spam) around 11%.Hexa at Brokesec looks at honeypot techniques to get new malware samples and what different honeypots exist including low vs medium interaction honeypots.A Demoscene PE file is shown as an example that has no apparent DOS Stub and fails to load in various PE test beds.The PE Compilation timestamp is Unix epoch time, but what timezone is it in? A simple test shows local time (Die, IDA, Efd, PE Studio) vs UTC time (Die, IDA, Efd, PE Studio) tools.Thinking back on the Ghidra release, Adam speculates on motivation behind NSA releasing Ghidra and GCHQ releasing CyberChef.The story of an underTAG that tried to wear a mitre… A discussion of tagging data with Mitre tags, tagging activity with your own classifications, and the need for context instead of simply tagging for identification.Adam at Hexacorn posted a few times this week.Windows ID 4648 “A logon was attempted using explicit credentials” Hideaki also looks at event log ID 4648.He continues looking into ADTimeline, checking the effects of ACL changes.Hideaki Ihara at port139 posted a couple of times this week.Neal Krawetz at ‘The Hacker Factor Blog’ describes the process of texting pictures and its effects on the files content and metadata. This week’s Sunday Funday relates to gathering the “available forensic data sources provided by Amazon AWS for EC2”.The winner of last week’s Sunday Funday was Tun Naung, who with a little convincing has started a blog where he posted his answer,ĭaily Blog #642: Solution Saturday 3/9/19.Dave Cowen at the ‘Hacking Exposed Computer Forensics Blog’ wrote a couple of posts this week.As always, Thanks to those who give a little back for their support ! FORENSIC ANALYSIS
0 kommentar(er)
