Memory Forensics with Vshot and Remnux (rogue process identification,2)

We start this post where we left the first one, we are moving now into the analysis phase once we have parsed the memory dump with Volatility and the Vshot script included in Remnux. The current script version 4.01 is running 44 plugins against the memory dump. Let's have a quick look at the plugins … Continue reading Memory Forensics with Vshot and Remnux (rogue process identification,2)

Exploring incident response procedures with PagerDuty.

I originally retweeted this information in my account, I often do so with information I want to read but I can not read at the time I find it. When I first skimmed through, what caught my attention was the fact that the organization in this case PagerDuty, was disclosing their internal Incident Response processes. … Continue reading Exploring incident response procedures with PagerDuty.

Memory Forensics with Vshot and Remnux (1)

This is a series of posts in which I am going to quickly explain some basic theory around memory forensics and how to hunt your attacker once he has been identified inside your network. I am also going to alleviate the burden of extracting information from your endpoint memory dump with the Vshot script which … Continue reading Memory Forensics with Vshot and Remnux (1)

Paper: Wave your false flags! Deception tactics muddying attribution in targeted attacks

This is an 11 page white paper that goes through the current challenges faced by researchers to attribute cyber attacks. It goes through the current techniques such as, Timestamps Strings, debug and metadata Malware families, code reuse Threat infrastructure used It also┬ápresent some of the most advance APT's and their potential origin and techniques believed … Continue reading Paper: Wave your false flags! Deception tactics muddying attribution in targeted attacks

The right ingredients for Threat Hunting

Threat Hunting and training such as GCFA are proving to be beneficial to lower the internal detection and dwell time. Not long ago we were discussing the long time that was taking to do internal detection and average dwell time but this is currently changing. Rob Lee and the SANS Institute in their GCFA update … Continue reading The right ingredients for Threat Hunting

Book: Android Malware and Analysis by Ken Dunham.

I needed ┬áto get an intro to Android Malware Analysis and some of the tools you can use for Analysis. This books is very easy to read and provides a good foundation to start doing Android Malware Analysis. It covers current malware landscape until 2014 an existing techniques and tools in static and dynamic analysis. … Continue reading Book: Android Malware and Analysis by Ken Dunham.

Hunting down Threat Infrastructure (2, with PassiveTotal)

It's been a while since I wrote the first post on Threat infrastructure and I believe it will be beneficial for you to first go through it, if you have not done it yet. This will set the context to understand the issues we are trying to solve here. The first post explained how attackers … Continue reading Hunting down Threat Infrastructure (2, with PassiveTotal)