Memory Forensics with Vshot and Remnux (1)

This is a series of posts in which I am going to quickly explain some basic theory around memory forensics and how to hunt your attacker once he has been identified inside your network. I am also going to alleviate the burden of extracting information from your endpoint memory dump with the Vshot script which … Continue reading Memory Forensics with Vshot and Remnux (1)

Book: Android Malware and Analysis by Ken Dunham.

I needed  to get an intro to Android Malware Analysis and some of the tools you can use for Analysis. This books is very easy to read and provides a good foundation to start doing Android Malware Analysis. It covers current malware landscape until 2014 an existing techniques and tools in static and dynamic analysis. … Continue reading Book: Android Malware and Analysis by Ken Dunham.

Hunting down Threat Infrastructure (2, with PassiveTotal)

It's been a while since I wrote the first post on Threat infrastructure and I believe it will be beneficial for you to first go through it, if you have not done it yet. This will set the context to understand the issues we are trying to solve here. The first post explained how attackers … Continue reading Hunting down Threat Infrastructure (2, with PassiveTotal)

The top 10 windows logs event’s used to catch hackers

Very interesting presentation by Michael Gough from SecureWorks. It goes through some malware attack examples and the importance of the windows event id's for their detection. Another must read. http://www.slideshare.net/Hackerhurricane/the-top-10-windows-logs-event-ids-used-v10

Windows Commands abused by attackers (Japan CERT)

One more interesting article about the most abused commands in windows. It is a must read if you are interesting in endpoint hunting. http://blog.jpcert.or.jp/.s/2016/01/windows-commands-abused-by-attackers.html

Hunting down Threat Infrastructure (1)

In this two article series, I am going to explain how to spot anomalous activity in proxies and DNS queries coming out of your network. Additionally, I am also explaining how to recognize suspicious threat infrastructure, what elements you need to pay attention to, how this infrastructure behaves, what are the challenges for the defender and … Continue reading Hunting down Threat Infrastructure (1)

The ultimate targeted attack: Malvertisements

I am very surprised to see the title of this video, it should have included malvertising in it however if someone would have asked me about malvertising I would have undoubtedly answered 'Elias Manousos'. Him and RiskIQ are today the pioneers in the field of external threat surface. The number of views demonstrate how low … Continue reading The ultimate targeted attack: Malvertisements