π [ hackinarticles, Hacking Articles ]
Memory Hunting
Credit https://t.co/OHtDiELsy5
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #bugbountytips #forensics #dfir
π https://github.com/christophetd/mindmaps/blob/master/pdf/memory-hunting.pdf
π₯ [ tweet ]
Memory Hunting
Credit https://t.co/OHtDiELsy5
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #bugbountytips #forensics #dfir
π https://github.com/christophetd/mindmaps/blob/master/pdf/memory-hunting.pdf
π₯ [ tweet ]
π1
π [ hackinarticles, Hacking Articles ]
Incident Response Cheat Sheet
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #dfir #incidentresponse
π₯ [ tweet ]
Incident Response Cheat Sheet
#infosec #cybersecurity #cybersecuritytips #pentesting #oscp #redteam #informationsecurity #cissp #CyberSec #networking #networksecurity #CheatSheet #dfir #incidentresponse
π₯ [ tweet ]
π [ bmcder02, Blake ]
Recently I got asked to do an overview on ETW. I tried to cover everything useful for #DFIR, including multiple ways to capture ETW, useful providers and finding existing trace sessions.
#cybersecurity
https://t.co/3IWn9w6JuQ
π http://bmcder.com/blog/a-begginers-all-inclusive-guide-to-etw
π₯ [ tweet ]
Recently I got asked to do an overview on ETW. I tried to cover everything useful for #DFIR, including multiple ways to capture ETW, useful providers and finding existing trace sessions.
#cybersecurity
https://t.co/3IWn9w6JuQ
π http://bmcder.com/blog/a-begginers-all-inclusive-guide-to-etw
π₯ [ tweet ]
π [ DirectoryRanger, DirectoryRanger ]
Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction #DFIR
https://t.co/8BZPvX83Ij
π https://jeffreyappel.nl/detect-and-block-credential-dumps-with-defender-for-endpoint-attack-surface-reduction/
π₯ [ tweet ]
Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction #DFIR
https://t.co/8BZPvX83Ij
π https://jeffreyappel.nl/detect-and-block-credential-dumps-with-defender-for-endpoint-attack-surface-reduction/
π₯ [ tweet ]
π [ ntlmrelay, Ring3API ]
πDismember tool by @liam_galvin - scan memory for secrets and more.
βοΈhttps://t.co/3anDqypiVb
#redteam #BlueTeam #threathunting #DFIR
π https://github.com/liamg/dismember
π₯ [ tweet ]
πDismember tool by @liam_galvin - scan memory for secrets and more.
βοΈhttps://t.co/3anDqypiVb
#redteam #BlueTeam #threathunting #DFIR
π https://github.com/liamg/dismember
π₯ [ tweet ]
π [ cfalta, Christoph Falta ]
I wrote something to compare the content of two volume shadow copies. Let's hope that's useful π #dfir #PowerShell
https://t.co/ip15QPFaTq
π https://github.com/cfalta/vsctool
π₯ [ tweet ]
I wrote something to compare the content of two volume shadow copies. Let's hope that's useful π #dfir #PowerShell
https://t.co/ip15QPFaTq
π https://github.com/cfalta/vsctool
π₯ [ tweet ]
π [ ntlmrelay, Ring3API ]
πHow Does Windows Execute Shortcuts (.LNK)? - by @LabsSentinel
β‘οΈhttps://t.co/azJmSz7A5T
#BlueTeam #ThreatHunting #DFIR
π https://www.sentinelone.com/labs/who-needs-macros-threat-actors-pivot-to-abusing-explorer-and-other-lolbins-via-windows-shortcuts/
π₯ [ tweet ]
πHow Does Windows Execute Shortcuts (.LNK)? - by @LabsSentinel
β‘οΈhttps://t.co/azJmSz7A5T
#BlueTeam #ThreatHunting #DFIR
π https://www.sentinelone.com/labs/who-needs-macros-threat-actors-pivot-to-abusing-explorer-and-other-lolbins-via-windows-shortcuts/
π₯ [ tweet ]
π [ an0n_r0, an0n ]
not a new one, but might be useful: Detecting Lateral Movement (and other) techniques through Event Logs by @jpcert_en
https://t.co/xIyta9ZESK
#DFIR
π https://jpcertcc.github.io/ToolAnalysisResultSheet/
π₯ [ tweet ]
not a new one, but might be useful: Detecting Lateral Movement (and other) techniques through Event Logs by @jpcert_en
https://t.co/xIyta9ZESK
#DFIR
π https://jpcertcc.github.io/ToolAnalysisResultSheet/
π₯ [ tweet ]
π [ k1nd0ne, k1nd0ne ]
I am happy to release a new malware analysis tool.
VISION-Process.
A fast and cross platform Procmon visualization application written in Rust & TS.
https://t.co/M3GBy3Udb7
An demo with QBOT :
https://t.co/MruSaVYG2H
Happy Hunting !
@pr0xylife #DFIR
π https://github.com/forensicxlab/VISION-ProcMon
π https://www.forensicxlab.com/posts/vision-procmon/
π₯ [ tweet ]
I am happy to release a new malware analysis tool.
VISION-Process.
A fast and cross platform Procmon visualization application written in Rust & TS.
https://t.co/M3GBy3Udb7
An demo with QBOT :
https://t.co/MruSaVYG2H
Happy Hunting !
@pr0xylife #DFIR
π https://github.com/forensicxlab/VISION-ProcMon
π https://www.forensicxlab.com/posts/vision-procmon/
π₯ [ tweet ]
π [ Renzon @r3nzsec ]
I recently co-authored a @Unit42_Intel blog about a unique IR case in which a threat actorβs custom EDR bypass (using #BYOVD) exposed their toolkit, methods, and even identity. Check out how we unmasked them through an opsec slip-up! #dfir
π https://unit42.paloaltonetworks.com/edr-bypass-extortion-attempt-thwarted/
π₯ [ tweet ]
I recently co-authored a @Unit42_Intel blog about a unique IR case in which a threat actorβs custom EDR bypass (using #BYOVD) exposed their toolkit, methods, and even identity. Check out how we unmasked them through an opsec slip-up! #dfir
π https://unit42.paloaltonetworks.com/edr-bypass-extortion-attempt-thwarted/
π₯ [ tweet ]
π4π2