2018 Volatility Analysis Contest
Volatility Foundation has announced another contest – Volatility Analysis Contest. All you need is to choose a sophist…
Automating Incident Response and Forensics
Come and learn the latest and greatest tricks for automating your incident response and forensics in the cloud. This session…
Windows Process Genealogy
As an incident responder, one of the things you need to be able to quickly do when looking at a list of processes, is immedi…
Invoke-Adversary – Simulating Adversary Operations
Invoke-Adversary is a PowerShell script that helps you to evaluate security products and monitoring solutions based on how w…
Creating custom YARA rules
Didier Stevens has posted about how to use IOCs (Indicators Of Compromise) to create your own custom YARA rules. In the post…
C2 Hunting
Here is the latest post by Jack Crook (@jackcr) in which he discusses detecting and/or hunting for C2 traffic. You can find …
How to perform AWS Cloud Forensics
Here is a nice overview of EC2 instances volume and memory acquisition process, plus some info on how to disable an access k…
Finding Metasploit’s Meterpreter Traces with Memory Forensics
Metasploit Framework is very popular not only among pentesters, but also quite often used by real adversaries. So why memory…
Detecting Lateral Movements in Windows Infrastructure
Lateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APT…
Forensic Challenges
Amam Hardikar has collected forensic challenges (including computer forensics, network forensics, malware analysis, etc) fro…
