Cobalt Strike Remote Threads Detection
Olaf Hartong has writted a blog post in which he shows how to use âCreate Remote Threadâ events to detect process injection …
PasteHunter
PasteHunter is a Python3 application that is designed to query a collection of sites that host publicliy pasted data. For al…
Extract forensic timeline from memory dumps with AutoTimeliner
Andrea Fortuna created the AutoTimeliner, a tool that “automagically extract forensic timeline from volatile memory du…
A Planned Methodology for Forensically Sound IR in Office 365
A planned methodology for developing and implementing a forensically sound incident response plan in Microsoftâs Office 365 …
The Little Handbook of Windows Forensics
Andrea Fortunan has released his “The Little Handbook of Windows Forensics”. Here is the description from the au…
Robust Use of PsExec That Doesnât Reveal Password Hashes
Brian Carrier and Chris Ray have found a way how to run PsExec and not reveal admin password hash. Check this blog post to l…
DEFT X Virtual Appliance is Available for Downloading
The latest version of the system dedicated to forensic analysis and incident management, DEFT X, is released and available f…
$SignaturesAreDead = âLong Live RESILIENT Signatures”
Signatures are dead, or so weâre told. Itâs true that many items that are shared as Indicators of Compromise (file names/pat…
Spotting the Signs of Lateral Movement
Derek King has published another post as part of his “Hunting with Splunk: The Basics” series. This time he is d…
Magnet AXIOM Incident Response Examinations (AX310)
Magnet Forensics announced a new expert-level four-day training course. It is designed to give you the knowledge and skills …
