Search for Malware on Webservers with Blazescan
Blazescan is a Linux webserver malware scanning and incident response tool, with built in support for cPanel servers, but wi…
Deobfuscate malicious VBA Macros with ViperMonkey
ViperMonkey is a VBA Emulation engine written in Python, designed to analyze and deobfuscate malicious VBA Macros contained …
Persistence Mechanisms
As a continuation of the “Introduction to Windows Forensics” series by Richard Davis, this episode looks at pers…
PhishPhinder: Locate and Purge Messages in O365
PhishPhinder is a tool for locating and purging messages in O365. You can learn more about how to use this PowerShell script…
Defcon DFIR CTF 2018 Open to the Public
David Cowen has posted Defcon DFIR CTF 2018 images and questions at his blog. It’s time to download them and have a go…
Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage
Sarah Edwards has posted her research of knowledgeC.db database. This database can be found on macOS and iOS devices. On Mac…
Business Email Compromise; Office 365 Making Sense of All the Noise
Office 365, or O365, has made online applications easier for businesses of all sizes. Its also created a significant attack …
Deobfuscating Emotet’s PowerShell Payload
Lasq has posted a step-by-step guide on how to deobfuscate Emotet’s PowerShell payload. Also he shared a Python script…
Investigating Data Hiding and Covert Communication
The book will focus on incident response methods and techniques when faced with the unprecedented challenge that data hiding…
POSH-Triage
Mike Cary has written a PowerShell script that automates the use of Eric Zimmerman’s cmd line tools (https://ericzimme…
