C2 Hunting
Here is the latest post by Jack Crook (@jackcr) in which he discusses detecting and/or hunting for C2 traffic. You can find …
How to perform AWS Cloud Forensics
Here is a nice overview of EC2 instances volume and memory acquisition process, plus some info on how to disable an access k…
Finding Metasploit’s Meterpreter Traces with Memory Forensics
Metasploit Framework is very popular not only among pentesters, but also quite often used by real adversaries. So why memory…
Detecting Lateral Movements in Windows Infrastructure
Lateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APT…
Forensic Challenges
Amam Hardikar has collected forensic challenges (including computer forensics, network forensics, malware analysis, etc) fro…
VMWare Incident Response: A Process
In the post the authors describe VMWare incident response process based on the following steps: 1. Contact with consultee 2.…
Threat Hunting Reconnaissance Toolkit
Threat Hunting Reconnaissance Toolkit or THRecon is a collection of PowerShell scripts by Tony Phipps, which can be very use…
Windows RDP-Related Event Logs: Identification, Tracking, and Investigation
Jonathon Poling has published a very useful post about forensicating RDP-related event logs. You will learn a lot about the …
Investigating the Cyber Breach has been released
“Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer” by Joseph Muniz and Aami…
Incident Response Reminders from a Mouse
Here is an amazing post by Mike Sheward – he has made our Friday! If you want to understand the incident response cycl…
