Invoke-Adversary – Simulating Adversary Operations
Invoke-Adversary is a PowerShell script that helps you to evaluate security products and monitoring solutions based on how w…
Creating custom YARA rules
Didier Stevens has posted about how to use IOCs (Indicators Of Compromise) to create your own custom YARA rules. In the post…
Dshell: An Extensible Network Forensic Analysis Framework
Dshell is an extensible network forensic analysis framework, that enables rapid development of plugins to support the dissec…
C2 Hunting
Here is the latest post by Jack Crook (@jackcr) in which he discusses detecting and/or hunting for C2 traffic. You can find …
How to perform AWS Cloud Forensics
Here is a nice overview of EC2 instances volume and memory acquisition process, plus some info on how to disable an access k…
Finding Metasploit’s Meterpreter Traces with Memory Forensics
Metasploit Framework is very popular not only among pentesters, but also quite often used by real adversaries. So why memory…
The Power of Logging in Incident Response
In this post Brad Garnett writes about the importance of logging in incident response. Brad mentions such important digital …
Detecting Lateral Movements in Windows Infrastructure
Lateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APT…
VMWare Incident Response: A Process
In the post the authors describe VMWare incident response process based on the following steps: 1. Contact with consultee 2.…
Threat Hunting Reconnaissance Toolkit
Threat Hunting Reconnaissance Toolkit or THRecon is a collection of PowerShell scripts by Tony Phipps, which can be very use…
