Memory Acquisition and Virtual Secure Mode
Jason Hale has published a post about the impact of VBS on memory acqusition. With Windows 10 and Server 2016, Microsoft add…
An Academic’s View to Incident Response
Here is a talk by Martin Schmiedecker from SHA2017 on incident response: SHA2017 is a non profit outdoor Hacker camp/confere…
FLARE VM – a fully customizable, Windows-based security distribution for malware analysis
FLARE VM is a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration t…
Detecting Lateral Movement through Tracking Event Logs
Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) presented an 80-page guide on how to detect lateral m…
An Introduction to VolUtility
Basil Alawi S.Taher has posted a nice overview of how to start using VolUtility – a web frontend for Volatility framew…
Windows IR made easier and faster – Find the head of the snake using AutoRuns, Large Registry Keys, Logs, IP/WhoIs and Netflow
Windows systems are still king of the desktop and server operating systems, thus the #1 target of hackers, malware, ransomwa…
WannaCry Ransomware – Incident Response Playbook
This response plan includes steps to contain the threat, hunt for existing infections, and remediation. Following is a list …
Ten Ways to Prepare for Incident Response
McAfee has published a white paper by Jim Olmstead, Senior Consultant, Incident Response and Forensic Practice Foundstone® S…
Cyber Threat Intelligence Summit 2017
SANS has published 16 videos from Cyber Threat Intelligence Summit 2017. All videos are available for free at SANS Digital F…
FAME – open-source malware analysis framework
FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging a…
