Windows Process Genealogy
As an incident responder, one of the things you need to be able to quickly do when looking at a list of processes, is immedi…
Finding Metasploit’s Meterpreter Traces with Memory Forensics
Metasploit Framework is very popular not only among pentesters, but also quite often used by real adversaries. So why memory…
Portable Dynamic Malware Analysis with an Improved Scalability and Automatisation
A malware is deployed ubiquitously to steal safety or liability-critical information and damage the compromised systems. In …
Learning Malware Analysis
Packt Publishing has announced “Learning Malware Analysis“ by Monappa K A. The book is expected to be published …
Malware Data Science: Attack Detection and Attribution
Security has become a “big data” problem. The growth rate of malware has accelerated to tens of millions of new …
Getting Started with the SIFT Workstation Webcast with Rob Lee
An international team of forensics experts helped create the SANS Investigative Forensic Toolkit (SIFT) Workstation and made…
Chasing Adversaries with Autoruns – Evading Techniques and Countermeasures
Sysinternals Autoruns is a great utility for defenders to discover and disable malware and adversaries’ persistence po…
Windows Credentials Attacks, Mitigations & Defense
Windows credentials are arguably the largest vulnerability affecting the modern enterprise. Credential harvesting is goal nu…
Survey on the Usage of Machine Learning Techniques for Malware Analysis
Coping with malware is getting more and more challenging, given their relentless growth in complexity and volume. One of the…
How to Intercept IP Connections in a Malware Analysis Lab
SANS Institute has presented a short tutorial with Lenny Zeltser on how to intercept IP connections in a malware analysis la…
