Detecting Lateral Movement through Tracking Event Logs
Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) presented an 80-page guide on how to detect lateral m…
On the Detection of Kernel-Level Rootkits Using Hardware Performance Counters
Recent work has investigated the use of hardware performance counters (HPCs) for the detection of malware running on a syste…
Digital Forensics and Incident Response
Another DFIR book has been announced by Packt Publishing. It’s “Digital Forensics and Incident Response” b…
Using Binsnitch.py to Detect Files Touched by Malware
Daan Raman from NVISO Labs has published a blog post about their new tool – binsnitch.py. You can use this tool to det…
Exposing Command Line Shells History with PowerShell
Eyal Neemany has published a post on how to use PowerShell to expose command line shells history. He notes that the biggest …
WannaCry Ransomware Threat: What We Know So Far
The WannaCry ransomware worm is unprecedented for two reasons. First, it’s a ransomware worm. Second, it appears to be…
WannaCry Ransomware – Incident Response Playbook
This response plan includes steps to contain the threat, hunt for existing infections, and remediation. Following is a list …
Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer
Cisco Press has announced a new book by Joseph Muniz and Aamir Lakhani entitled “Investigating the Cyber Breach: The D…
Rapid Provisioning of a Malware Analysis Environment
Adam Kramer has published a post in SANS DFIR blog about ‘rapid_env’. This is an open source tool he developed, …
The new version of Mandiant Redline supports Windows 10
Redline version 1.20 introduces support for collection from and analysis of Window 10 systems and is already available for d…
