In this post John Booth describes how to detect encoded or obfuscated command-lines used by attackers on Linus hosts. As you may already know, “these techniques have the additional benefit of avoiding the need to drop a file to disk, reducing the risk to an attacker of being detected by traditional anti-virus products.”
-
Find out what happened during a ransomware attack on computer
Introduction The encryption pandemic has swept the world. No commercial companies or gover… -
PC3000 Portable III in Digital Forensics
Introduction Sooner or later, most forensics experts have to deal with damaged hard drives… -
How to analyze different types of devices and find connections between them
Modern digital forensics and incident response cases may involve quite different types of …
Load More Related Articles
-
Finding Registry Malware Persistence with RECmd
Chad Tilbury has writen a post on how to use Eric Zimmerman’s RECmd and its batch fi… -
Detecting PowerShell Empire Shenanigans with Sysinternals
In this post Ben Bornholm writes about how to detect PowerShell Empire using the tools fro… -
Analyzing the Windows LNK File Attack Method
An interesting post by D3xt3r’s Malware Laboratory describing another example of usi…
Load More In Tips & Tricks
Comments are closed.
