Threat Hunting: What it Is, and What it Is Not
Nowadays everybody is talking about threat hunting. Everyone wants to be a threat hunter. Every employer wants to hire a thr…
Nowadays everybody is talking about threat hunting. Everyone wants to be a threat hunter. Every employer wants to hire a thr…
Forensicating one of compromised hosts during our recent incident response activities we have found some interesting artifac…
Researchers became aware of the activities of the RTM group in December 2015. Since then, phishing emails distributing the t…
As was promised, we continue our Using MITRE ATT&CK for Forensics series. This time we are going to discuss another pers…
If you are doing incident response, you must know what MITRE ATT&CK is. As it’s a great guide to threat actors tac…
In recent years, many malware writers have relied on Dynamic Domain Name Services (DDNS) to maintain their Command and Contr…
AutoMacTC is a modular forensic triage collection framework designed to access various forensic artifacts on macOS, parse th…
This is a Microsoft Sysinternals Sysmon configuration repository by Olaf Hartong, set up modular for easier maintenance and …
As browser and operating system security have been improving, there has been a rise in conventional malware attacks relying …
Lee Holmes has posted about how to extract activity history from PowerShell process dumps. Such dumps may be gold mines, esp…
Login