Following the RTM
Researchers became aware of the activities of the RTM group in December 2015. Since then, phishing emails distributing the t…
Using MITRE ATT&CK for Forensics: Image File Execution Options Injection (T1183)
As was promised, we continue our Using MITRE ATT&CK for Forensics series. This time we are going to discuss another pers…
Using MITRE ATT&CK for Forensics: BITS Jobs (T1197)
If you are doing incident response, you must know what MITRE ATT&CK is. As it’s a great guide to threat actors tac…
Detection of Algorithmically Generated Malicious Domain
In recent years, many malware writers have relied on Dynamic Domain Name Services (DDNS) to maintain their Command and Contr…
AutoMacTC: Automated Mac Forensic Triage Collector
AutoMacTC is a modular forensic triage collection framework designed to access various forensic artifacts on macOS, parse th…
Sysmon-Modular: A Sysmon Configuration Repository for Everybody to Customise
This is a Microsoft Sysinternals Sysmon configuration repository by Olaf Hartong, set up modular for easier maintenance and …
Badly behaving scripts
As browser and operating system security have been improving, there has been a rise in conventional malware attacks relying …
Extracting Activity History from PowerShell Process Dumps
Lee Holmes has posted about how to extract activity history from PowerShell process dumps. Such dumps may be gold mines, esp…
An introduction to file-system post-mortem forensic analysis
Computer Incident Response Center of Luxembourg has published materials used during their forensic trainings including slide…
Forensics and Incident Response In The Cloud
The purpose of this webinar is to delve into one of the most challenging aspects of working with a Cloud Service Provider (C…
