-
-
Recent Posts
-
Categories
- Academia (21)
- Android (1)
- Anti-Forensics (2)
- AntiX (4)
- Apache/Tomcat (8)
- Arabnix (6)
- BackTrack (5)
- Books (17)
- C5W (1)
- Challenges (5)
- Companies (16)
- Conferences (1)
- Cyber 5W (2)
- Database (23)
- Development (31)
- DFIR (14)
- Exploitation (8)
- File Systems (1)
- Firewalls (20)
- Footprinting (14)
- Forensics (22)
- Fun (28)
- GNU/Linux (101)
- HDFS (1)
- IDS/IPS (4)
- Investigations (13)
- Kernel (24)
- Life (161)
- Linux Security (68)
- Linux Services (37)
- Malware (9)
- Memory (1)
- Metasploit (6)
- Mobile (3)
- Networks (44)
- News (75)
- OSINT (6)
- Patch Management (5)
- PCI Compliance (8)
- PenTest (52)
- Poems (9)
- PortKnocking (10)
- Privacy (4)
- Publications (12)
- Real Madrid (17)
- Research (6)
- Security (84)
- Snippets (33)
- Social Engineering (4)
- Software/Tools (53)
- Sport (78)
- ThreatHunting (4)
- Unix (12)
- Virtualization (27)
- Vulnerability (7)
- Web Security (12)
- Webapp (4)
- WHM/Cpanel (6)
- Windows (19)
- Workshops (2)
- z0ne (16)
Archives
Category Archives: DFIR
Howto Setup and use the CuckooVM v2
This post should cover the basics of how to import and run a basic analysis using the Cuckoo VM which could be found here. I’m referring to this VM as CuckooVM version 2, since if you’ve been following, you already … Continue reading
Posted in DFIR, Forensics, Investigations, Malware, Virtualization
Tagged Cuckoo, DFIR, Malware, Malware Analysis, Nested Virtualization, Sandbox, Virtualization
Comments Off on Howto Setup and use the CuckooVM v2
Acquiring Linux Memory using AVML and Using it with Volatility
This is another quick post going over the process to acquire memory from a Linux system, but instead of using LiME, I’m going to use AVML which stands for Acquire Volatile Memory for Linux, and could be found here. The … Continue reading
Posted in DFIR, Forensics, Memory, Software/Tools
Tagged Acquiring, avml, Forensics, LiME, Linux, memory forensics, Profile, Volatility
Comments Off on Acquiring Linux Memory using AVML and Using it with Volatility
Forensic Acquisitions over Netcat
In the past I used to write here what I did so I do not forget, so I’ll try to get back to that habit again :) These days whenever I find time, I’m playing with TSURUGI, which is a … Continue reading
Posted in DFIR, GNU/Linux
Tagged Acquisition, Acquisitions, DFIR, distro, Forensic, Forensic image, Linux, netcat, ssh, TSURUGI
Comments Off on Forensic Acquisitions over Netcat
Anti-Forensics: Leveraging OS and File System Artifacts
Hola, I know it seems that the zone has been abandoned for a year, and that is why I didn’t want the year to end without posting anything. Anyway, this presentation has been covered in Feb-2016, and thought why not … Continue reading
