-
Recent Posts
Categories
- Academia (21)
- Android (1)
- Anti-Forensics (2)
- AntiX (4)
- Apache/Tomcat (8)
- Arabnix (6)
- BackTrack (5)
- Books (17)
- C5W (1)
- Challenges (5)
- Companies (16)
- Conferences (1)
- Cyber 5W (2)
- Database (23)
- Development (31)
- DFIR (14)
- Exploitation (8)
- File Systems (1)
- Firewalls (20)
- Footprinting (14)
- Forensics (22)
- Fun (28)
- GNU/Linux (101)
- HDFS (1)
- IDS/IPS (4)
- Investigations (13)
- Kernel (24)
- Life (161)
- Linux Security (68)
- Linux Services (37)
- Malware (9)
- Memory (1)
- Metasploit (6)
- Mobile (3)
- Networks (44)
- News (75)
- OSINT (6)
- Patch Management (5)
- PCI Compliance (8)
- PenTest (52)
- Poems (9)
- PortKnocking (10)
- Privacy (4)
- Publications (12)
- Real Madrid (17)
- Research (6)
- Security (84)
- Snippets (33)
- Social Engineering (4)
- Software/Tools (53)
- Sport (78)
- ThreatHunting (4)
- Unix (12)
- Virtualization (27)
- Vulnerability (7)
- Web Security (12)
- Webapp (4)
- WHM/Cpanel (6)
- Windows (19)
- Workshops (2)
- z0ne (16)
Archives
Category Archives: ThreatHunting
Windows Sandbox Scripts
Windows Sandbox is an amazing Windows feature that could be used for Malware Analysis. In order to install it you’ll need to follow this blog post here by Microsoft.
Posted in DFIR, Investigations, Malware, Research, Security, Software/Tools, ThreatHunting, Virtualization, Windows
Tagged Malware Analysis, Reverse Engineering, Windows Sandbox
Comments Off on Windows Sandbox Scripts
Cuckoo VM for Malware Analysis
Cuckoo VM prepared for Malware Analysis Continue reading
Posted in Forensics, Malware, Research, ThreatHunting, Virtualization
Tagged Cuckoo, Malware, Malware Analysis, Nested Virtualization, Sandbox, VM
Comments Off on Cuckoo VM for Malware Analysis
Update: Hidden Prefetch Files Detection using New PECmd
Before diving into this post, I wanted to say, that I have been teaching digital forensics for a long time by now, and in my Operating System Forensics class, I use Eric Zimmerman‘s tools a lot, and when I say … Continue reading
Posted in AntiX, ThreatHunting, Windows
Tagged ads, alternate data streams, anti-forensics, EXE, malicious, Prefetch, stealth, threathunting, Windows
Comments Off on Update: Hidden Prefetch Files Detection using New PECmd
Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis
While doing more experiments of running EXEs and Malicious EXEs from ADS and Stealthy ADS to continue my previous work “Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS“, and in order to create a forensic image and … Continue reading
Posted in AntiX, Forensics, ThreatHunting, Windows
Tagged ads, alternate data streams, anti-forensics, EXE, malicious, Prefetch, stealth, threathunting, Windows
Comments Off on Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis