loading

166311 author: secshoggoth@infosec.exchange 29 Jan 2025 13:53
tags: #dfir #forensics #incidentresponse #threathunting

I've had to analyze several MS Quick Assist compromises and found challenges during each one. Threat Hunting for malicious activity thru QA is not easy either.

So I wrote a blog post on what to look for: https://inversion6.com/resources/blog/january-2025/microsoft-quick-assist-an-it-security-primer

162427 author: DEVCE_CIC@infosec.exchange 24 Jan 2025 10:33
tags: #academia #cjs #computerevidence #dfir #digitalforensics #law #parliament

We are aware that there are some members of the digital evidence community who may be wary of, unwilling to, or unable to give evidence to the Parliamentary Inquiry into Computer Evidence (https://www.gov.uk/government/news/use-of-computer-evidence-in-court-to-be-interrogated ). To ensure that their views & experiences can be properly represented, we are running a short survey ro capture essential information that we will submit to the Inquiry on behalf of respondents. All information will be anonymised and only used or reproduced with the consent of the contributors.

The survey has been prepared by Angus Marshall with support from Prof. Sarah Morris and Simon Biles, for whose support we are very grateful.

Please do complete the form at https://forms.gle/BwmDytnHT3z8pmCDA . It should only take 10-20 minutes. Or if you prefer to email us: survey@devce.org

147984 author: malanalysis@infosec.exchange 08 Jan 2025 16:59
tags: #dfir #dfirmemes

strings to the rescue

Don't forget to at least rerun with --encoding=b too

It's ain much but it's honest work meme with the farmer labeled "strings --all --radix=d --encoding=s" with the caption: When all of the other DFIR tools fail to parse the data.

105878 author: volexity@infosec.exchange 15 Nov 2024 20:01
tags: #dfir #threatintel
to: https://infosec.exchange/users/volexity

@volexity has published a blog post about BrazenBamboo, the Chinese threat actor behind the LIGHTSPY and DEEPDATA malware families. This blog post details a FortiClient vulnerability used in the DEEPDATA malware, where user VPN credentials are left in plaintext in memory long after a user has authenticated. Read more here: https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata

3345 author: abrignoni@infosec.exchange 10 Jul 2024 11:00
tags: #dfir #digitalforensics #mobileforensics

Are certifications important? Yes, no, and it depends.

Do certifications make you an expert? No.
Do certifications help with the hiring process? Yes.
Do certifications help you be up to date? It depends.

If work pays for them, go for it.
If you have to pay them yourself, do your research.