RSS.Social

dfir.ch

follow: @[email protected]

Posts

Linux Capabilities Revisited

FIRST Technical Colloquium Amsterdam: In-Depth Study of Linux Rootkits

BSides Kent: The Gist of Hundreds of Incident Response Cases

Today I Learned - Protected Symlinks

macOS Extended Attributes: Case Study

Tear Down The Castle - Part 2

Oh my .. ! - Suspicious network traffic detected including Ransomware

Tear Down The Castle - Part 1

Analysis of Python's .pth files as a persistence mechanism

Today I Learned - setfacl

Shell Script Compiler (shc)

DeepSec: RAT Builders - How to catch them all

BSides Munich: /proc for Security Analysts

Reptile's Custom Kernel-Module Launcher

Hack.lu: The Gist of Hundreds of Incident Response Cases

Hack.lu: In-Depth Study of Linux Rootkits: Evolution, Detection, and Defense

bedevil: Dynamic Linker Patching

Microsoft Defender XDR's Deception Technology

tmate - Instant Terminal Sharing (or How To Backdoor a Linux Server)

EDR: The Great Escape - RomHack Training Review

Today I Learned - NSG Flow Log

ScriptBlock Smuggling

Botnet Fenix

Today I Learned - WebDAV Cache

Abusing the “search-ms” URI protocol handler

Tainted Kernels

Today I Learned - kernel.modules_disabled

Systemd Path Activation - Poor Man's File Integrity

From Dangerous PHP Functions to Webshell Hunting

FIRST Conference: (Advanced) Purple Teaming - BlueTeam Edition

Today I Learned - Instrument ClamAV to extract AutoIT scripts

SecurityFest: The Gist of Hundreds of Incident Response cases

Today I Learned - Zsh Sessions (even more Timestamps)

The 'Invisibility Cloak' - Slash-Proc Magic

Removing Traces of RMM Tools

Today I Learned - Zsh History Timestamps

Canarytokens: Catching Insider Threats (and Threat Actors?)

Today I Learned - Device Discovery

Sysrv Infection (Linux Edition)

Varia

MicroSocks: Convenient access through a compromised SonicWall SMA

Azure Batch Misused for Crypto Mining

Two in a row - You mitigated wrong (Kentico CMS RCE)

AWS Ransomware

[s|l]trace - Linux Malware Analysis

Hunting AsyncRAT & QuasarRAT

Azure

DFIR

Real-World PingCastle Findings

N-IOCs to Rule Them All

Threat Hunting

FIRST Conference: N-IOCs to Rule Them All

Swiss Cyber Storm: The Seven Deadly Sins

Swiss Cyber Storm: Ransomware in Switzerland and around the World