Windows 10 is equipped with a mechanism to automatically enable Microsoft Defender Antivirus after rebooting, even if it is set to be disabled.
This mechanism generally helps to protect the device, but for security researchers, there are times when they want to disable it, such as when analyzing malware, verifying…
Here are some useful sites to get a quick overview of relevant Advanced Persistent Threat Groups (APT) groups from APT group names or malware names.
An APT encyclopedia published by ThaiCERT around 2019/06. It is very useful to get information about APT from APT group names and malware names.
I made a script that automatically installs the cyber threat intelligence aggregation and analyzing system EXIST with MISP.
I made this list from my tweets (April to September 2019).
15 Linux commands ready to try.
Useful content based on the author’s experience.
ANSSI report on AmCache’s usefulness for forensics.
I used several evidence collection tools for fast forensics to see what the differences were. I check the function mainly from the viewpoint of dumping the file. The following table shows the results in a Windows environment.
(*1, *2, *6).
Sysmon now supports logging DNS queries, so I tried to get the logs. I checked this procedure with Windows 10 on VMware.
Here’s a list of images that might be appropriate for a “I want to learn forensics, but I don’t have an image for analysis.”. I’m preferentially collecting images with scenarios and answers.
The list includes many PC disk images, but also memory images, network packets, mobile phone and drone image…
A vulnerability (CVE-2019–12735) has been found in 2019/06/04 that could allow arbitrary code execution via modeline when vim opens a specially crafted text file. Vim < 8.1.1365 …