ImHex is a relatively new Hex editor, released in December of 2020, for Reverse Engineers, Programmers and people that value their eye sight when working at 3 AM. GitHub — WerWolv/ImHex https://github.com/WerWolv/ImHex

Here are some useful sites to get a quick overview of relevant Advanced Persistent Threat Groups (APT) groups from APT group names or malware names. Threat Group Cards: A Threat Actor Encyclopedia An APT encyclopedia published by ThaiCERT around 2019/06. It is very useful to get information about APT from APT group names and malware names. https://www.thaicert.or.th/downloads/files/A_Threat_Actor_Encyclopedia.pdf

I made a script that automatically installs the cyber threat intelligence aggregation and analyzing system EXIST with MISP. soji256/exist_with_misp_autoinstall https://github.com/soji256/exist_with_misp_autoinstall

Introduction — Windows 10 Timeline Forensic Artefacts — CCL Group https://cclgroupltd.com/2018/05/03/windows-10-timeline-forensic-artefacts/ Analysis Article WindowsTimeline | SQLite query & Powershell scripts to parse the Windows 10 (v1803+) ActivitiesCache.db https://kacos2000.github.io/WindowsTimeline/ Windows 10 ActivitiesCache.db examination https://kacos2000.github.io/WindowsTimeline/WindowsTimeline.pdf

I made this list from my tweets (April to September 2019). DFIR A quick set of anomalies to look for to identify a compromised Linux system https://www.linkedin.com/pulse/quick-set-anomalies-look-identify-compromised-linux-system-b-/ 15 Linux commands ready to try. Threat hunting using DNS firewalls and data enrichment | blog.redteam.pl https://blog.redteam.pl/2019/08/threat-hunting-dns-firewall.html Useful content based on the author’s experience.

I used several evidence collection tools for fast forensics to see what the differences were. I check the function mainly from the viewpoint of dumping the file. The following table shows the results in a Windows environment. (*1, *2, *6). *1: What can be obtained without changing the setting. *2…

Sysmon — Sysmon — Windows Sysinternals | Microsoft Docs https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon Sysmon now supports logging DNS queries, so I tried to get the logs. I checked this procedure with Windows 10 on VMware. Sysmon Installation Instructions Download Sysmon from the official site. Extract the files to a folder of your choice. Launch a command prompt with…

Here’s a list of images that might be appropriate for a “I want to learn forensics, but I don’t have an image for analysis.”. I’m preferentially collecting images with scenarios and answers. The list includes many PC disk images, but also memory images, network packets, mobile phone and drone image…

A vulnerability (CVE-2019–12735) has been found in 2019/06/04 that could allow arbitrary code execution via modeline when vim opens a specially crafted text file. Vim < 8.1.1365 …