Oh my .. ! - Suspicious network traffic detected including Ransomware IntroductionA customer contacted us due to a high-severity ransomware alert in Win... 2025-1-22 17:2:19 | 阅读: 22 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch network ransomware actiontype

Tear Down The Castle - Part 1 IntroductionIn the realm of IT infrastructure, Active Directory (AD) serves as a c... 2025-1-19 23:1:37 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch passwords security powershell microsoft pingcastle

Analysis of Python's .pth files as a persistence mechanism IntroductionThe purpose of the update.py script is to deploy a backdoor to the fol... 2025-1-14 13:18:0 | 阅读: 37 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch pth python python3 dist malicious

Today I Learned - setfacl Table of Contents Introdu... 2024-12-17 10:47:51 | 阅读: 20 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch malmoeb dfir setfacl acls linpeas

BSides Munich: /proc for Security Analysts AbstractIn the intricate landscape of cybersecurity, the ability to uncover hidde... 2024-12-13 16:18:49 | 阅读: 19 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch security uncover treasure interpret munich

DeepSec: RAT Builders - How to catch them all AbstractCybercriminals now have unprecedented ease in creating their own remote a... 2024-12-13 16:18:48 | 阅读: 27 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch builders rats trojans equips agenttesla

Shell Script Compiler (shc) IntroductionAfter installing the payload, the shell script inst.sh runs a backdoo... 2024-12-13 16:18:47 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch shc ncat traceme strace mprotect

Hack.lu: In-Depth Study of Linux Rootkits: Evolution, Detection, and Defense AbstractThis talk, “In-Depth Study of Linux Rootkits,” will provide a comprehensi... 2024-11-11 15:1:33 | 阅读: 25 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch rootkits historical inception defenders

Hack.lu: The Gist of Hundreds of Incident Response Cases AbstractHow to become an Incident Response Rockstar? After conducting hundreds of... 2024-11-11 15:1:32 | 阅读: 23 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch artifacts attending rockstar conducting smarter

Reptile's Custom Kernel-Module Launcher Introduction“In REPTILE version 2.0, the original developer of REPTILE altered ho... 2024-11-11 15:1:31 | 阅读: 26 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch reptile insmod loader loaded ko

bedevil: Dynamic Linker Patching Introductionbedevil (bdvl), according to the GitHub page, is an LD_PRELOAD rootkit... 2024-10-19 20:16:28 | 阅读: 39 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch dfir ldpatch oldpreload newpreload

Microsoft Defender XDR's Deception Technology IntroductionThis week wasn’t the first time we’ve investigated a case where a cust... 2024-10-18 04:1:40 | 阅读: 42 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch decoy deception microsoft powershell windows

tmate - Instant Terminal Sharing (or How To Backdoor a Linux Server) IntroductionOver the last three years, various cyber security companies wrote abou... 2024-10-7 01:2:20 | 阅读: 26 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch tmate ssh 13453 traces teamtnt

EDR: The Great Escape - RomHack Training Review This course aims to provide a comprehensive understanding of the architecture of... 2024-9-30 20:17:16 | 阅读: 29 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch windows security internals analysis hooking

Today I Learned - NSG Flow Log IntroductionAzure flow logs are a feature in Azure that allows you to capture and... 2024-9-21 13:47:10 | 阅读: 24 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch network security nsg defaultrule

ScriptBlock Smuggling IntroductionPowerShell’s Script Block Logging is a security feature that records a... 2024-9-13 19:47:7 | 阅读: 21 | 收藏 | Over Security - Cybersecurity news aggregator - dfir.ch powershell scriptblock malicious spoofedast executedast