Security tooling is not written in a single language. Python powers most automation. C sits at the exploit layer. PowerShell ...
A new ransomware operation named ‘Prinz Eugen’ prioritizes recently modified files for encryption and leaves no ransom note on the system. An investigation from Threatdown, the former corporate ...
A collection of memory forensics case studies performed using Volatility. This repository contains malware investigations, rootkit analysis, process analysis, network artifact analysis and findings ...
A properly configured virtual lab keeps malware contained and prevents damage to systems. Hashing, static review, and dynamic testing need to be used in combination to understand how a sample behaves ...
Abstract: Malware, or malicious software intended to disrupt, compromise data, or provide a barrier to authorised access, is increasingly taking a memory-resident and fileless form of execution, and ...
Usage: sandroid [OPTIONS] Sandroid: Extract forensic and malware artifacts from Android Virtual Devices. Core Options: -c, --config PATH Configuration file path -e, --environment TEXT Environment name ...
The landscape of malware analysis has significantly evolved, driven by the increasing sophistication of cyber threats and the advanced techniques being developed to combat them. Malware attacks on US ...
In my last blog post we delved into the Volatility Framework. In this two-part series I want to highlight how memory forensics plays a crucial role in enhancing forensic investigations by providing ...
In this two post series I want to highlight how memory forensics plays a crucial role in enhancing forensic investigations. Specifically by providing access to volatile data that cannot be retrieved ...
Dynamic malware analysis is a key part of any threat investigation. It involves executing a sample of a malicious program in the isolated environment of a malware sandbox to monitor its behavior and ...