Clik here to view.
Analysis of a Windows 8 Memory Dump with Volatility 2.4 ("The New Hotness")
Hello again readers! Today's blog post is going to cover my initial experiences working with the newest release of volatility (version 2.4) and a Windows 8 memory dump I created using Belkasoft...
View ArticleClik here to view.
Live Response Tool collection update (BONUS FEATURE) Searching the Windows...
Hello again readers! First off, I want to start the post by announcing that the latest update to the Live Response collection of tools is up; you can download it here:LiveResponse.zip -Â download...
View ArticleMany small updates to the Windows Live Response collection
Good morning readers! Over the past few days I have had a little bit of free time, which I used to update several of the applications contained within the Windows Live Response collection. Â cports,...
View ArticleClik here to view.
Spending $$$ on hardware won't fix the problem...you first have to understand...
As more and more organizations experience data breaches that are specifically targeting credit card processing programs, many in the sales and marketing areas are quick to say "If Organization X had...
View ArticleAutomated Windows disk imaging? Sure, it can do that!
Hello again readers! After a busy couple of weeks, I had some time to work on adding a new feature to the Windows Live Response collection, automated disk imaging! This means that when you run the...
View ArticleClik here to view.
Part of an Afternoon with TrustPipe...
Today an article that sounded interesting was pointed out to me, regarding a company named TrustPipe that is claiming to catch 100% of network attacks. A direct quote from their website:"Our patented...
View ArticleEven More Live Response Collection Updates!!
Hello again readers! The last update to the Live Response collection was about two months ago, and I have been working on adding more open-source tools and data collection processes to the collection....
View ArticleClik here to view.
GUI, Logging, Compression, and Encryption -- Updates to the Live Response...
Hello again readers! Over the past few weeks, in between cases, I have been hard at work trying to get a couple of new features implemented into the Windows Live Response Collection. Today I am very...
View ArticleClik here to view.
A (new) way to consider getting data from mobile phones
Hello again readers! Today's post is possible as the result of a joint collaboration with Berla (https://berla.co/) in an effort not only to give some exposure to the very interesting and exciting...
View ArticleClik here to view.
Gone Phishing
Hello again readers! Today's blog post deals with a phishing email that was sent to my Yahoo! email address that I received two days ago, allegedly from DHL. Interestingly enough the Symantec web...
View ArticleClik here to view.
And you get a POS malware name...and you get a POS malware name....and you...
This morning I woke up to find Trend Micro/Trend Labs had a new post on an "old undetected PoS malware" which they have called "PwnPOS". I was interested at first, but this looks like just another case...
View ArticleClik here to view.
Telsacrypt vs open source tools
Hello again readers! Today's blog post is going to cover a new "variant" of ransomware that has been deemed "Teslacrypt", which was highlighted in a fairly detailed post by Vadim Kotov from Bromium...
View ArticleLive Response Collection slides from Bsides Charm
Hello again readers! I had the pleasure of speaking about the Live Response Collection at the inaugural Bsides Charm event held this past weekend. I am working on getting some new features and...
View ArticleClik here to view.
Post OPM Breach...let the phishing begin!!
Hello again readers! As you may already know, last evening the Office of Personnel Management (OPM) admitted they sustained a data breach where they "lost 4 million records". In reality the number is...
View ArticleClik here to view.
How to Have that Awkward Conversation
Hello again readers!! Today's post is the first (but most certainly not the last) "guest post" in which friends and colleagues can share their experiences and insights and give alternate perspectives...
View ArticleClik here to view.
Gardening, cyber security, and YOU!
Hello again readers! We spent the first week of July on vacation in North Carolina and then I spent a few days last week at the SANS DFIR Summit in Austin. I was going to write a small recap of the...
View ArticleClik here to view.
...at long last, updates to the Live Response Collection!!
Hello again readers! I am happy to announce, after many long months in development (and due to a pretty busy six months, about six months later than I had originally planned) an updated version of the...
View ArticleClik here to view.
Publicly announcing buatapa!!
Hello again readers and welcome back! Today's blog post is going to cover a small script that I developed called "buatapa". This was meant to be released several months ago, but steady case work has...
View ArticleClik here to view.
Introducing Windows Live Response Collection modules...and how to write your...
Hello again readers and welcome back. Today I am very happy to announce the public release of the latest round of updates to the Live Response Collection. This release focuses on the "modules" that I...
View ArticlePutting a wrap on October
Hello again readers and welcome back! For us, October consisted of a lot of traveling giving presentations about the Live Response Collection at BSides Raleigh, Anne Arundel Community College,...
View Article