FOR508

173 bookmarks
Newest
Appendix B - Incident Response Forms - Incident Response and Computer Forensics, 3rd Edition
Appendix B - Incident Response Forms - Incident Response and Computer Forensics, 3rd Edition
The following files are part of Appendix B of Incident Response and Computer Forensics 3rd Edition: Form 1 – Evidence Tag (.doc) – v1.0 Form 2 – Evidence Inventory (.doc) – v1.0 Form 3 – Client System Description (.doc) – v1.0 Form 4 – Evidence … Appendix B – Incident Response Forms Read More »
·ir3e.com·
Appendix B - Incident Response Forms - Incident Response and Computer Forensics, 3rd Edition
Lee Holmes | Extracting Forensic Script Content from PowerShell Process Dumps
Lee Holmes | Extracting Forensic Script Content from PowerShell Process Dumps
After posting Extracting Activity History from PowerShell Process Dumps, I got an interesting follow up question: “Is it possible to extract the content of scripts (from disk) that were executed, even if those files were not captured?” The answer is “Yes”, but it’s also complicated. And to make it even more complicated, we’re going to go down a path showing how to do some of this detective work from scratch. This is going to require a lot of WinDbg automation, so for a first step, install the WinDbg module.
·leeholmes.com·
Lee Holmes | Extracting Forensic Script Content from PowerShell Process Dumps
Hijacking DLLs in Windows
Hijacking DLLs in Windows
DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC.
·wietzebeukema.nl·
Hijacking DLLs in Windows
NotPetya fsutil clear journal
NotPetya fsutil clear journal
Although initially labeled as ransomware due to the ransom message that is displayed after infection, it appears now that NotPetya functions more as a destructive wiper-like tool than actual ransomware
·logrhythm.com·
NotPetya fsutil clear journal