In the tumultuous landscape of cybersecurity, the year 2023 left an indelible mark with the brazen exploits of the Scattered Spider threat group. Their attacks targeted the nerve centers of major financial and insurance institutions, culminating in what stands as one of the most impactful ransomware assaults in recent memory. When organizations have no response […]
The cybersecurity community understands as cyber forensics the procedures and methodological techniques to identify, collect, preserve, extract, interpret, document and present the evidence of an investigation on a computer system, so that these reports can demonstrate or rule out malicious activity on the affected systems. Specialists say that this research plays a fundamental role in […]
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project. Currently, the project manager is Nanni Bassetti (Bari – Italy). CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface. The main design objectives that CAINE […]
Windows is the most common operating system. There are many organizations who prefer windows OS. Windows is also most targeted operating system by hackers, as per ethical hacking researcher of international institute of cyber security. We will show a method through which you can check all the details or view an history of windows operating […]
DFIRtriage is a tool intended to provide Incident Responders with rapid host data. Written in Python, the code has been compiled to eliminate the dependency of python on the target host. The tool will run a variety of commands automatically upon execution. The acquired data will reside in the root of the execution directory. DFIRTriage […]
It is important to remember that implementing incident response steps is a process and not an isolated event. For a truly successful incident response, the team should have a coordinated approach. There are five key steps in responding to incidents to ensure efficiency. <iframe width=”560″ height=”315″ src=”https://www.youtube.com/embed/Euhl7hNquTQ” frameborder=”0″ allow=”accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture” allowfullscreen></iframe> The […]
In order for an organization to properly respond to a breach or incident, they need to have a proper incident response team. These are the people who are responsible for analyzing security breaches, as well as taking all necessary measures to respond to it. At its very core, the incident response team needs to be […]
nightHawkResponse is a custom built application for asynchronus forensic data presentation on an Elasticsearch backend. This application is designed to ingest a Mandiant Redline “collections” file and give flexibility in search/stack and tagging. The application was born out of the inability to control multiple investigations (or hundreds of endpoints) in a single pane of glass. […]
Redline provides host investigative capabilities to users to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile. With Redline, you can: Thoroughly audit and collect all running processes and drivers from memory, file-system metadata, registry data, event logs, network information, services, tasks and web history. Analyze […]
AMIRA is a service for automatically running the analysis on the OSXCollector output files. The automated analysis is performed via OSXCollector Output Filters, in particular The One Filter to Rule Them All: the Analyze Filter. AMIRA takes care of retrieving the output files from an S3 bucket, running the Analyze Filter and then uploading […]
Mozilla Investigator MIG is a platform to perform investigative surgery on remote endpoints. It enables investigators to obtain information from large numbers of systems in parallel, thus accelerating investigation of incidents and day-to-day operations security. What is this? MIG is composed of agents installed on all systems of an infrastructure that are be queried in […]
Cyber Incident Response Tools are more often used by security industries to test the vulnerabilities and provide an emergency incident response to compromised network and applications and helps to take the appropriate mitigation steps. Here you can find the Comprehensive Cyber Incident Response Tools list that covers to use in various types of incident response […]
CAINE (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a Digital Forensics project. Currently, the project manager is Nanni Bassetti (Bari – Italy). CAINE offers a complete forensic environment that is organized to integrate existing software tools as software modules and to provide a friendly graphical interface. The main design objectives that CAINE […]
Loki is a free and simple IOC (Indicators of Compromise) scanner, a complete rewrite of main analysis modules of the APT Scanner THOR. Detection is based on four detection methods: File Name IOC Regex match on full file path/name Yara Rule Check Yara signature match on file data and process memory Hash check Compares known […]
WEFFLES is designed to be small and lightweight, both for speed of getting something deployed during an Incident Response and also for the sake of being sustainable in an environment going forward. It’s not necessary to be familiar with the underlying technology of Windows Event Forwarding to set up the solution as it’s scripted out […]
FLARE VM is the first of its kind freely available and open sourced Windows-based security distribution designed for reverse engineers, malware analysts, incident responders, forensicators, and penetration testers. Inspired by open-source Linux-based security distributions like Kali Linux, FLARE VM delivers a fully configured platform with a comprehensive collection of Windows security tools such as debuggers, […]
Cyphon is a big data platform that aggregates, standardizes, and enhances data for easier analysis. Many businesses rely on emails to manage alert notifications, which leaves their networks susceptible to overlooked incidents, alert fatigue and knowledge drain. Cyphon closes gaps in data management by collecting detailed information from a variety of sources – including email, […]