DearCry Ransomware Malware Analysis and Reverse EngineeringThe goal of this paper is to provide a deep analysis of DearCry ransomware and demonstrate some techniques of malware... KNOWLEDGE CENTER Case Study Exchange server exploitation Microsoft Exchange ProxyLogon Vulnerability Remote Code Execution Microsoft Exchange – ProxyLogon Vulnerability Analysis March 18, 2021 The goal of this case study is to summarize technical details of the ProxyLogon vulnerability alongside with other vulnerabilities that... Case Study Detecting Malware Capabilities With capa egregor egregor ransomware Malware Analysis Unpacking of Egregor Ransomware – Malware Analysis January 21, 2021 Executive Summary In this case study, we describe malware analysis and unpacking of a newly emerged ransomware Egregor. It is... Logchecker Tool Technical Tools Threat Intelligence Solution What is Logchecker Logchecker – New Tool for Threat Intelligence Developed by LIFARS January 12, 2021 Introducing The Logchecker Tool Logchecker is a new Windows and Linux tool for scanning log files, developed by LIFARS. It... Handling Cybersecurity Incidents according to NIST SP-61 Incident Response Process Whitepaper Incident Response Process November 3, 2020 Handling Cybersecurity Incidents according to NIST SP-61 According to ISO/IEC 27035:2011 on Information security incident management, an information security incident... Cybersecurity exercises International Standard ISO 22398 Whitepaper Cybersecurity Exercises Whitepaper November 3, 2020 Conducting Cybersecurity Exercises According to International Standard ISO 22398 Exercises and simulation activities have been around for decades, if not... For Developers and Office Workers Guide to Hardening Windows 10 Technical Guide Guide to Hardening Windows 10 November 3, 2020 Introduction Windows 10 is the most widely used desktop operating system in enterprise environment. It features extensive security policies, allowing... Case Study phishing ryuk ryuk ransomware Ryuk Ransomware In The Healthcare Sector zbot The Assassin Squad: Zbot and RYUK October 29, 2020 Overview During recent months, there have been large outbreaks of the Ryuk ransomware. Armed with upgrades and modifications in comparison... Case Study exploitation of vulnerable network devices REvil Sodinokibi Ransomware REvil/Sodinokibi Ransomware group REvil Sodinokibi Ransomware September 23, 2020 Overview During a recent client engagement, the LIFARS DFIR team encountered the REvil/Sodinokibi Ransomware group. The typical attack vector chosen... System Resource Usage Monitor (SRUM) Technical Guide Windows Time Machine SRUM – Another Windows Time Machine September 9, 2020 Overview In standard forensics investigations, sooner or later arises the need to find and extract evidence of program execution on... Case Study Effectiveness of our client’s security implementations red team engagements red teaming Red Teaming Case Study August 6, 2020 To ensure the effectiveness of our client’s security implementations LIFARS frequently conducts red team engagements and penetration tests evaluating whether... capability to reboot affected devices into Safe Mode Case Study Malware Analysis Case Study Snatch Ransomware Snatch Ransomware – Malware Analysis Case Study July 29, 2020 Overview. During last month LIFARS DFIR Team encountered various variants of Snatch Ransomware. This ransomware is known for its capability... Investigating Process Objects and Network Activity Technical Guide Windows Memory Forensics Windows Memory Forensics Technical Guide Part 3 July 15, 2020 Investigating Process Objects and Network Activity. Generally speaking, an object is a data structure that represents a system resource, such... Case Study Clipper AutoIt v2 LIFARS DFIR Team discovered QUILCLIPPER AutoIt Malware Qulab Stealer and Clipper malware Clipper AutoIt v2 – QUILCLIPPER AutoIt Malware July 1, 2020 Overview. During a recent engagement, the LIFARS DFIR Team discovered a sample of rare malware, which uses not very common techniques. It turns out that... Introduction to Structured Analysis with Volatility Technical Guide Windows Memory Forensics Windows Memory Forensics Part 2 Windows Memory Forensics Technical Guide Part 2 June 8, 2020 Introduction to Structured Analysis with Volatility. Investigative Process Steps. Windows Processes. Structured Analysis and Investigative Process After a short introduction... Introduction to Memory Forensics Unstructured Analysis Memory Acquisition Technical Guide Windows Memory Forensics Windows Memory Forensics Technical Guide Part 1 June 5, 2020 Introduction to Memory Forensics Unstructured Analysis. Overview Memory forensics has been a crucial part of an investigation process for some...
DearCry Ransomware Malware Analysis and Reverse EngineeringThe goal of this paper is to provide a deep analysis of DearCry ransomware and demonstrate some techniques of malware...
KNOWLEDGE CENTER Case Study Exchange server exploitation Microsoft Exchange ProxyLogon Vulnerability Remote Code Execution Microsoft Exchange – ProxyLogon Vulnerability Analysis March 18, 2021 The goal of this case study is to summarize technical details of the ProxyLogon vulnerability alongside with other vulnerabilities that... Case Study Detecting Malware Capabilities With capa egregor egregor ransomware Malware Analysis Unpacking of Egregor Ransomware – Malware Analysis January 21, 2021 Executive Summary In this case study, we describe malware analysis and unpacking of a newly emerged ransomware Egregor. It is... Logchecker Tool Technical Tools Threat Intelligence Solution What is Logchecker Logchecker – New Tool for Threat Intelligence Developed by LIFARS January 12, 2021 Introducing The Logchecker Tool Logchecker is a new Windows and Linux tool for scanning log files, developed by LIFARS. It... Handling Cybersecurity Incidents according to NIST SP-61 Incident Response Process Whitepaper Incident Response Process November 3, 2020 Handling Cybersecurity Incidents according to NIST SP-61 According to ISO/IEC 27035:2011 on Information security incident management, an information security incident... Cybersecurity exercises International Standard ISO 22398 Whitepaper Cybersecurity Exercises Whitepaper November 3, 2020 Conducting Cybersecurity Exercises According to International Standard ISO 22398 Exercises and simulation activities have been around for decades, if not... For Developers and Office Workers Guide to Hardening Windows 10 Technical Guide Guide to Hardening Windows 10 November 3, 2020 Introduction Windows 10 is the most widely used desktop operating system in enterprise environment. It features extensive security policies, allowing... Case Study phishing ryuk ryuk ransomware Ryuk Ransomware In The Healthcare Sector zbot The Assassin Squad: Zbot and RYUK October 29, 2020 Overview During recent months, there have been large outbreaks of the Ryuk ransomware. Armed with upgrades and modifications in comparison... Case Study exploitation of vulnerable network devices REvil Sodinokibi Ransomware REvil/Sodinokibi Ransomware group REvil Sodinokibi Ransomware September 23, 2020 Overview During a recent client engagement, the LIFARS DFIR team encountered the REvil/Sodinokibi Ransomware group. The typical attack vector chosen... System Resource Usage Monitor (SRUM) Technical Guide Windows Time Machine SRUM – Another Windows Time Machine September 9, 2020 Overview In standard forensics investigations, sooner or later arises the need to find and extract evidence of program execution on... Case Study Effectiveness of our client’s security implementations red team engagements red teaming Red Teaming Case Study August 6, 2020 To ensure the effectiveness of our client’s security implementations LIFARS frequently conducts red team engagements and penetration tests evaluating whether... capability to reboot affected devices into Safe Mode Case Study Malware Analysis Case Study Snatch Ransomware Snatch Ransomware – Malware Analysis Case Study July 29, 2020 Overview. During last month LIFARS DFIR Team encountered various variants of Snatch Ransomware. This ransomware is known for its capability... Investigating Process Objects and Network Activity Technical Guide Windows Memory Forensics Windows Memory Forensics Technical Guide Part 3 July 15, 2020 Investigating Process Objects and Network Activity. Generally speaking, an object is a data structure that represents a system resource, such... Case Study Clipper AutoIt v2 LIFARS DFIR Team discovered QUILCLIPPER AutoIt Malware Qulab Stealer and Clipper malware Clipper AutoIt v2 – QUILCLIPPER AutoIt Malware July 1, 2020 Overview. During a recent engagement, the LIFARS DFIR Team discovered a sample of rare malware, which uses not very common techniques. It turns out that... Introduction to Structured Analysis with Volatility Technical Guide Windows Memory Forensics Windows Memory Forensics Part 2 Windows Memory Forensics Technical Guide Part 2 June 8, 2020 Introduction to Structured Analysis with Volatility. Investigative Process Steps. Windows Processes. Structured Analysis and Investigative Process After a short introduction... Introduction to Memory Forensics Unstructured Analysis Memory Acquisition Technical Guide Windows Memory Forensics Windows Memory Forensics Technical Guide Part 1 June 5, 2020 Introduction to Memory Forensics Unstructured Analysis. Overview Memory forensics has been a crucial part of an investigation process for some...
Case Study Exchange server exploitation Microsoft Exchange ProxyLogon Vulnerability Remote Code Execution Microsoft Exchange – ProxyLogon Vulnerability Analysis March 18, 2021 The goal of this case study is to summarize technical details of the ProxyLogon vulnerability alongside with other vulnerabilities that...
Case Study Detecting Malware Capabilities With capa egregor egregor ransomware Malware Analysis Unpacking of Egregor Ransomware – Malware Analysis January 21, 2021 Executive Summary In this case study, we describe malware analysis and unpacking of a newly emerged ransomware Egregor. It is...
Logchecker Tool Technical Tools Threat Intelligence Solution What is Logchecker Logchecker – New Tool for Threat Intelligence Developed by LIFARS January 12, 2021 Introducing The Logchecker Tool Logchecker is a new Windows and Linux tool for scanning log files, developed by LIFARS. It...
Handling Cybersecurity Incidents according to NIST SP-61 Incident Response Process Whitepaper Incident Response Process November 3, 2020 Handling Cybersecurity Incidents according to NIST SP-61 According to ISO/IEC 27035:2011 on Information security incident management, an information security incident...
Cybersecurity exercises International Standard ISO 22398 Whitepaper Cybersecurity Exercises Whitepaper November 3, 2020 Conducting Cybersecurity Exercises According to International Standard ISO 22398 Exercises and simulation activities have been around for decades, if not...
For Developers and Office Workers Guide to Hardening Windows 10 Technical Guide Guide to Hardening Windows 10 November 3, 2020 Introduction Windows 10 is the most widely used desktop operating system in enterprise environment. It features extensive security policies, allowing...
Case Study phishing ryuk ryuk ransomware Ryuk Ransomware In The Healthcare Sector zbot The Assassin Squad: Zbot and RYUK October 29, 2020 Overview During recent months, there have been large outbreaks of the Ryuk ransomware. Armed with upgrades and modifications in comparison...
Case Study exploitation of vulnerable network devices REvil Sodinokibi Ransomware REvil/Sodinokibi Ransomware group REvil Sodinokibi Ransomware September 23, 2020 Overview During a recent client engagement, the LIFARS DFIR team encountered the REvil/Sodinokibi Ransomware group. The typical attack vector chosen...
System Resource Usage Monitor (SRUM) Technical Guide Windows Time Machine SRUM – Another Windows Time Machine September 9, 2020 Overview In standard forensics investigations, sooner or later arises the need to find and extract evidence of program execution on...
Case Study Effectiveness of our client’s security implementations red team engagements red teaming Red Teaming Case Study August 6, 2020 To ensure the effectiveness of our client’s security implementations LIFARS frequently conducts red team engagements and penetration tests evaluating whether...
capability to reboot affected devices into Safe Mode Case Study Malware Analysis Case Study Snatch Ransomware Snatch Ransomware – Malware Analysis Case Study July 29, 2020 Overview. During last month LIFARS DFIR Team encountered various variants of Snatch Ransomware. This ransomware is known for its capability...
Investigating Process Objects and Network Activity Technical Guide Windows Memory Forensics Windows Memory Forensics Technical Guide Part 3 July 15, 2020 Investigating Process Objects and Network Activity. Generally speaking, an object is a data structure that represents a system resource, such...
Case Study Clipper AutoIt v2 LIFARS DFIR Team discovered QUILCLIPPER AutoIt Malware Qulab Stealer and Clipper malware Clipper AutoIt v2 – QUILCLIPPER AutoIt Malware July 1, 2020 Overview. During a recent engagement, the LIFARS DFIR Team discovered a sample of rare malware, which uses not very common techniques. It turns out that...
Introduction to Structured Analysis with Volatility Technical Guide Windows Memory Forensics Windows Memory Forensics Part 2 Windows Memory Forensics Technical Guide Part 2 June 8, 2020 Introduction to Structured Analysis with Volatility. Investigative Process Steps. Windows Processes. Structured Analysis and Investigative Process After a short introduction...
Introduction to Memory Forensics Unstructured Analysis Memory Acquisition Technical Guide Windows Memory Forensics Windows Memory Forensics Technical Guide Part 1 June 5, 2020 Introduction to Memory Forensics Unstructured Analysis. Overview Memory forensics has been a crucial part of an investigation process for some...