The Assassin Squad: Zbot and RYUKOverview During recent months, there have been large outbreaks of the Ryuk ransomware. Armed with upgrades and modifications in comparison... KNOWLEDGE CENTER Case Study exploitation of vulnerable network devices REvil Sodinokibi Ransomware REvil/Sodinokibi Ransomware group REvil Sodinokibi Ransomware September 23, 2020 Overview During a recent client engagement, the LIFARS DFIR team encountered the REvil/Sodinokibi Ransomware group. The typical attack vector chosen... System Resource Usage Monitor (SRUM) Technical Guide Windows Time Machine SRUM – Another Windows Time Machine September 9, 2020 Overview In standard forensics investigations, sooner or later arises the need to find and extract evidence of program execution on... Case Study Effectiveness of our client’s security implementations red team engagements red teaming Red Teaming Case Study August 6, 2020 To ensure the effectiveness of our client’s security implementations LIFARS frequently conducts red team engagements and penetration tests evaluating whether... capability to reboot affected devices into Safe Mode Case Study Malware Analysis Case Study Snatch Ransomware Snatch Ransomware – Malware Analysis Case Study July 29, 2020 Overview. During last month LIFARS DFIR Team encountered various variants of Snatch Ransomware. This ransomware is known for its capability... Investigating Process Objects and Network Activity Technical Guide Windows Memory Forensics Windows Memory Forensics Technical Guide Part 3 July 15, 2020 Investigating Process Objects and Network Activity. Generally speaking, an object is a data structure that represents a system resource, such... Case Study Clipper AutoIt v2 LIFARS DFIR Team discovered QUILCLIPPER AutoIt Malware Qulab Stealer and Clipper malware Clipper AutoIt v2 – QUILCLIPPER AutoIt Malware July 1, 2020 Overview. During a recent engagement, the LIFARS DFIR Team discovered a sample of rare malware, which uses not very common techniques. It turns out that... Introduction to Structured Analysis with Volatility Technical Guide Windows Memory Forensics Windows Memory Forensics Part 2 Windows Memory Forensics Technical Guide Part 2 June 8, 2020 Introduction to Structured Analysis with Volatility. Investigative Process Steps. Windows Processes. Structured Analysis and Investigative Process After a short introduction... Introduction to Memory Forensics Unstructured Analysis Memory Acquisition Technical Guide Windows Memory Forensics Windows Memory Forensics Technical Guide Part 1 June 5, 2020 Introduction to Memory Forensics Unstructured Analysis. Overview Memory forensics has been a crucial part of an investigation process for some... Case Study Cryptocurrency Miners Threat Actors Use Targeted Attack XMRig-based CoinMiners by Blue Mockingbird group Cryptocurrency Miners – XMRig Based CoinMiner by Blue Mockingbird Group June 1, 2020 Since the end of March LIFARS DFIR team has observed an increase in the number of incidents related to Monero... Mining parameters from dark corners of Web Archives ParamSpider Technical Guide ParamSpider – Mining parameters from dark corners of Web Archives May 29, 2020 Have you ever wondered how to scrape all the parameters from domain and subdomains from the past without manually crawling... 923 words on Windows Ntuser.dat Computer Forensics digital forensic investigation LIFARS Tech Diary Technical Guide What is the NTUSER.DAT File in Windows 923 words on Windows NTUSER.dat May 20, 2020 With a little bit digging you can discover treasure trove of information, which can be utilized in your digital forensic... Case Study LIFARS Pen Testing Team VPN Security VPN Solution Security Case Study VPN Solution Security Testing VPN Solution Security Testing April 30, 2020 In April, our client requested LIFARS Pen Testing Team to perform an authenticated black-box penetration test of the VPN solution... Case Study LIFARS Pen Testing Team LIFARS Tech Diary Session hijacking attack What is Session Hijacking? Session Hijacking – Case Study April 28, 2020 LIFARS frequently conducts penetration tests to ensure the effectiveness of our client’s security implementations and to evaluate whether their systems... Advanced Persistent Threat APT41 APT41 – A spy who steals or a thief who spies Case Study Cyber indictments cases LIFARS Tech Diary nation-state actor becomes a cybercriminal Spy Who Encrypted Me APT41 – A spy who steals or a thief who spies April 21, 2020 APT41 – The Spy Who Encrypted Me. This case study is based on our most recent investigation into one of... Forensic Analysis of Windows Shellbags Investigative Value of Windows ShellBags LIFARS Tech Diary Whitepaper Windows ShellBags Forensics Windows ShellBags Forensics, Investigative Value of Windows ShellBags April 2, 2020 Windows ShellBags are one of the well-known and valuable sources of information regarding computer system’s user behavior. Although their primary...
The Assassin Squad: Zbot and RYUKOverview During recent months, there have been large outbreaks of the Ryuk ransomware. Armed with upgrades and modifications in comparison...
KNOWLEDGE CENTER Case Study exploitation of vulnerable network devices REvil Sodinokibi Ransomware REvil/Sodinokibi Ransomware group REvil Sodinokibi Ransomware September 23, 2020 Overview During a recent client engagement, the LIFARS DFIR team encountered the REvil/Sodinokibi Ransomware group. The typical attack vector chosen... System Resource Usage Monitor (SRUM) Technical Guide Windows Time Machine SRUM – Another Windows Time Machine September 9, 2020 Overview In standard forensics investigations, sooner or later arises the need to find and extract evidence of program execution on... Case Study Effectiveness of our client’s security implementations red team engagements red teaming Red Teaming Case Study August 6, 2020 To ensure the effectiveness of our client’s security implementations LIFARS frequently conducts red team engagements and penetration tests evaluating whether... capability to reboot affected devices into Safe Mode Case Study Malware Analysis Case Study Snatch Ransomware Snatch Ransomware – Malware Analysis Case Study July 29, 2020 Overview. During last month LIFARS DFIR Team encountered various variants of Snatch Ransomware. This ransomware is known for its capability... Investigating Process Objects and Network Activity Technical Guide Windows Memory Forensics Windows Memory Forensics Technical Guide Part 3 July 15, 2020 Investigating Process Objects and Network Activity. Generally speaking, an object is a data structure that represents a system resource, such... Case Study Clipper AutoIt v2 LIFARS DFIR Team discovered QUILCLIPPER AutoIt Malware Qulab Stealer and Clipper malware Clipper AutoIt v2 – QUILCLIPPER AutoIt Malware July 1, 2020 Overview. During a recent engagement, the LIFARS DFIR Team discovered a sample of rare malware, which uses not very common techniques. It turns out that... Introduction to Structured Analysis with Volatility Technical Guide Windows Memory Forensics Windows Memory Forensics Part 2 Windows Memory Forensics Technical Guide Part 2 June 8, 2020 Introduction to Structured Analysis with Volatility. Investigative Process Steps. Windows Processes. Structured Analysis and Investigative Process After a short introduction... Introduction to Memory Forensics Unstructured Analysis Memory Acquisition Technical Guide Windows Memory Forensics Windows Memory Forensics Technical Guide Part 1 June 5, 2020 Introduction to Memory Forensics Unstructured Analysis. Overview Memory forensics has been a crucial part of an investigation process for some... Case Study Cryptocurrency Miners Threat Actors Use Targeted Attack XMRig-based CoinMiners by Blue Mockingbird group Cryptocurrency Miners – XMRig Based CoinMiner by Blue Mockingbird Group June 1, 2020 Since the end of March LIFARS DFIR team has observed an increase in the number of incidents related to Monero... Mining parameters from dark corners of Web Archives ParamSpider Technical Guide ParamSpider – Mining parameters from dark corners of Web Archives May 29, 2020 Have you ever wondered how to scrape all the parameters from domain and subdomains from the past without manually crawling... 923 words on Windows Ntuser.dat Computer Forensics digital forensic investigation LIFARS Tech Diary Technical Guide What is the NTUSER.DAT File in Windows 923 words on Windows NTUSER.dat May 20, 2020 With a little bit digging you can discover treasure trove of information, which can be utilized in your digital forensic... Case Study LIFARS Pen Testing Team VPN Security VPN Solution Security Case Study VPN Solution Security Testing VPN Solution Security Testing April 30, 2020 In April, our client requested LIFARS Pen Testing Team to perform an authenticated black-box penetration test of the VPN solution... Case Study LIFARS Pen Testing Team LIFARS Tech Diary Session hijacking attack What is Session Hijacking? Session Hijacking – Case Study April 28, 2020 LIFARS frequently conducts penetration tests to ensure the effectiveness of our client’s security implementations and to evaluate whether their systems... Advanced Persistent Threat APT41 APT41 – A spy who steals or a thief who spies Case Study Cyber indictments cases LIFARS Tech Diary nation-state actor becomes a cybercriminal Spy Who Encrypted Me APT41 – A spy who steals or a thief who spies April 21, 2020 APT41 – The Spy Who Encrypted Me. This case study is based on our most recent investigation into one of... Forensic Analysis of Windows Shellbags Investigative Value of Windows ShellBags LIFARS Tech Diary Whitepaper Windows ShellBags Forensics Windows ShellBags Forensics, Investigative Value of Windows ShellBags April 2, 2020 Windows ShellBags are one of the well-known and valuable sources of information regarding computer system’s user behavior. Although their primary...
Case Study exploitation of vulnerable network devices REvil Sodinokibi Ransomware REvil/Sodinokibi Ransomware group REvil Sodinokibi Ransomware September 23, 2020 Overview During a recent client engagement, the LIFARS DFIR team encountered the REvil/Sodinokibi Ransomware group. The typical attack vector chosen...
System Resource Usage Monitor (SRUM) Technical Guide Windows Time Machine SRUM – Another Windows Time Machine September 9, 2020 Overview In standard forensics investigations, sooner or later arises the need to find and extract evidence of program execution on...
Case Study Effectiveness of our client’s security implementations red team engagements red teaming Red Teaming Case Study August 6, 2020 To ensure the effectiveness of our client’s security implementations LIFARS frequently conducts red team engagements and penetration tests evaluating whether...
capability to reboot affected devices into Safe Mode Case Study Malware Analysis Case Study Snatch Ransomware Snatch Ransomware – Malware Analysis Case Study July 29, 2020 Overview. During last month LIFARS DFIR Team encountered various variants of Snatch Ransomware. This ransomware is known for its capability...
Investigating Process Objects and Network Activity Technical Guide Windows Memory Forensics Windows Memory Forensics Technical Guide Part 3 July 15, 2020 Investigating Process Objects and Network Activity. Generally speaking, an object is a data structure that represents a system resource, such...
Case Study Clipper AutoIt v2 LIFARS DFIR Team discovered QUILCLIPPER AutoIt Malware Qulab Stealer and Clipper malware Clipper AutoIt v2 – QUILCLIPPER AutoIt Malware July 1, 2020 Overview. During a recent engagement, the LIFARS DFIR Team discovered a sample of rare malware, which uses not very common techniques. It turns out that...
Introduction to Structured Analysis with Volatility Technical Guide Windows Memory Forensics Windows Memory Forensics Part 2 Windows Memory Forensics Technical Guide Part 2 June 8, 2020 Introduction to Structured Analysis with Volatility. Investigative Process Steps. Windows Processes. Structured Analysis and Investigative Process After a short introduction...
Introduction to Memory Forensics Unstructured Analysis Memory Acquisition Technical Guide Windows Memory Forensics Windows Memory Forensics Technical Guide Part 1 June 5, 2020 Introduction to Memory Forensics Unstructured Analysis. Overview Memory forensics has been a crucial part of an investigation process for some...
Case Study Cryptocurrency Miners Threat Actors Use Targeted Attack XMRig-based CoinMiners by Blue Mockingbird group Cryptocurrency Miners – XMRig Based CoinMiner by Blue Mockingbird Group June 1, 2020 Since the end of March LIFARS DFIR team has observed an increase in the number of incidents related to Monero...
Mining parameters from dark corners of Web Archives ParamSpider Technical Guide ParamSpider – Mining parameters from dark corners of Web Archives May 29, 2020 Have you ever wondered how to scrape all the parameters from domain and subdomains from the past without manually crawling...
923 words on Windows Ntuser.dat Computer Forensics digital forensic investigation LIFARS Tech Diary Technical Guide What is the NTUSER.DAT File in Windows 923 words on Windows NTUSER.dat May 20, 2020 With a little bit digging you can discover treasure trove of information, which can be utilized in your digital forensic...
Case Study LIFARS Pen Testing Team VPN Security VPN Solution Security Case Study VPN Solution Security Testing VPN Solution Security Testing April 30, 2020 In April, our client requested LIFARS Pen Testing Team to perform an authenticated black-box penetration test of the VPN solution...
Case Study LIFARS Pen Testing Team LIFARS Tech Diary Session hijacking attack What is Session Hijacking? Session Hijacking – Case Study April 28, 2020 LIFARS frequently conducts penetration tests to ensure the effectiveness of our client’s security implementations and to evaluate whether their systems...
Advanced Persistent Threat APT41 APT41 – A spy who steals or a thief who spies Case Study Cyber indictments cases LIFARS Tech Diary nation-state actor becomes a cybercriminal Spy Who Encrypted Me APT41 – A spy who steals or a thief who spies April 21, 2020 APT41 – The Spy Who Encrypted Me. This case study is based on our most recent investigation into one of...
Forensic Analysis of Windows Shellbags Investigative Value of Windows ShellBags LIFARS Tech Diary Whitepaper Windows ShellBags Forensics Windows ShellBags Forensics, Investigative Value of Windows ShellBags April 2, 2020 Windows ShellBags are one of the well-known and valuable sources of information regarding computer system’s user behavior. Although their primary...
