How to trace the user: Windows 10 Timeline
Introduction Windows 10 Timeline is a relatively new forensic artefact, which was introduced in Windows 10 version 1803.
Latest Posts
Research and Vulnerabilities
Since Microsoft published a new RCE vulnerability in Microsoft Windows Media Foundation discovered by us, we would also like to share full list of vulnerabilities we have discovered.
A WebSocket Based Reverse Shell, Part 1 - Agent
Standard remote shells like SSH require that the target machine needs to be visible over the network.
Malware Analysis Tools, Part 2
In the second part of our overview we continue with the selection of the most used and most usable malware analysis tools.
Malware Analysis Tools, Part 1
In this overview we introduce the selection of the most used and most usable malware analysis tools.
APT Cobalt Strike Campaign targeting Slovakia (DEF CON talk)
In March 2021 our researchers discovered APT campaign targeting Slovakia. We found that this campaign has been active at least since February 2021 and some C&C servers were still active in June 2021.
Supply chain attacks – Attacks on trust
The overall state of IT security can be described as never-ending wild arms race between attackers and defenders, vying for control over the single most valuable thing organizations possess – data.
Threat hunting with Osquery, Part 3 – Interaction with user accounts
Part 3 – Interaction with user accounts Frequent attacker strategical goal is to gain access to sensitive organization data and partial tactical goal to gain control over key infrastructure components.
From the Dark Web data to domain controller access
From the Dark Web data to domain controller access In previous articles, we have discussed what the dark web is and what data we can find there.