Linux Forensics: Memory Capture and Analysis
In my previous posts I often covered many tools and techniques that allows memory acquisition from a Windows system. However, I written few articles about Linux memory acquisition and analysis, only one brief post regarding memory profiles generation on Linux, using LiME.
Continue…CobaltStrikeScan: identify CobaltStrike beacons in processes memory
Cobalt Strike was born as a penetration testing tool, useful for Red Teaming activities.
Continue…Digital Forensic Basics: an analysis methodology flow chart
Data extraction, data acquisition, data analysis? Let’s try to make it a little clearer!
Continue…How to extract sysdiagnose logs for forensic purposes on iOS
Sysdiagnose logs allow developers to extract information from iOS devices, and it is used for understanding bug occurrences.
However, this log is also useful for forensic purposes when a full device acquisition is not possible/available.
CloudBrute: a multi-platform Cloud Enumeration Tool
CloudBrute is a multiple platform tool that finds and enumerates a target company’s cloud infrastructure, files, open buckets, applications, and databases hosted on top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode), and possibly applications behind proxy servers.
Continue…New Mimikatz update adds exploit for ZeroLogon (CVE-2020-1472) vulnerability
Mimikatz’ developer Benjamin Delpy, has updated the latest version of the well-known tool to exploit the ZeroLogon vulnerability.
Continue…Red Commander: open source Red Team C2 Infrastructure
Red Commander is a red team C2 infrastructure built in Amazon AWS using Ansible.
Continue…Noctilucent brings back ‘domain fronting’ as ‘domain hiding’
At the DEF CON 2020, the security researcher Erik Hunstad has released a new tool that can help users to evade censorship and bypass firewalls to keep services up inside problematic areas of the globe.
Continue…Anomaly Six LLC: collecting and selling mobile phone location data using an SDK
The Wall Street Journal has published a post about a company called Anomaly Six LLC, that develop an SDK used by “more than 500 mobile applications“.