Diffy: an interesting DFIR tool released from Netflix’s SIRT

The Netflix Security Intelligence and Response Team (SIRT) has released (under Apache 2.0 license) a triage tool to help digital forensics and incident response teams quickly identify compromised hosts on which to focus their response. The tool, written in python 3 and named “Diffy”, is strictly focused on security incidents on cloud architectures.

Some thoughts about Lateral Movement techniques

The ability to quickly and reliably detect lateral movement in the network is one of the most important skills in information security today: the lateral movement attack phase represents the biggest difference between a targeted and strategic attacks and a simplistic hit-and-run attack. What is lateral movement? Lateral movement refers to the various techniques attackers use…