Injecting code into other process memory is not only limited to shellcodes or DLLs. PE Injection technique enables to inject and run a complete executable module inside another process memory.
The Netflix Security Intelligence and Response Team (SIRT) has released (under Apache 2.0 license) a triage tool to help digital forensics and incident response teams quickly identify compromised hosts on which to focus their response. The tool, written in python 3 and named “Diffy”, is strictly focused on security incidents on cloud architectures.
Recently i’ve published this post focused on hunting malware using volatility and Yara rules.
The ability to quickly and reliably detect lateral movement in the network is one of the most important skills in information security today: the lateral movement attack phase represents the biggest difference between a targeted and strategic attacks and a simplistic hit-and-run attack. What is lateral movement? Lateral movement refers to the various techniques attackers use […]
Previously i’ve talked a lot about Volatility, and i’ve published also some articles about YARA. Today i’d like share a brief and simple workflow, useful for a first high-level analysis of memory dumps in order to search the presence of a generic malware.