Code injection on Windows using Python: a simple example

Recently i had to perform some comparative tests on a couple of whitelisting solutions.

One of the crucial step of the test was the proper functioning of memory monitoring feature, useful in case of process injection: infact, when a trusted process has been started, an attacker may use it as vector for inject a malicious code.

In order to perform this check, i’ve decided to wrote a little PoC for 32bit systems dedicated to this test.

Continue…

Diffy: an interesting DFIR tool released from Netflix’s SIRT

The Netflix Security Intelligence and Response Team (SIRT) has released (under Apache 2.0 license) a triage tool to help digital forensics and incident response teams quickly identify compromised hosts on which to focus their response.

The tool, written in python 3 and named “Diffy”, is strictly focused on security incidents on cloud architectures.

Continue…