Recently i had to perform some comparative tests on a couple of whitelisting solutions. One of the crucial step of the test was the proper functioning of memory monitoring feature, useful in case of process injection: infact, when a trusted process has been started, an attacker may use it as vector for inject a malicious…
The Netflix Security Intelligence and Response Team (SIRT) has released (under Apache 2.0 license) a triage tool to help digital forensics and incident response teams quickly identify compromised hosts on which to focus their response. The tool, written in python 3 and named “Diffy”, is strictly focused on security incidents on cloud architectures.
Recently i’ve published this post focused on hunting malware using volatility and Yara rules.
When you develop an application, often you could need to store some configurations. This data can contain a lot of sensitive informations, and this is a critical point if your sourcecode is hosted on a GitHub repository.