Inside the Attack: How Smishing Campaigns Are Evolving with Covert Data Theft Methods

- Posted in Threat Analyze by
Inside the Attack: How Smishing Campaigns Are Evolving with Covert Data Theft Methods
Background: Recently, there has been a noticeable increase in attacks carried out by fraudsters. These attackers use various delivery methods, ranging from social media platforms to SMS messages and [...] Read more

Decrypting Hope: Strategies for Recovery from Ransomware Encryption

- Posted in Incident Response by
Decrypting Hope: Strategies for Recovery from Ransomware Encryption
Background: Sometimes, during incidents involving ransomware-related threat actors, the investigation into the recovery process can reveal solutions closer than you might think. It’s important to [...] Read more

A Holistic Approach to Organizational Incident Response Design: Integrating People, Process, and Technology

- Posted in Incident Response by
A Holistic Approach to Organizational Incident Response Design: Integrating People, Process, and Technology
Background: When an incident occurs in your environment, you should be prepared to respond effectively from the perspectives of people, processes, and technologies. Proper preparation ensures a [...] Read more

Navigating Incident Response When Logs Are Missing

- Posted in Incident Response by
Navigating Incident Response When Logs Are Missing
Background: In incident response log collection, you might encounter situations where EDR/XDR solutions or log collectors are not present on a machine. Additionally, some syslogs might be missing. [...] Read more

Achieving Persistence for Harmful Code on Specific Devices

- Posted in Other by
Achieving Persistence for Harmful Code on Specific Devices
Background: Some modern devices hold significant importance to attackers in the current threat landscape, especially mobile devices. The techniques used vary depending on the operating system [...] Read more

Exfiltrating Data via Images and Why trained Models Aren’t Ready for Malware Core Integration

- Posted in Other by
Exfiltrating Data via Images and Why trained Models Aren’t Ready for Malware Core Integration
Background: Today’s cybersecurity landscape is full of different malware families, and one notable type is infostealers. Infostealers operate by executing a payload on the victim’s machine, [...] Read more

Mitigating Cloud Risks: Simple Steps to Prevent Incidents

- Posted in Hardenings by
Mitigating Cloud Risks: Simple Steps to Prevent Incidents
Background: Based on well-known practices and yearly reviews over the infosec industry channels, a significant part of incidents occurring in the cloud are primarily caused by misconfigurations of [...] Read more

Acquiring Memory in Digital Forensics: Vendor Tools vs. Custom Solutions

- Posted in Other by
Acquiring Memory in Digital Forensics: Vendor Tools vs. Custom Solutions
Background: Before analyzing volatility memory , there is a crucial preparatory stage: defining the tool scope for memory acquisition. In this phase, there are two primary approaches—either [...] Read more

Challenges of Digital Drives: File Recovery in Practice Without Expensive Tools [ Final Part ]

- Posted in Incident Response by
Challenges of Digital Drives: File Recovery in Practice Without Expensive Tools [ Final Part ]
Background: In the previous article, we discussed how files are stored inside drives and highlighted the essential metrics to consider after acquiring the storage footprint. Now, we will dive deeper [...] Read more

Challenges of Digital Drives: Footprint Integrity and Binary View During Incident Response Log Collection

- Posted in Incident Response by
Challenges of Digital Drives: Footprint Integrity and Binary View During Incident Response Log Collection
Background: In one of our previous articles, I've introduced the process of preparing a USB drive/tool for forensic analysis. Now, it is time to delve one level deeper and explore the key points that [...] Read more
Page 6 of 10