Home » Archive for 2025

Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART1]

- Posted in Incident Response by
Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART1]
Background: During the incident containment stage, there may be situations where it is necessary to acquire a volatile dump of RAM from hardware. Since we have already covered memory acquisition on [...] Read more

Essential Data Acquisition and Digital Forensics for Incident Responders

- Posted in Incident Response by
Essential Data Acquisition and Digital Forensics for Incident Responders
Background: In a previous article, we discussed the method for creating a USB flash drive to acquire forensic images. In this article, I'll explain how to leverage the previously created tool during [...] Read more

Communicating Incident Response: A Reporting Framework for the C-Suite

- Posted in Incident Response by
Communicating Incident Response: A Reporting Framework for the C-Suite
Background: Incident response is divided into two parts: hands-on activities and management activities. We have discussed hands-on activities extensively. However, if we want to present the activity [...] Read more

Infinity War: Threat in the Docker Images

- Posted in Other by
Infinity War: Threat in the Docker Images
Background: In one of our previous articles, we discussed analyzing Docker images for vulnerabilities at the operating system level. In this article, we will explore another attack pattern related to [...] Read more

Knock, knock: Why the recent announcement about mobile spyware leak was fake

- Posted in Threat Analyze by
Knock, knock: Why the recent announcement about mobile spyware leak was fake
Background: Recently, a Telegram account announced the publication of source codes related to a mobile spyware. Before drawing any final conclusions, it is important to understand that this [...] Read more

Custom Approaches to Vulnerability Detection in Docker Containers

- Posted in Hardenings by
Custom Approaches to Vulnerability Detection in Docker Containers
Background: Today, the industry already provides the capability to use dedicated scanners for Docker images and containers. However, what if you do not have the budget to acquire such tools? In this [...] Read more

Trusted Insider, Unseen Adversary

- Posted in Other by
Trusted Insider, Unseen Adversary
Background: One of the best examples to understand insider threats or similar risks is to look at the case of DPRK (North Korean) IT workers. This is becoming one of the most widespread risks related [...] Read more

Not the First, Not the Last: Understanding the 16 Billion Infostealer Leak

- Posted in Threat Analyze by
Not the First, Not the Last: Understanding the 16 Billion Infostealer Leak
Background: Recently, the media reported on a leak of 16 billion cleartext passwords that were found on an underground platform. As a result, the team behind the discovery noticed that the names of [...] Read more

The Invisible Threat: How to Detect Physical Keystroke Injection Implants

- Posted in Threat Analyze by
The Invisible Threat: How to Detect Physical Keystroke Injection Implants
Background: In today's cybersecurity landscape, there are many attack types. One of them is hardware-based, which can be leveraged by threat actors to connect special keystroke injection devices into [...] Read more

No Way to Escape: Linux Malware Sandbox Detection Development Fundamental Component from Scratch

- Posted in Threat Analyze by
No Way to Escape: Linux Malware Sandbox Detection Development Fundamental Component from Scratch
Background: Linux malware is a rare example that can be encountered within an environment during its functional process. This presents a real challenge for beginners attempting malware analysis [...] Read more
Page 3 of 6