Cybersecurity threat portal

Background: Red team specialists often use specialized hardware during operations. However, don't worry—this hardware isn't exclusive to red teams. Incident responders also can use some of hardware [...] Read more

Background: One of the IR stages is the "collection" stage, which occurs between containment and analysis. We sometimes need to collect evidence from Kubernetes pods or Docker containers, which can [...] Read more

Background: During incident response, time constraints can make it difficult to fully understand the scope of an incident. This challenge becomes even greater when our existing toolset does not [...] Read more

Background: In our previous article, we discussed and compared various tools that facilitate the acquisition of volatile memory . In this article we are going to cover final part of our challenge to [...] Read more

Background: During the incident containment stage, there may be situations where it is necessary to acquire a volatile dump of RAM from hardware. Since we have already covered memory acquisition on [...] Read more

Background: In a previous article, we discussed the method for creating a USB flash drive to acquire forensic images. In this article, I'll explain how to leverage the previously created tool during [...] Read more

Background: Incident response is divided into two parts: hands-on activities and management activities. We have discussed hands-on activities extensively. However, if we want to present the activity [...] Read more

Background: Sometimes, during incidents involving ransomware-related threat actors, the investigation into the recovery process can reveal solutions closer than you might think. It’s important to [...] Read more

Background: When an incident occurs in your environment, you should be prepared to respond effectively from the perspectives of people, processes, and technologies. Proper preparation ensures a [...] Read more

Background: In incident response log collection, you might encounter situations where EDR/XDR solutions or log collectors are not present on a machine. Additionally, some syslogs might be missing. [...] Read more