Home » Posts tagged dital_forensic

Kubernetes Forensics: Secret Rotation from Ruin to Recovery

- Posted in Incident Response by
Kubernetes Forensics: Secret Rotation from Ruin to Recovery
Background: In this section, we will discuss specific actions during evidence collection, log analysis, and recovery for situations where it is necessary to determine if unencrypted secrets or [...] Read more

Forensics of Operating System Non-Agentic AI Activity Traces

- Posted in Incident Response by
Forensics of Operating System Non-Agentic AI Activity Traces
Background: As we have finished our research on agentic AI solutions, let's deep dive into one of the common non-agentic AI features implemented in the latest Windows OS. The name of this feature is [...] Read more

Forensics of Operating System Agentic AI Activity Traces [Part 2]

- Posted in Hardenings by
Forensics of Operating System Agentic AI Activity Traces [Part 2]
Background: During our previous article, we discovered the steps to reveal the root cause of the incident that involved the Claude AI agentic desktop. Over this article we shall discuss google gemini [...] Read more

Forensics of Operating System Agentic AI Activity Traces [Part 1]

- Posted in Incident Response by
Forensics of Operating System Agentic AI Activity Traces [Part 1]
Background: During incident response, log analysis stages may involve built-in or installed operating system AI helpers such as Claude, OpenAI, and others. Previously, we discussed traces related to [...] Read more

Static Code Analysis for Incident Root Cause and Evidence Recovery

- Posted in Incident Response by
Static Code Analysis for Incident Root Cause and Evidence Recovery
Background: Sometimes during incident response, specialists need to understand the root cause of the incident as quickly as possible. This understanding helps us mitigate the issue and restore [...] Read more

Safe IDE Extensions: Key Triggers and Chunks to Watch for in Plugin Code

- Posted in Threat Analyze by
Safe IDE Extensions: Key Triggers and Chunks to Watch for in Plugin Code
Background: Only looking into well-known attack patterns found in Chrome and other browser extensions is not enough. Since we work daily with IDEs, there is another potential attacker [...] Read more

Risky NPM Package (Agentic AI assistant)

- Posted in Incident Response by
Risky NPM Package (Agentic AI assistant)
Background Because the saga of AI and agentic clients continues, organizations can be put at risk since threat actors may target such solutions. This has prompted an effort to understand what is [...] Read more

Simple Methods to Spot Disabled Antivirus (Windows Defender) on Windows Systems

- Posted in Incident Response by
Simple Methods to Spot Disabled Antivirus (Windows Defender) on Windows Systems
Background: During incident response, it’s not always the case that advanced, highly sophisticated AV bypass techniques are used. Sometimes, attackers rely on simple, out-of-the-box methods to [...] Read more

Wild Exploits, Missing Logs: Docker Incident Response Without SIEM Visibility

- Posted in Incident Response by
Wild Exploits, Missing Logs: Docker Incident Response Without SIEM Visibility
Background: Sometimes, when dealing with incidents, there can be situations where logs are not available—especially in cases involving containers that were downloaded from Docker Hub. For example, [...] Read more

Crafting and Case Study of Cost-Effective Universal Hardware Toolkits for specific IR cases

- Posted in Incident Response by
Crafting and Case Study of Cost-Effective Universal Hardware Toolkits for specific IR cases
Background: In the incident response discipline, it is often necessary to carry hardware in our bags that can make daily tasks more manageable. In our previous articles, we discussed how to leverage [...] Read more
Page 1 of 2