Home » Posts tagged forensic_os

Morse Code and the Failure of Text-Based Detection

- Posted in Leak by
Morse Code and the Failure of Text-Based Detection
Background: Sometimes, in alert detection engineering, we can rely on plain-text detection, and even IDS rules can fail during body analysis. Attackers may achieve this by using more exotic methods [...] Read more

Forensics of Operating System Non-Agentic AI Activity Traces

- Posted in Incident Response by
Forensics of Operating System Non-Agentic AI Activity Traces
Background: As we have finished our research on agentic AI solutions, let's deep dive into one of the common non-agentic AI features implemented in the latest Windows OS. The name of this feature is [...] Read more

Forensics of Operating System Agentic AI Activity Traces [Part 2]

- Posted in Hardenings by
Forensics of Operating System Agentic AI Activity Traces [Part 2]
Background: During our previous article, we discovered the steps to reveal the root cause of the incident that involved the Claude AI agentic desktop. Over this article we shall discuss google gemini [...] Read more

Forensics of Operating System Agentic AI Activity Traces [Part 1]

- Posted in Incident Response by
Forensics of Operating System Agentic AI Activity Traces [Part 1]
Background: During incident response, log analysis stages may involve built-in or installed operating system AI helpers such as Claude, OpenAI, and others. Previously, we discussed traces related to [...] Read more

Spotting Threats in Autonomous AI: Essential Skills for Agentic Systems

- Posted in Incident Response by
Spotting Threats in Autonomous AI: Essential Skills for Agentic Systems
Background: The OpenClaw agentic solution has an interaction feature related to feeding independent developer skills from the specific marketplace. The feature name is 'skills,' which is misleadingly [...] Read more

Risky NPM Package (Agentic AI assistant)

- Posted in Incident Response by
Risky NPM Package (Agentic AI assistant)
Background Because the saga of AI and agentic clients continues, organizations can be put at risk since threat actors may target such solutions. This has prompted an effort to understand what is [...] Read more

Friendly Faces, Malicious Moves: Inside Legitimate IDE Threats in Technical Interviews

- Posted in Hardenings by
Friendly Faces, Malicious Moves: Inside Legitimate IDE Threats in Technical Interviews
Background: While reading an article about how threat actors abuse legitimate VS Code functionality to run malicious code on a target machine when a project is opened by the victim, I concluded that [...] Read more

Simple Methods to Spot Disabled Antivirus (Windows Defender) on Windows Systems

- Posted in Incident Response by
Simple Methods to Spot Disabled Antivirus (Windows Defender) on Windows Systems
Background: During incident response, it’s not always the case that advanced, highly sophisticated AV bypass techniques are used. Sometimes, attackers rely on simple, out-of-the-box methods to [...] Read more

Wild Exploits, Missing Logs: Docker Incident Response Without SIEM Visibility

- Posted in Incident Response by
Wild Exploits, Missing Logs: Docker Incident Response Without SIEM Visibility
Background: Sometimes, when dealing with incidents, there can be situations where logs are not available—especially in cases involving containers that were downloaded from Docker Hub. For example, [...] Read more

Linux Suspicious ELF File Static Analysis Techniques and Approaches

- Posted in Threat Analyze by
Linux Suspicious ELF File Static Analysis Techniques and Approaches
Background: Sometimes during daily cases we see suspicious detections on Linux machines which have hashes that do not exist on popular platforms and we do not have licenses for sandboxes. To resolve [...] Read more
Page 1 of 3