Cybersecurity threat portal

The Linux kernel implements several protection mechanisms, including: Lockdown mode (Kernel, kernel security feature) SLUB/SLAB hardening (Kernel, kernel security feature) Kernel Address Space Layout [...] Read more

Background: Some XDR and EDR solutions are not effective when dealing with threats hidden inside WSL. In certain cases, it can also be challenging for digital forensic specialists to detect threats [...] Read more

Background: In the previous article, we discussed how files are stored inside drives and highlighted the essential metrics to consider after acquiring the storage footprint. Now, we will dive deeper [...] Read more

Background: During a cybersecurity incident in the cloud, one of the mandatory steps is to take a snapshot of the machine that contains the threat, isolate it, and preserve the snapshot or filesystem [...] Read more

Background: In my previous article, I covered, at a high level, all the necessary actions required to prepare for volatile memory dumping in the case of a cybersecurity incident. This process is [...] Read more

Background: In a previous article, I discussed the high-level preparations needed to acquire an image of a machine requiring forensic analysis. However, have you considered the caveats related to [...] Read more

Background: In contrast to classic logging systems that preserve on-premises data, cloud systems require some familiarity with the components provided by cloud vendors. To prepare for cloud [...] Read more

Background: In our previous article, we discussed the preparation needed for the "log collection" stage of incident response, which is essential for the "analysis" stage. We covered how to prepare [...] Read more

Background: During incident response, one often encounters situations requiring the acquisition of logs for forensic analysis to assess the impact of an incident. There are three primary methods for [...] Read more