Hello everyone! This is my write-up for the Defcon DFIR CTF which was opened to the public last August 14, 2018 as announced by David Cowen on Twitter. This is probably my first time joining a CTF that is purely DFIR related and I must say that I really enjoyed doing an investigation style CTF
This is my write-up for a small forensics challenge hosted on root-me.org known as Command & Control. The goal of this challenge is to teach individuals the basics of performing forensics on a memory dump. The whole challenge is broken down into 5 levels and I will be using Volatility to answer each one. If
In this post, I’ll show you some of the ways on how incident response teams can leverage the Windows Management Instrumentation Command-line (WMIC) during live response.
I’m sure you’ve already heard about the recent WannaCry outbreak. Very nasty stuff indeed. Just to give you a brief background. WannaCry is a ransomware that is capable of spreading like a worm by utilizing the recently leaked EternalBlue exploit (MS17-010) to infect systems globally.
Today I decided to study about network forensics and I came across this post on the SANS website. This forensics puzzle was written by Lenny Zeltser, one of the most prominent infosec guys around (Check out his blog here). The specifics of puzzle can be found here.
